Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Startup Repair Offline


  • This topic is locked This topic is locked
90 replies to this topic

#1 tylerdq

tylerdq

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 30 July 2013 - 04:36 PM

Hey,

 

I know other people have posted this same issue before but I figured it was best to inquire about my specific problem. My installation of Windows 7 won't boot after upgrading AVG Free and so I tried Startup Repair but that keeps on failing. I tried a System Restore but that didn't work either (the restore was successful but upon boot I still couldn't get into Windows).

 

So I pulled up Farbar and got the following log. I have no idea how to get the correct fixtlist.txt I need, I was wondering if someone here would know how to help. Thanks a lot, I really appreciate it.

 

***************************************************

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by SYSTEM on 30-07-2013 14:20:56
Running from E:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)
HKLM-x32\...\Run: [Parallels Tools Center] - C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe [270120 2012-09-03] (Parallels Holdings, Ltd. and its affiliates.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2236080 2013-07-05] ()
HKU\tyler\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1672616 2013-07-09] (Valve Corporation)
HKU\tyler\...\Run: [Dashlane] - C:\Users\tyler\AppData\Roaming\Dashlane\Dashlane.exe [270520 2013-07-18] ()
HKU\tyler\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\tyler\...\Run: [Google Update] - C:\Users\tyler\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-20] (Google Inc.)
Startup: C:\Users\tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
 
==================== Services (Whitelisted) =================
 
S2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-05] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
S3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [52736 2011-06-03] (Apple Inc.)
S3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-03-25] (Apple Inc.)
S3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-03-25] (Apple Inc.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-05] (AVG Technologies)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-07] (DT Soft Ltd)
S3 prl_memdev; C:\Windows\System32\DRIVERS\prl_memdev.sys [19752 2012-09-03] ()
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-30 14:20 - 2013-07-30 14:20 - 00000000 ____D C:\FRST
2013-07-29 09:54 - 2013-07-29 09:54 - 00004025 _____ C:\Users\tyler\Documents\nocolor.RCF
2013-07-26 06:22 - 2013-07-26 06:22 - 00000000 ____D C:\Windows\System32\MRT
2013-07-24 13:28 - 2013-07-25 15:10 - 00759808 _____ C:\Users\tyler\Desktop\test.cvj
2013-07-24 13:28 - 2013-07-25 14:40 - 00751104 _____ C:\Users\tyler\Desktop\test.bak
2013-07-16 14:31 - 2013-07-16 14:31 - 00000000 ____D C:\Program Files (x86)\Business Objects
2013-07-12 14:11 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 14:11 - 2013-06-11 15:43 - 01767936 _____ C:\Windows\SysWOW64\wininet.dll
2013-07-12 14:11 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 14:11 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 14:11 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 14:11 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 14:11 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 14:11 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 14:11 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 14:11 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 14:11 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 14:11 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 14:11 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 14:11 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 14:11 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 14:11 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 14:11 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 14:11 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 14:11 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 14:11 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 14:10 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 14:10 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-12 14:10 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 06:51 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 06:51 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 06:51 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 06:51 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 06:50 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 06:49 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 06:49 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-03 08:09 - 2013-07-30 11:38 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-03 08:09 - 2013-07-30 11:38 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-03 08:09 - 2013-07-05 11:25 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-07-03 08:09 - 2013-07-03 08:09 - 00000000 ____D C:\Users\tyler\AppData\Local\AVG Secure Search
2013-07-02 10:18 - 2013-07-02 10:17 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-02 10:17 - 2013-07-02 10:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-02 10:17 - 2013-07-02 10:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-02 10:17 - 2013-07-02 10:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
 
