Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD, %hs missing, possible ZeroACCESS Rootkit


  • This topic is locked This topic is locked
124 replies to this topic

#1 avip2u

avip2u

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 26 April 2014 - 11:13 PM

I was advised to post here by noknojon.  That thread is here.  Per his instructions I am following the 

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

First, a check of Virus, Spyware, and Malware Removal Self-Help Guides - - searching for "%hs" yields one result - - this one. However, besides it being in Spanish it seems to be the guide for ComboFix and I read this:

icon13.gif DO NOT RUN ComboFix unless requested to.

 

On to the other steps ...

 

Step 1 - back up = done

 

Step 2 - slow computer - - this is not my problem

 

Step 3 - register on the forum = done

 

Step 4 - these instructions are very thorough and detailed, so I will try to be also.  I looked here: 

BleepingComputer.com  → My control panel  → Settings  → Notification Options

but there is no place do exactly this:

Put a checkmark in the checkbox labeled Watch every topic I reply to.

Instead mine says:

Topics & Posts

 Auto follow topics I reply to. Notification frequency:  Immediate 

I believe this is what the instructions mean, but you can correct me if needed.

 

Step 5 - Firewall = done

 

Step 6 - DDS

 

As I cannot boot my computer (I am typing this from a different one) I had to do this:

  1. download DDS.com to a USB stick
  2. plug USB into "infected" PC
  3. open command prompt  ... it starts up in directory = X:\windows\system32>
  4. use Notepad to determine USB stick is drive letter "L"  (I am only capitalizing the letter for clarity)
  5. issue DOS command:  copy L:\DDS.com  --> result:  1 file(s) copied
  6. attempting to run DDS by typing either "DDS" or "DDS.com", I receive the message
    "The subsystem needed to support the image type is not present."
  7. issue DOS command:  dir *.com ... to verify DDS file is present, which it is

 

Awaiting instructions.


Edited by avip2u, 26 April 2014 - 11:17 PM.

Whose subconscious are we going through, exactly?


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 01 May 2014 - 11:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/532418 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 avip2u

avip2u
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 02 May 2014 - 07:29 AM

REPLY TO "HELPBOT":

 

1) Clear description of the problems you're having

 

Upon boot, I receive a BSOD flash, with the message "file %hs is missing", and then the boot process restarts again, ending with the screen that tells me it can't boot, and offers the option of attempting boot normally (a loop) or entering Start Up Repair.  None of the repair/diagnostic options there work.  I have described all of this in my prior posts that led me "here".
 

 

2) A new DDS log.

 

I am unable to run DDS.com as described above.

  • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version,Edition and if it is a 32bit or a 64bit system.

    Windows 7x64, upgraded many moons ago from VIsta which was the OEM install on this PC
     
  • Please tell us if you have your original Windows CD/DVD available. 

    I do have the "Upgrade" disc I purchased approx 4 years ago.

 

Thanks in advance for your help - -  I have been without my PC for nearly 2 weeks waiting for help.


Whose subconscious are we going through, exactly?


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 02 May 2014 - 04:50 PM

Greetings avip2u and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 05 May 2014 - 11:21 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#6 avip2u

avip2u
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 06 May 2014 - 07:23 AM

Gary,

 

My apologies as somehow I did not receive, or missed, the email notification from your post on 02 May 2014 - 10:50 PM.  I was and still am subscribed to immediate email notifications.

 

My name is Andy.  My computer is not yet fixed.  I have been anxiously awaiting your reply and I am bothered that somehow I missed it !!!

 

I will now go and attempt to run FRST per your instructions.

 

Thanks.


Whose subconscious are we going through, exactly?


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 06 May 2014 - 08:08 AM

Thanks Andy, I am glad you are here.  Yes sometimes the notifications don't hit our inbox for one reason or another but we are all set to go now.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#8 avip2u

avip2u
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 06 May 2014 - 08:22 AM

Upon initial start of FRST64 I receive this Window :
 
IMG_0282a.jpg
 
 
The message in the above window says:
 
"More than one Windows operating system detected.  They will be presented to select one to be scanned. In case you made the wrong choice please restart and boot to recovery environment again before running the tool.  Click OK to Continue."
 
I did not know I had more than one operating system?
 
=================================
 
The next Window is:
 
IMG_0283a.jpg
 
 
The message in the above window says:
 
"Is this the operating system you want to repair:

Windows 7 Home Premium

This operating system is on c: drive when booted to the recovery mode.
YES  /  NO"
 
This operating system looks like the one I know about.  My hard drive is C: and I have Windows 7.
 

