Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Failed to Boot, System Repair Can't Discover Problem


  • Please log in to reply
2 replies to this topic

#1 malonr

malonr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 07 June 2013 - 01:00 PM

My HP s3421p won't boot and system repair can't locate the problem.  I've tried to restore to all of the system restore points and none will work either.  Here's a copy and paste of the error:

 

Problem signature:
  Problem Event Name: StartupRepairOffline
  Problem Signature 01: 6.1.7600.16385
  Problem Signature 02: 6.1.7600.16385
  Problem Signature 03: unknown
  Problem Signature 04: 21201009
  Problem Signature 05: AutoFailover
  Problem Signature 06: 17
  Problem Signature 07: CorruptFile
  OS Version: 6.1.7600.2.0.0.256.1
  Locale ID: 1033

 

I also downloaded FRST and ran a scan after reading another thread.  Here's a log from that scan:

 

can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-06-2013
Ran by SYSTEM on 07-06-2013 13:43:58
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [x]
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [30248 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [311 2013-04-07] ()
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" [157312 2008-11-10] (Microsoft Corporation)
HKLM\...\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe [2042208 2011-10-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-12] (Sony Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun [884584 2012-03-08] (Microsoft Corporation)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1151152 2013-03-04] ()
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\RunOnce: [PCDrProfiler] "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r [106992 2009-06-26] (PC-Doctor, Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [X]
HKU\Cheyenne\...\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [x]
HKU\Cheyenne\...\Run: [Facebook Update] "C:\Users\Cheyenne\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKU\Cheyenne\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_Plugin.exe -update plugin [ 2012-10-02] (Adobe Systems Incorporated)
HKU\Cheyenne\...\Policies\system: [LogonHoursAction] 2
HKU\Cheyenne\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Guest\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Guest\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2010-11-20] (Microsoft Corporation)
HKU\Guest\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [ 2009-07-13] (Microsoft Corporation)
HKU\Guest\...\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG8\Notification\SPChecker.exe" /start [ 2011-05-15] ()
HKU\Hunter\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_Plugin.exe -update plugin [ 2012-10-02] (Adobe Systems Incorporated)
HKU\Hunter\...\Policies\system: [LogonHoursAction] 2
HKU\Hunter\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\LogMeInRemoteUser\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\LogMeInRemoteUser.Main-PC\...\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG8\Notification\SPChecker.exe" /start [ 2011-05-15] ()
HKU\Malon\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Malon\...\Run: [Google Update] "C:\Users\Malon\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2009-06-27] (Google Inc.)
HKU\Malon\...\Run: [QuickenBillminder] C:\Program Files\Quicken\Billmind.exe -startup [ 2013-02-21] (Intuit Inc.)
HKU\Malon\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [x]
HKU\Malon\...\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [ 2013-03-07] (Google)
HKU\Malon\...\Run: [EPSON5A3889 (WorkForce 630)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "C:\Windows\TEMP\E_SBBE3.tmp" /EF "HKCU" [ 2013-03-04] ()
HKU\Malon\...\Policies\system: [LogonHoursAction] 2
HKU\Malon\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Mcx1\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Mcx1\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2010-11-20] (Microsoft Corporation)
HKU\Mcx1\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [ 2009-07-13] (Microsoft Corporation)
HKU\Mcx1\...\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG8\Notification\SPChecker.exe" /start [ 2011-05-15] ()
HKU\Mcx2-MAIN-PC\...\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG8\Notification\SPChecker.exe" /start [ 2011-05-15] ()
HKU\Mcx2-MAIN-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-07-13] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\MozyHome Status.lnk
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\Users\Malon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
========================== Services (Whitelisted) =================
 