==================== One Month Modified Files and Folders =======
 
2013-07-30 14:20 - 2013-07-30 14:20 - 00000000 ____D C:\FRST
2013-07-30 11:38 - 2013-07-03 08:09 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-30 11:38 - 2013-07-03 08:09 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-30 11:38 - 2012-12-07 08:29 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-07-30 11:38 - 2012-11-09 09:13 - 00000000 ____D C:\Users\tyler\AppData\Roaming\Launchy
2013-07-30 11:38 - 2012-11-09 09:00 - 00000000 ____D C:\Users\tyler\AppData\Roaming\Dashlane
2013-07-30 11:38 - 2012-10-21 18:58 - 00000000 ____D C:\users\tyler
2013-07-30 11:38 - 2012-10-20 19:42 - 00000000 ____D C:\ProgramData\MFAData
2013-07-30 11:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-30 11:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-30 11:36 - 2012-10-20 19:57 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-29 09:54 - 2013-07-29 09:54 - 00004025 _____ C:\Users\tyler\Documents\nocolor.RCF
2013-07-26 06:26 - 2013-07-26 06:22 - 00000000 ____D C:\Windows\System32\MRT
2013-07-25 15:10 - 2013-07-24 13:28 - 00759808 _____ C:\Users\tyler\Desktop\test.cvj
2013-07-25 14:40 - 2013-07-24 13:28 - 00751104 _____ C:\Users\tyler\Desktop\test.bak
2013-07-19 06:51 - 2012-10-21 01:51 - 01740396 _____ C:\Windows\WindowsUpdate.log
2013-07-19 06:50 - 2013-01-29 22:26 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016941962-309009195-1852044415-1000UA.job
2013-07-19 06:50 - 2012-10-20 22:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-19 06:50 - 2012-10-20 19:23 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 12:23 - 2012-10-20 19:23 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-18 07:35 - 2013-01-29 22:26 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016941962-309009195-1852044415-1000Core.job
2013-07-16 15:08 - 2012-10-22 08:23 - 00000000 ____D C:\Planit
2013-07-16 15:07 - 2009-07-13 20:45 - 00022096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 15:07 - 2009-07-13 20:45 - 00022096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 14:57 - 2013-01-14 22:08 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2013-07-16 14:56 - 2013-02-05 22:03 - 00015040 _____ C:\Windows\setupact.log
2013-07-16 14:56 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-16 14:41 - 2012-10-21 19:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-16 14:37 - 2009-07-13 18:34 - 00017486 _____ C:\Windows\System32\Drivers\etc\services
2013-07-16 14:31 - 2013-07-16 14:31 - 00000000 ____D C:\Program Files (x86)\Business Objects
2013-07-15 07:30 - 2013-01-29 22:26 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016941962-309009195-1852044415-1000UA
2013-07-15 07:30 - 2013-01-29 22:26 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016941962-309009195-1852044415-1000Core
2013-07-15 07:13 - 2009-07-13 20:45 - 00419072 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-15 07:11 - 2011-04-12 00:28 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-15 07:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-15 07:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 14:13 - 2013-02-08 13:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 12:26 - 2012-12-07 09:35 - 00000000 ____D C:\Users\tyler\Documents\2020 Files
2013-07-12 12:18 - 2012-10-20 19:23 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 12:18 - 2012-10-20 19:23 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 07:49 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-11 15:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-11 13:26 - 2013-03-21 22:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 13:26 - 2013-03-21 22:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 07:07 - 2012-10-21 10:24 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 12:20 - 2013-03-06 12:40 - 00000000 ____D C:\Users\tyler\AppData\Roaming\Mozilla
2013-07-05 11:25 - 2013-07-03 08:09 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-07-04 21:00 - 2012-11-09 08:54 - 00000000 ____D C:\Users\tyler\AppData\Roaming\Skype
2013-07-04 19:31 - 2013-05-01 09:18 - 00000000 ____D C:\Users\tyler\AppData\Roaming\FEZ
2013-07-04 17:38 - 2013-01-25 22:20 - 00000000 ____D C:\Users\tyler\AppData\Roaming\vlc
2013-07-04 17:18 - 2012-12-07 08:51 - 00000000 ____D C:\Users\tyler\Documents\My Games
2013-07-04 17:15 - 2013-02-13 22:22 - 00367034 _____ C:\Windows\DirectX.log
2013-07-04 16:34 - 2013-03-01 12:20 - 00000000 ____D C:\Users\tyler\Documents\ManiaPlanet
2013-07-04 16:01 - 2013-03-01 12:20 - 00000000 ____D C:\ProgramData\ManiaPlanet
2013-07-04 09:44 - 2013-03-08 12:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-04 06:43 - 2013-02-10 18:19 - 00005228 _____ C:\Windows\PFRO.log
2013-07-04 06:43 - 2009-07-13 21:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-03 08:09 - 2013-07-03 08:09 - 00000000 ____D C:\Users\tyler\AppData\Local\AVG Secure Search
2013-07-02 10:17 - 2013-07-02 10:18 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-02 10:17 - 2013-07-02 10:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-02 10:17 - 2013-07-02 10:17 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-02 10:17 - 2013-07-02 10:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-02 10:17 - 2012-10-20 22:12 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-02 10:17 - 2012-10-20 22:12 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
 