=================================

 
To give you completely thorough information, clicking "NO" then displays the following:
 
IMG_0284a.jpg
 

The message in the above window says:
 
"Is this the operating system you want to repair:

Windows ™ Code Name "Longhorn" Preinstallation Environment

This operating system is on e: drive when booted to the recovery mode.
YES  /  NO"



If I ever knew about this operating system, I have forgotten.
 

=================================

 
Since the first choice is the correct one, I clicked "NO" again, then restarted the Recovery Environment, and re-ran FRST64 , returning to the Window where I clicked "YES" to choose Windows 7 on c: drive.  I then received this screen:
 
IMG_0285a.jpg
 


The above window looks like the main FRST screen, so I clicked "SCAN".
 
Please note, following your instructions explicitly, I did not receive a DISCLAIMER SCREEN.



 
=================================
 
The scan completed and I found the results on the USB stick.  Copy and paste of FRST log:  :thumbsup2:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by SYSTEM on MININT-UM69OQ6 on 06-05-2014 09:18:34
Running from L:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-28] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1742064 2014-03-27] (Bitdefender)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [184320 2007-04-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [3986040 2014-04-07] (iolo technologies, LLC)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Runonce: [SMRequiresRestart] - [X]
HKLM-x32\...\Runonce: [InnoSetupRegFile.0000000001] - "C:\Windows\is-5Q6M3.exe" /REG /REGSVRMODE [X]
HKLM-x32\...\Runonce: [iolo WebUpdate Reboot] - [X]
HKU\Avip2u\...\Run: [Google Update] => C:\Users\Avip2u\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-16] (Google Inc.)
HKU\Avip2u\...\Run: [Dashlane] => C:\Users\Avip2u\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-03-06] ()
HKU\Avip2u\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [13165400 2014-03-11] (NTeWORKS)
HKU\Avip2u\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKU\Avip2u\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-03-27] (Bitdefender)
HKU\Avip2u\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-03-27] (Bitdefender)
HKU\Avip2u\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-03-27] (Bitdefender)

==================== Services (Whitelisted) =================

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
S4 Creative ALchemy AL1 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [79360 2009-04-21] (Creative Labs)
S3 dldw_device; C:\Windows\system32\dldwcoms.exe [1044136 2009-07-24] ( )
S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-03-13] (iolo technologies, LLC)
S2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
S2 QVssService; C:\Program Files\QNAP\NetBak\QVssService.exe [2203824 2014-02-16] (QNAP Systems, Inc.)
S4 Roxio UPnP Renderer 9; C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [57344 2006-08-10] (Sonic Solutions)
S4 Roxio Upnp Server 9; C:\Program Files (x86)\Common Files\Sonic Shared\RoxioUpnpService9.exe [294912 2006-08-10] (Sonic Solutions)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1523728 2014-03-27] (Bitdefender)

==================== Drivers (Whitelisted) ====================

S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-06] (AVG Technologies)
S1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-12-26] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)
S2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-11-03] (CACE Technologies, Inc.)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [58880 2006-08-09] (Sonic Solutions)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2013-12-05] (Duplex Secure Ltd.)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 QDrive; \??\C:\Users\Avip2u\AppData\Local\Temp\QDrive.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2020-02-06 06:48 - 2010-02-13 23:45 - 00000000 ____D () C:\ProgramData\SiteAdvisor
2014-04-21 11:19 - 2014-05-06 09:18 - 00000000 ____D () C:\FRST
2014-04-19 13:09 - 2014-04-19 13:09 - 00000000 ____D () C:\Windows\System32\Tasks\Google
2014-04-09 14:09 - 2014-04-09 14:09 - 01185040 _____ () C:\Windows\is-5Q6M3.exe
2014-04-09 14:09 - 2014-04-09 14:09 - 00022623 _____ () C:\Windows\is-5Q6M3.msg
2014-04-09 14:09 - 2014-04-09 14:09 - 00000493 _____ () C:\Windows\is-5Q6M3.lst
2014-04-09 13:35 - 2014-04-09 14:08 - 00008862 _____ () C:\Users\Avip2u\Documents\root words C 5th grade.xlsx
2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\ProgramData\PicPick
2014-04-08 11:10 - 2014-03-30 17:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-08 11:10 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-08 11:10 - 2014-03-30 16:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-08 11:10 - 2014-03-30 15:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-08 11:10 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-08 11:10 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-04-08 11:10 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 11:10 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-08 11:10 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-08 11:10 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-08 11:10 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-08 11:10 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 11:09 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-04-08 11:09 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-04-08 11:09 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-04-08 11:09 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 11:09 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 11:09 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 11:09 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 11:09 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 11:09 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-04-07 11:42 - 2014-04-07 11:42 - 00003192 _____ () C:\Windows\System32\Tasks\NetBak-NewDell-Avip2u-AutoStartup
2014-04-07 11:42 - 2014-04-07 11:42 - 00001753 _____ () C:\Users\Avip2u\Desktop\NetBak Replicator.lnk
2014-04-07 05:57 - 2014-04-07 05:57 - 00003620 _____ () C:\Windows\System32\Tasks\Auto Restart