S2 avg8wd; C:\Program Files\AVG\AVG8\avgwdsvc.exe [297752 2009-08-16] (AVG Technologies CZ, s.r.o.)
S2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [48368 2009-09-03] (NOS Microsystems Ltd.)
S2 gupdate1c92fe11f6b94de; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2008-10-16] (Google Inc.)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2541248 2006-10-31] (Symantec Corporation)
S2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [72704 2009-04-06] (Mozy, Inc.)
S2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-03-04] ()
S3 ZuneWlanCfgSvc; c:\Windows\system32\ZuneWlanCfgSvc.exe [243840 2008-11-10] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 AFS; C:\Windows\System32\Drivers\AFS.sys [79052 2008-07-01] (Oak Technology Inc.)
S1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [335240 2009-08-16] (AVG Technologies CZ, s.r.o.)
S1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [27784 2009-08-16] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-03-04] (AVG Technologies)
S2 LMIInfo; C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-09-17] (LogMeIn, Inc.)
S2 LMIRfsDriver; C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2010-09-17] (LogMeIn, Inc.)
S1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [53752 2009-04-06] (Mozy, Inc.)
S4 LMIRfsClientNP; No ImagePath
S0 nvstor32; system32\DRIVERS\nvstor32.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
 
2013-06-07 13:43 - 2013-06-07 13:43 - 00000000 ____D C:\FRST
 
==================== One Month Modified Files and Folders ========
 
2013-06-07 13:43 - 2013-06-07 13:43 - 00000000 ____D C:\FRST
2013-06-07 13:19 - 2011-12-01 06:19 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-06-07 13:19 - 2011-10-02 07:21 - 00000000 ____D C:\users\Hunter
2013-06-07 13:19 - 2011-09-30 07:13 - 00000000 ____D C:\users\Cheyenne
2013-06-07 13:19 - 2011-01-15 19:27 - 00000000 ____D C:\users\LogMeInRemoteUser.Main-PC
2013-06-07 13:19 - 2010-07-09 15:12 - 00000000 ____D C:\users\Mcx2-MAIN-PC
2013-06-07 13:19 - 2010-01-04 18:37 - 00000000 ____D C:\users\Mcx1
2013-06-07 13:19 - 2010-01-04 18:37 - 00000000 ____D C:\users\Malon
2013-06-07 13:19 - 2010-01-04 18:37 - 00000000 ____D C:\users\Guest
2013-06-07 13:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-07 13:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-07 13:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2013-06-07 13:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat
2013-06-07 13:19 - 2008-09-06 11:58 - 00000000 ____D C:\Windows\System32\Drivers\Avg
 
Files to move or delete:
====================
C:\Users\Malon\GoToAssistDownloadHelper.exe
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-04-12 00:36:17
Restore point made on: 2013-04-12 00:42:44
Restore point made on: 2013-04-16 00:37:02
Restore point made on: 2013-04-16 00:42:00
Restore point made on: 2013-04-18 00:42:44
Restore point made on: 2013-04-22 05:06:05
Restore point made on: 2013-04-23 00:36:54
Restore point made on: 2013-04-26 05:27:36
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 3966.55 MB
Available physical RAM: 3460.85 MB
Total Pagefile: 3964.83 MB
Available Pagefile: 3468.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.11 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:456.43 GB) (Free:347.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.33 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 996 MB) (Disk ID: 73696420)
Partition 1: (Not Active) - (Size=260 GB) - (Type=20)
Partition 2: (Not Active) - (Size=257 GB) - (Type=6B)
Partition 3: (Not Active) - (Size=667 GB) - (Type=53)
Partition 4: (Active) - (Size=10 MB) - (Type=49)
 
 
Last Boot: 2013-04-23 20:24
 
==================== End Of Log ============================

 

 

 

Any assistance would be appreciated!!


Edited by malonr, 07 June 2013 - 02:01 PM.


BC AdBot (Login to Remove)

 


#2 gerry715

gerry715

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 07 June 2013 - 01:23 PM

i have the same problems wont start takes5 mins cant find the coase

andyhoe have u tryed microsof  fixit trying it wont harmt


Edited by gerry715, 07 June 2013 - 01:28 PM.