==================== Known DLLs (Whitelisted) ================
 
[2013-07-12 14:11] - [2013-06-11 15:43] - 1767936 ____A () C:\Windows\SysWOW64\WININET.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-07-19 06:56:36
Restore point made on: 2013-07-26 06:21:50
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 2047.55 MB
Available physical RAM: 1389.63 MB
Total Pagefile: 2047.55 MB
Available Pagefile: 1430.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (BOOTCAMP) (Fixed) (Total:93.36 GB) (Free:29.6 GB) NTFS (Disk=0 Partition=4) ==>[Drive with boot components (obtained from BCD)]
Drive d: (GSP1RMCPRXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:14.87 GB) (Free:9.57 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7B100FC4)
 
Partition: GPT Partition TypePartition 2: (Not Active) - (Size=372 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=93 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 25A9F68A)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
 
 
LastRegBack: 2013-07-23 09:12
 
==================== End Of Log ============================

Edited by hamluis, 30 July 2013 - 04:42 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 04 August 2013 - 04:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/502790 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 tylerdq

tylerdq
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 05 August 2013 - 03:19 PM

1. After updating AVG to the latest version, I restarted my computer and couldn't reboot. I tried to use startup repair to fix the problem, but to no avail. Startup repair failed, citing "startup repair offline" with the error log below. I also tried system restore, which said it successfully restored to my previous restore point, but which didn't actually solve my problem, leaving me still without the ability to boot into Windows. I used Farbar to retrieve the log in my first post.

 

2. Am I able to use DDS without being able to log in to Windows? How do I do that? My system is Windows 7 Professional 64-bit.

 

3. I do have my Windows disc available, and have tried completing a startup repair and system restore from the disc, but also to no avail.

 

Thank you.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:30 PM

Posted 07 August 2013 - 01:45 PM

Greetings tylerdq and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please rerun Farbar Recovery Scan Tool so that we can work with the most current information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 tylerdq

tylerdq
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 07 August 2013 - 04:46 PM

Thank you very much for your response, Gary. My name is Tyler. I completely understand that you are doing this as a volunteer and I am grateful. I have re-run Farbar and my log file is attached.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-08-2013 06
Ran by SYSTEM on 07-08-2013 14:41:36
Running from E:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\RunOnce: [SetupParallelsTools] - C:\TEMP_PARALLELS_TOOLS\PTIAgent.exe /install [6438696 2013-08-07] (Parallels Holdings, Ltd. and its affiliates.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)
HKLM-x32\...\Run: [Parallels Tools Center] - C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe [270120 2012-09-03] (Parallels Holdings, Ltd. and its affiliates.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2236080 2013-07-05] ()
HKU\tyler\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1672616 2013-07-09] (Valve Corporation)
HKU\tyler\...\Run: [Dashlane] - C:\Users\tyler\AppData\Roaming\Dashlane\Dashlane.exe [270520 2013-07-18] ()
HKU\tyler\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\tyler\...\Run: [Google Update] - C:\Users\tyler\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-20] (Google Inc.)
Startup: C:\Users\tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()