==================== One Month Modified Files and Folders =======

2014-05-06 09:18 - 2014-04-21 11:19 - 00000000 ____D () C:\FRST
2014-04-19 13:09 - 2014-04-19 13:09 - 00000000 ____D () C:\Windows\System32\Tasks\Google
2014-04-19 13:08 - 2013-12-11 18:59 - 00000000 ____D () C:\iolo
2014-04-13 22:55 - 2010-02-13 23:36 - 00000000 ____D () C:\users\Avip2u
2014-04-13 22:55 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-04-13 22:55 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-13 22:07 - 2009-07-13 23:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-13 17:21 - 2010-02-14 00:24 - 01287381 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 17:18 - 2014-01-24 09:29 - 00000000 ____D () C:\ProgramData\iolo
2014-04-13 17:15 - 2010-02-14 06:24 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CAA51232-8CF0-4ED4-9E97-39804BC983E8}
2014-04-13 17:13 - 2010-11-22 09:31 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4105385069-2764975127-1345440916-1000UA.job
2014-04-13 16:42 - 2010-02-03 19:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-13 16:26 - 2012-05-01 03:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 15:55 - 2010-02-13 23:29 - 00018560 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 15:55 - 2010-02-13 23:29 - 00018560 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 15:13 - 2010-11-22 09:31 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4105385069-2764975127-1345440916-1000Core.job
2014-04-13 05:43 - 2010-02-03 19:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-12 06:42 - 2010-02-19 18:52 - 00865792 ___SH () C:\Users\Avip2u\Desktop\Thumbs.db
2014-04-10 20:07 - 2009-08-10 14:48 - 00000000 ____D () C:\Users\Avip2u\Documents\_Excel
2014-04-10 19:56 - 2014-03-25 11:54 - 00009951 _____ () C:\Users\Avip2u\Documents\2014 Lovello Class volunteers for Spring Fling.xlsx
2014-04-09 14:09 - 2014-04-09 14:09 - 01185040 _____ () C:\Windows\is-5Q6M3.exe
2014-04-09 14:09 - 2014-04-09 14:09 - 00022623 _____ () C:\Windows\is-5Q6M3.msg
2014-04-09 14:09 - 2014-04-09 14:09 - 00000493 _____ () C:\Windows\is-5Q6M3.lst
2014-04-09 14:09 - 2014-01-24 09:30 - 00001431 _____ () C:\Users\Avip2u\Desktop\System Mechanic.lnk
2014-04-09 14:08 - 2014-04-09 13:35 - 00008862 _____ () C:\Users\Avip2u\Documents\root words C 5th grade.xlsx
2014-04-09 14:08 - 2013-12-11 19:00 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-04-09 03:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-04-08 23:44 - 2009-07-13 21:13 - 00838620 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-08 23:39 - 2014-04-08 23:39 - 00000000 ____D () C:\ProgramData\PicPick
2014-04-08 23:38 - 2012-11-12 12:13 - 23870517 _____ () C:\Windows\setupact.log
2014-04-08 23:38 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 23:05 - 2013-07-12 07:49 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-08 23:05 - 2009-05-10 18:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-08 23:01 - 2010-03-13 12:53 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-07 11:42 - 2014-04-07 11:42 - 00003192 _____ () C:\Windows\System32\Tasks\NetBak-NewDell-Avip2u-AutoStartup
2014-04-07 11:42 - 2014-04-07 11:42 - 00001753 _____ () C:\Users\Avip2u\Desktop\NetBak Replicator.lnk
2014-04-07 11:42 - 2013-09-30 03:33 - 00000000 ____D () C:\Users\Avip2u\AppData\Local\QNAP
2014-04-07 10:45 - 2014-01-24 09:30 - 00057584 _____ (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe
2014-04-07 10:44 - 2014-01-24 09:30 - 00026184 _____ (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe
2014-04-07 10:21 - 2014-01-24 09:30 - 02155152 _____ (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll
2014-04-07 10:21 - 2014-01-24 09:30 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2014-04-07 05:57 - 2014-04-07 05:57 - 00003620 _____ () C:\Windows\System32\Tasks\Auto Restart
2014-04-06 16:40 - 2011-05-15 19:37 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 16:07 - 2012-07-06 18:55 - 00959512 _____ () C:\Windows\PFRO.log