#3 slomeezy

slomeezy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 13 April 2016 - 05:58 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by SYSTEM on MININT-LB245G0 (14-04-2016 16:36:50)
Running from g:\
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [RollbackOnline] => C:\$WINDOWS.~BT\Sources\SetupPlatform.exe /rollbackonline
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\slomotion\...\Run: [Google Update] => C:\Users\slomotion\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\slomotion\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\slomotion\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => No File
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL => No File
AppInit_DLLs:  C:\Program Files (x86)\SO_Booster\Assistant_x64.dll => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [151552 2010-10-01] (Atheros)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1281056 2015-12-23] ()
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-08-27] (BitRaider, LLC)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [131312 2015-03-19] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 aswRvrt; no ImagePath
S0 aswVmm; no ImagePath
S3 BRDriver64; no ImagePath
S3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [110240 2011-10-22] ()
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1419576 2015-03-04] (Motorola Solutions, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-01-01] (Echobit, LLC)
S1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [9856 2007-09-14] (Lenovo)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-04] (REALiX™)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-02-04] (Intel Corporation)
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99800 2013-05-09] (Intel Corporation)
S0 ngvss; no ImagePath
S3 OXYGEN; C:\Windows\System32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio)
S3 SeratoUsb; C:\Windows\System32\Drivers\SeratoUsb.sys [49656 2013-07-09] (Cristalink Ltd)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-07] (Synaptics Incorporated)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S2 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
S1 aswKbd; \SystemRoot\system32\drivers\aswKbd.sys [X]
S2 aswMonFlt; \SystemRoot\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \SystemRoot\system32\drivers\aswRdr2.sys [X]
S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S2 aswStm; \SystemRoot\system32\drivers\aswStm.sys [X]
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
S0 SmartDefragDriver; System32\Drivers\SmartDefragDriver.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 16:36 - 2016-04-14 16:36 - 00000000 ___DC C:\FRST
2016-04-13 08:35 - 2016-04-13 08:36 - 00000000 ____C C:\Recovery.txt
2016-04-13 08:34 - 2016-04-13 08:34 - 00000000 ___DC C:\$WINDOWS.~LS
2016-03-24 14:36 - 2016-03-24 17:14 - 00000000 ___DC C:\Users\slomotion\Desktop\dance music 2
2016-03-22 14:20 - 2016-03-22 14:21 - 14145776 ____C C:\Users\slomotion\Downloads\R309746.exe
2016-03-21 15:19 - 2016-03-21 15:19 - 00000000 ___DC C:\$SysReset
2016-03-21 14:53 - 2016-03-21 14:53 - 00347816 ____C (Microsoft Corporation) C:\Users\slomotion\Downloads\MicrosoftFixit.Devices.Run.exe
2016-03-19 11:56 - 2016-03-19 11:56 - 03781320 ____C (Easeware ) C:\Users\slomotion\Downloads\DriverEasy_Setup.exe
2016-03-19 11:47 - 2016-03-19 11:47 - 02449376 ____C (Megaify Software ) C:\Users\slomotion\Downloads\DriverToolkitInstaller.exe
2016-03-19 11:39 - 2016-03-19 11:40 - 00390829 ____C C:\Users\slomotion\Downloads\WD_SES_Driver_Setup_x64 (1).zip
2016-03-19 11:37 - 2016-03-19 11:38 - 00390829 ____C C:\Users\slomotion\Downloads\WD_SES_Driver_Setup_x64.zip
2016-03-19 11:36 - 2016-03-19 11:37 - 00286665 ____C C:\Users\slomotion\Downloads\WD_SES_Driver_Setup_x86.zip
2016-03-19 11:25 - 2016-03-19 11:27 - 01971788 ____C C:\Users\slomotion\Downloads\WDFirmwareUpdater.zip
2016-03-18 15:28 - 2016-03-18 15:29 - 01527296 ____C C:\Users\slomotion\Downloads\adwcleaner_5.102.exe
2016-03-15 15:08 - 2016-03-15 15:08 - 07309754 ____C C:\Users\slomotion\Desktop\red parrot.wav