==================== Services (Whitelisted) =================

S2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-05] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [52736 2011-06-03] (Apple Inc.)
S3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-03-25] (Apple Inc.)
S3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-03-25] (Apple Inc.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-05] (AVG Technologies)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-07] (DT Soft Ltd)
S3 prl_memdev; C:\Windows\System32\DRIVERS\prl_memdev.sys [19752 2012-09-03] ()
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-07 12:25 - 2013-08-07 12:25 - 00000000 ____D C:\TEMP_PARALLELS_TOOLS
2013-07-30 14:20 - 2013-07-30 14:20 - 00000000 ____D C:\FRST
2013-07-29 09:54 - 2013-07-29 09:54 - 00004025 _____ C:\Users\tyler\Documents\nocolor.RCF
2013-07-26 06:22 - 2013-07-26 06:26 - 00000000 ____D C:\Windows\System32\MRT
2013-07-24 13:28 - 2013-07-25 15:10 - 00759808 _____ C:\Users\tyler\Desktop\test.cvj
2013-07-24 13:28 - 2013-07-25 14:40 - 00751104 _____ C:\Users\tyler\Desktop\test.bak
2013-07-16 14:31 - 2013-07-16 14:31 - 00000000 ____D C:\Program Files (x86)\Business Objects
2013-07-12 14:11 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 14:11 - 2013-06-11 15:43 - 01767936 _____ C:\Windows\SysWOW64\wininet.dll
2013-07-12 14:11 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 14:11 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 14:11 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 14:11 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 14:11 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 14:11 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 14:11 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 14:11 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 14:11 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 14:11 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 14:11 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-12 14:11 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-12 14:11 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-12 14:11 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-12 14:11 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-12 14:11 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 14:11 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-12 14:11 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-12 14:11 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 14:10 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 14:10 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-12 14:10 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-11 06:51 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-11 06:51 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 06:51 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-11 06:51 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 06:50 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-11 06:49 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 06:49 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-07 12:25 - 2013-08-07 12:25 - 00000000 ____D C:\TEMP_PARALLELS_TOOLS
2013-08-07 12:25 - 2013-01-28 12:28 - 00118568 ____N (Parallels Holdings, Ltd. and its affiliates.) C:\Windows\System32\Drivers\prl_pv64.sys
2013-08-07 12:25 - 2012-09-03 22:25 - 00045864 _____ (Parallels Holdings, Ltd. and its affiliates.) C:\Windows\System32\Drivers\prl_boot.sys
2013-07-31 16:45 - 2009-07-13 20:45 - 00032096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 16:45 - 2009-07-13 20:45 - 00032096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 14:20 - 2013-07-30 14:20 - 00000000 ____D C:\FRST