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2014-04-13 17:21:13

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6135.18 MB
Available physical RAM: 5408.32 MB
Total Pagefile: 6133.33 MB
Available Pagefile: 5392.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:307.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (MICROSD_4GB) (Removable) (Total:3.67 GB) (Free:3.18 GB) FAT32
Drive e: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.71 GB) NTFS
Drive l: (USB_SWISSBI) (Removable) (Total:0.24 GB) (Free:0.2 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: B8000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=684 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 6 (Size: 245 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-04-08 20:21

==================== End Of Log ============================

Edited by Oh My, 06 May 2014 - 09:13 AM.

Whose subconscious are we going through, exactly?


#9 avip2u

avip2u
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 06 May 2014 - 08:37 AM

Yes sometimes the notifications don't hit our inbox for one reason or another but we are all set to go now.

 

In case it helps you with other members in the future - - I received all other notifications in my "INBOX" except for the one sent when you initially replied.  That one ended up in my SPAM box.  I just found it and clicked "NOT SPAM" on it.  Hopefully I will now receive ALL of them.  However I will check my SPAM box at least daily, in addition to my INBOX.


Whose subconscious are we going through, exactly?


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 06 May 2014 - 08:39 AM

Hi Alex,

Thanks for the detailed information. Now that I put my foot in my mouth and bragged about how responsive I will be I will be away from my computer for several hours going on a bike ride in the gorgeous Southern California weather (to the beach no less!). :) This information will take me a bit of time to sort through to figure out what is going on but in the meantime please run this for me. It will provide more detailed information about your partitions and operating system(s).

I should be back online by 7 PM or so your time. Thanks for your patience and understanding.

===================================================

ListParts by Farbar for 64 bit Systems Including BCD Information

--------------------
  • Please download ListParts64.exe (for 64 bit systems), or and save it to your desktop
  • Double click the icon to launch the program
  • Select Run
  • Place a check mark in the List BCD box
  • Select Scan
  • Select OK and wait for a Result - Notepad document to open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Listparts report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#11 avip2u

avip2u
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 06 May 2014 - 08:48 AM

ListParts64.exe --> Result.txt
ListParts by Farbar Version: 17-04-2014
Ran by SYSTEM (administrator) on 06-05-2014 at 09:46:06
Windows 7 (X64)
Running From: L:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 6135.18 MB
Available physical RAM: 5554.32 MB
Total Pagefile: 6133.33 MB
Available Pagefile: 5528.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:307.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (MICROSD_4GB) (Removable) (Total:3.67 GB) (Free:3.18 GB) FAT32
3 Drive e: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.71 GB) NTFS
10 Drive l: (USB_SWISSBI) (Removable) (Total:0.24 GB) (Free:0.2 GB) FAT
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 3768 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 245 MB 0 B

Partitions of Disk 0:
===============

Disk ID: B8000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 70 MB 31 KB
Partition 2 Primary 15 GB 71 MB
Partition 3 Primary 683 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 FAT Partition 70 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E RECOVERY NTFS Partition 15 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 683 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3764 MB 4096 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D MICROSD_4GB FAT32 Removable 3764 MB Healthy

======================================================================================================

Partitions of Disk 6:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 MB 16 KB

======================================================================================================

Disk: 6
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L USB_SWISSBI FAT Removable 244 MB Healthy

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: B8000000
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=684 GB) - (Type=07 NTFS)

==============================
Partitions of Disk 1:
===============
Disk ID: 00000000

Partition: GPT Partition Type.

==============================
Partitions of Disk 6:
===============
Disk ID: 00000000

Partition: GPT Partition Type.