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-13 08:29 - 2016-03-04 12:20 - 00000000 ___DC C:\$WINDOWS.~BT
2016-03-24 17:14 - 2016-03-04 17:13 - 00000000 ___DC C:\Users\slomotion\Desktop\Serato Scratch Live 2.5 Win
2016-03-24 16:52 - 2013-05-15 14:41 - 00000000 ___DC C:\users\slomotion
2016-03-24 16:52 - 2009-07-13 19:20 - 00000000 _RSDC C:\Windows\Media
2016-03-24 16:51 - 2014-12-17 07:38 - 00000000 ___DC C:\Windows\SysWOW64\gs
2016-03-24 16:51 - 2014-12-01 04:55 - 00000000 ___DC C:\Windows\SysWOW64\vbox
2016-03-24 16:51 - 2014-12-01 04:55 - 00000000 ___DC C:\Windows\System32\vbox
2016-03-24 16:51 - 2014-07-16 13:41 - 00000000 ___DC C:\Windows\SysWOW64\xlive
2016-03-24 16:51 - 2014-07-06 18:40 - 00000000 ___DC C:\Program Files\IDT
2016-03-24 16:51 - 2014-06-27 01:07 - 00000000 ___DC C:\Windows\en
2016-03-24 16:51 - 2013-08-09 15:00 - 00000000 ___DC C:\Windows\System32\MRT
2016-03-24 16:51 - 2013-08-01 14:10 - 00000000 ___DC C:\Windows\System32\SPReview
2016-03-24 16:51 - 2013-08-01 14:09 - 00000000 ___DC C:\Windows\System32\EventProviders
2016-03-24 16:51 - 2013-07-29 14:07 - 00000000 __HDC C:\Windows\System32\WLANProfiles
2016-03-24 16:51 - 2013-05-23 19:19 - 00000000 ___DC C:\Windows\System32\appmgmt
2016-03-24 16:51 - 2013-05-19 12:54 - 00000000 ___DC C:\Windows\SysWOW64\sda
2016-03-24 16:51 - 2013-05-19 12:52 - 00000000 ___DC C:\Windows\SysWOW64\vmm32
2016-03-24 16:51 - 2009-07-13 23:45 - 00000000 __RDC C:\Users\Public\Recorded TV
2016-03-24 16:51 - 2009-07-13 21:32 - 00000000 ___DC C:\Windows\Downloaded Program Files
2016-03-24 16:51 - 2009-07-13 19:20 - 00000000 __HDC C:\Windows\System32\GroupPolicy
2016-03-24 16:51 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\SysWOW64\GroupPolicy
2016-03-24 16:51 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\System32\NDF
2016-03-24 16:51 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\Resources
2016-03-24 16:51 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\PolicyDefinitions
2016-03-24 16:51 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\LiveKernelReports
2016-03-24 16:51 - 2009-07-13 19:20 - 00000000 ___DC C:\Windows\inf
2016-03-24 16:51 - 2009-07-13 19:20 - 00000000 ___DC C:\Program Files\Common Files\Microsoft Shared
2016-03-24 16:50 - 2015-12-06 08:21 - 00000000 ___DC C:\Windows\System32\Tasks\AVAST Software
2016-03-24 10:30 - 2015-06-28 08:18 - 00000000 ___DC C:\Users\slomotion\AppData\Local\ElevatedDiagnostics
2016-03-21 15:17 - 2014-04-01 07:46 - 00000000 ___DC C:\Users\slomotion\.gimp-2.8
2016-03-19 11:38 - 2013-07-30 00:55 - 00000000 ___DC C:\Program Files\DIFX
2016-03-19 07:10 - 2014-09-10 13:26 - 00000000 ___DC C:\Users\slomotion\Documents\POOL
2016-03-17 10:21 - 2015-10-08 07:19 - 00192216 ____C (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

Some files in TEMP:
====================
C:\Users\slomotion\AppData\Local\Temp\ReimagePackage.exe

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-02-17 08:08] - [2016-02-17 13:49] - 3231232 ____A (Microsoft Corporation) 9D77CC4A36FEEA644D002CFB9B2D42C0

C:\Windows\SysWOW64\explorer.exe
[2016-02-17 08:08] - [2016-02-17 13:49] - 2973184 ____A (Microsoft Corporation) 2A156D5EBF221EF2A6AE7CE452324DAC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2015-12-09 16:01] - [2015-12-09 18:12] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A

C:\Windows\SysWOW64\User32.dll
[2015-12-09 16:01] - [2015-12-09 18:12] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8099.18 MB
Available physical RAM: 7281.88 MB
Total Virtual: 8097.33 MB
Available Virtual: 7281.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:262.92 GB) NTFS
Drive g: (KINGSTON) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0005451E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

LastRegBack: 2016-03-01 20:34

==================== End of FRST.txt ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users