2013-07-30 11:38 - 2013-07-03 08:09 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-30 11:38 - 2013-07-03 08:09 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-30 11:38 - 2012-12-07 08:29 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-07-30 11:38 - 2012-11-09 09:13 - 00000000 ____D C:\Users\tyler\AppData\Roaming\Launchy
2013-07-30 11:38 - 2012-11-09 09:00 - 00000000 ____D C:\Users\tyler\AppData\Roaming\Dashlane
2013-07-30 11:38 - 2012-10-21 18:58 - 00000000 ____D C:\users\tyler
2013-07-30 11:38 - 2012-10-20 19:42 - 00000000 ____D C:\ProgramData\MFAData
2013-07-30 11:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-07-30 11:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-30 11:36 - 2012-10-20 19:57 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-29 09:54 - 2013-07-29 09:54 - 00004025 _____ C:\Users\tyler\Documents\nocolor.RCF
2013-07-26 06:26 - 2013-07-26 06:22 - 00000000 ____D C:\Windows\System32\MRT
2013-07-25 15:10 - 2013-07-24 13:28 - 00759808 _____ C:\Users\tyler\Desktop\test.cvj
2013-07-25 14:40 - 2013-07-24 13:28 - 00751104 _____ C:\Users\tyler\Desktop\test.bak
2013-07-19 06:51 - 2012-10-21 01:51 - 01740396 _____ C:\Windows\WindowsUpdate.log
2013-07-19 06:50 - 2013-01-29 22:26 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016941962-309009195-1852044415-1000UA.job
2013-07-19 06:50 - 2012-10-20 22:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-19 06:50 - 2012-10-20 19:23 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-18 12:23 - 2012-10-20 19:23 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-18 07:35 - 2013-01-29 22:26 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016941962-309009195-1852044415-1000Core.job
2013-07-16 15:08 - 2012-10-22 08:23 - 00000000 ____D C:\Planit
2013-07-16 14:57 - 2013-01-14 22:08 - 00119296 _____ C:\Windows\SysWOW64\zlib.dll
2013-07-16 14:56 - 2013-02-05 22:03 - 00015040 _____ C:\Windows\setupact.log
2013-07-16 14:56 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-16 14:41 - 2012-10-21 19:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-16 14:37 - 2009-07-13 18:34 - 00017486 _____ C:\Windows\System32\Drivers\etc\services
2013-07-16 14:31 - 2013-07-16 14:31 - 00000000 ____D C:\Program Files (x86)\Business Objects
2013-07-15 07:30 - 2013-01-29 22:26 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016941962-309009195-1852044415-1000UA
2013-07-15 07:30 - 2013-01-29 22:26 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016941962-309009195-1852044415-1000Core
2013-07-15 07:13 - 2009-07-13 20:45 - 00419072 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-15 07:11 - 2011-04-12 00:28 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-15 07:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-15 07:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 14:13 - 2013-02-08 13:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 12:26 - 2012-12-07 09:35 - 00000000 ____D C:\Users\tyler\Documents\2020 Files
2013-07-12 12:18 - 2012-10-20 19:23 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 12:18 - 2012-10-20 19:23 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 07:49 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-11 15:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-11 13:26 - 2013-03-21 22:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 13:26 - 2013-03-21 22:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 07:07 - 2012-10-21 10:24 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-10 12:20 - 2013-03-06 12:40 - 00000000 ____D C:\Users\tyler\AppData\Roaming\Mozilla