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {5460d9d2-d391-11dc-9d9f-aba67a8797c5}
displayorder {default}
toolsdisplayorder {bdbdbd00-6057-11e0-a7f3-ce9adfd72001}
{memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[C:]\Recovery\44611307-1970-11df-a92b-0024e80eb322\Winre.wim,{44611308-1970-11df-a92b-0024e80eb322}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\44611307-1970-11df-a92b-0024e80eb322\Winre.wim,{44611308-1970-11df-a92b-0024e80eb322}
systemroot \windows
nx OptIn
winpe Yes

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {5460d9d2-d391-11dc-9d9f-aba67a8797c5}
nx OptIn

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device partition=E:
path \Windows\System32\boot\winload.exe
description Windows Recovery Environment
osdevice partition=E:
systemroot \Windows
nx OptIn
detecthal Yes
winpe Yes

Resume from Hibernate
---------------------
identifier {5460d9d2-d391-11dc-9d9f-aba67a8797c5}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device unknown
path \ntldr
description Earlier Version of Windows

Real-mode Boot Sector
---------------------
identifier {bdbdbd00-6057-11e0-a7f3-ce9adfd72001}
device partition=C:
path \bdr-ld01.mbr
description Bitdefender Rescue Mode - Windows 7 Home Premium SP 1 (x64)

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {44611308-1970-11df-a92b-0024e80eb322}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\44611307-1970-11df-a92b-0024e80eb322\boot.sdi


****** End Of Log ******

Edited by Oh My, 06 May 2014 - 09:13 AM.

Whose subconscious are we going through, exactly?


#12 avip2u

avip2u
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 06 May 2014 - 08:49 AM

Have a good ride!

...Andy


Whose subconscious are we going through, exactly?


#13 avip2u

avip2u
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 06 May 2014 - 12:19 PM

Having looked at the 2 logs, I noticed this line:

 

HKLM-x32\...\Runonce: [iolo WebUpdate Reboot] - [X]

 

and remembered :

 

Prior to the problem, a program I have, iolo System Mechanic, went through a self-update.  At the end it requested I allow a reboot, which I did - - I clicked OK.  However, nothing happened.  I continued working for a while, on what I forget, and later I was informed by Windows Update that it wanted to do a Critical Update, which I allowed.  At the end of this update, it asked to perform a reboot, which I allowed.  This time, the reboot proceeded.  That's when the problems began - - the BSOD flash and the endless loop of rebooting, or exit the loop into Recovery Environment.

 

I have no idea if this is connected.  Just trying to find something that will help you help me.

 

Thanks,

...Andy


Whose subconscious are we going through, exactly?


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 AM

Posted 06 May 2014 - 12:49 PM

Hi Andy,

EDIT: I just saw your latest post. Let's run this first then we will follow up on the additional information you posted....

Thanks for your patience and thanks for making the needed adjustments in order to run ListParts.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM-x32\...\Runonce: [SMRequiresRestart] - [X]
HKLM-x32\...\Runonce: [iolo WebUpdate Reboot] - [X]
S3 QDrive; \??\C:\Users\Avip2u\AppData\Local\Temp\QDrive.sys [X]
C:\Users\Avip2u\AppData\Local\Temp\QDrive.sys
SaveMBR: Drive=0
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Are you able to boot your computer?

Edited by Oh My, 06 May 2014 - 12:51 PM.
Included edit information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#15 avip2u

avip2u
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 AM

Posted 06 May 2014 - 01:56 PM

FIXLOG.TXT

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2014
Ran by SYSTEM at 2014-05-06 14:52:37 Run:1
Running from L:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Runonce: [SMRequiresRestart] - [X]
HKLM-x32\...\Runonce: [iolo WebUpdate Reboot] - [X]
S3 QDrive; \??\C:\Users\Avip2u\AppData\Local\Temp\QDrive.sys [X]
C:\Users\Avip2u\AppData\Local\Temp\QDrive.sys
SaveMBR: Drive=0
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SMRequiresRestart => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\iolo WebUpdate Reboot => Value deleted successfully.
QDrive => Service deleted successfully.
"C:\Users\Avip2u\AppData\Local\Temp\QDrive.sys" => File/Directory not found.
MBRDUMP.txt is made successfully.

==== End of Fixlog ====

Are you able to boot your computer?

 

NOT YET.  :devil:


Whose subconscious are we going through, exactly?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users