==================== Known DLLs (Whitelisted) ================

[2013-07-12 14:11] - [2013-06-11 15:43] - 1767936 ____A () C:\Windows\SysWOW64\WININET.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-19 06:56:36
Restore point made on: 2013-07-26 06:21:50

==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 1023.55 MB
Available physical RAM: 504.73 MB
Total Pagefile: 1023.55 MB
Available Pagefile: 510.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:93.36 GB) (Free:19.16 GB) NTFS (Disk=0 Partition=4) ==>[Drive with boot components (obtained from BCD)]
Drive d: (GSP1RMCPRXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:14.87 GB) (Free:9.57 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7B100FC4)

Partition: GPT Partition TypePartition 2: (Not Active) - (Size=372 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=93 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 25A9F68A)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-07-23 09:12

==================== End Of Log ============================

Attached Files


Edited by Oh My, 07 August 2013 - 06:58 PM.
FRST log posted


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:30 PM

Posted 07 August 2013 - 07:25 PM

Hi Tyler,

Let's do the following and see where it takes us.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2013-07-23 09:12
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog log
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 tylerdq

tylerdq
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 08 August 2013 - 09:39 AM

I have completed the steps. My log is below, but my computer will still not boot.

 

-----------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-08-2013 06
Ran by SYSTEM at 2013-08-07 16:37:45 Run:1
Running from E:\
Boot Mode: Recovery
==============================================
 
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
 
==== End of Fixlog ====

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:30 PM

Posted 08 August 2013 - 10:29 AM

Hi Tyler,

OK, now please boot into Safe Mode by tapping F8 and select Last Known Good Configuration.
 
Let me know the results.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 tylerdq

tylerdq
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 08 August 2013 - 11:41 AM

When I booted using last known good configuration, the screen stayed black for 15-30 seconds and then flashed a BSOD really fast (too fast to see what was on it) and restarted.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:30 PM

Posted 08 August 2013 - 04:22 PM

Hi Tyler,

See if you can do this.

===================================================

Diagnose Blue Screen of Death (BSOD) Errors

--------------------
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select Disable Automatic Restart on System Failure, as shown here:

advancedoptions.png

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Blue Screen Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 tylerdq

tylerdq
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 09 August 2013 - 10:15 AM

This is the information on the BSOD:

 

STOP: c000021a {Fatal System Error}

The Verification of a KnownDLL failed. system process terminated unexpectedly wi

th a status of 0xc000012f (0x00960400 0x00000000).

The system has been shut down.

 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:30 PM

Posted 09 August 2013 - 06:37 PM

Hi Tyler,

Please run this for me.

===================================================

Running chkdsk /r from Recovery Environment in Windows 7

--------------------
  • Boot your computer into the Recovery Environment (tap F8)
  • Select Command Prompt
  • Type c: and Enter
  • Type chkdsk /f and Enter
  • If you receive a message about unmounting the volume check Yes
  • If the program doesn't start automatically repeat the chkdsk /f command
  • Once the process is finished please write down any information provided on the screen
  • Attempt to reboot your computer into Normal Mode.
  • If you receive a Blue Screen of Death (BSOD) please provide that information in your post.
Note: This process may take awhile to complete. You may also notice the progress bar jumping back and forth. This is normal. Please be patient.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Are you able to Boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 tylerdq

tylerdq
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 11 August 2013 - 01:32 PM

The end of the chkdsk /f process read out as follows:

 

Usn Journal verification completed.

CHKDSK discovered free space marked as allocated in the

master file table <MFT> bitmap.

CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.

 

97898495 KB total disk space.

77364864 KB in 233807 files.

120052 KB in 30624 indexes.

0 KB in bad sectors.

413591 KB in use by the system.

65536 KB occupied by the log file.

19999988 KB available on disk.

 

4096 bytes in each allocation unit.

24474623 total allocation units on disk.

4999997 allocation units available on disk.

Failed to transfer logged messages to the event log with status 50.

 

-------------------

 

The system wouldn't reboot in normal mode, and the BSOD said:

 

STOP: c00021a {Fatal System Error}

The verification of a KnownDLL failed. system process terminated unexpectedly wi

th a status of 0xc000012f (0x00ab5280 0x00000000).

The system has been shut down.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:30 PM

Posted 11 August 2013 - 03:59 PM

===================================================

Running sfc /scannow in Windows 7/Vista Recovery Environment - Reboot Required Error

-----------------
  • Restart the computer
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears
  • Use the arrow keys to select the Repair your computer menu item
  • Select English as the keyboard language settings, and then click Next
  • Once you are in the System Recovery Options menu you will get the following options

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • Type the following (there is a space before each "/") after the Command Prompt and hit Enter

SFC /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\WINDOWS

  • Try to boot your computer into Normal Mode of if unsuccessful, Safe Mode

Edited by Oh My, 11 August 2013 - 05:56 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 tylerdq

tylerdq
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 11 August 2013 - 04:45 PM

The command prompt simply returned:

 

Windows Resource Protection could not start the repair service.

 

And I checked again just to see if it would boot, and it won't in either normal or safe mode.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users