Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Fail to Start


  • This topic is locked This topic is locked
18 replies to this topic

#1 3kelvin9

3kelvin9

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 08 December 2014 - 06:08 AM

The title is just copied from http://www.bleepingcomputer.com/forums/t/448339/windows-failed-to-start-system-repair-cant-discover-problem/

 

I experienced the same issue, so i tried to do the process stated in link above.

 

This was the result of FRST64:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by SYSTEM on MININT-7VKQO32 on 08-12-2014 18:50:28
Running from h:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11777128 2011-02-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch Keyboard CI] => c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe [3438088 2009-05-28] (Alienware)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13256 2011-05-02] (Microsoft)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1658440 2011-03-12] (McAfee, Inc.)
HKLM\...\RunOnce: [Unattend0000000001{0E0DAAE4-476A-4746-A1AD-EDEDC88279FD}] => c:\MFG\WINCLEAN.EXE [323584 2011-11-16] ()
HKLM\...\RunOnce: [Unattend0000000002{30203D4D-6DAA-4F8C-8B4A-22C4D90686DF}] => C:\MFG\pwrcfg.bat [356 2011-11-16] ()
HKLM\...\RunOnce: [Unattend0000000003{D83A7536-D326-4A44-B6CC-E6D9497F8A0E}] => C:\MFG\pwrcfg.bat [356 2011-11-16] ()
HKLM\...\RunOnce: [Unattend0000000004{292A9E66-7522-429E-B975-3ABC26475020}] => C:\windows\system32\oem\SEULAS\SEULAS.exe [133632 2011-11-16] (Dell Computer Corporation)
HKLM\...\RunOnce: [Unattend0000000005{09E57F6C-08F8-451D-B84F-D6CB05A50D2D}] => C:\Program Files\AlienAutopsy\schdTasks.exe [52552 2011-03-23] (PC-Doctor, Inc.)
HKLM\...\RunOnce: [Unattend0000000006{17D64E01-DDE8-4B71-9643-932C6054B27F}] => c:\Program Files\Common files\McAfee\MSC\McUICnt.exe [678928 2011-02-07] (McAfee, Inc.)
HKLM\...\RunOnce: [Unattend0000000007{42322F4F-20E0-445F-BDE1-05E482E852B3}] => c:\DELL\clearevt.bat
HKLM-x32\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI]  <==== ATTENTION!
HKU\Administrator\...\Run: [Steam] => c:\Program Files (x86)\Steam\Steam.exe [1217808 2009-09-14] (Valve Corporation)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [501768 2011-03-17] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-03-13] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-15] (Windows ® Codename Longhorn DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 18:50 - 2014-12-08 18:50 - 00000000 ____D () C:\FRST
2014-12-08 17:41 - 2014-12-08 17:41 - 00000000 ____D () C:\Emergency
2014-12-08 17:27 - 2014-12-08 17:41 - 00000000 ____D () C:\Windows\SMINST
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 17:43 - 2011-11-16 07:45 - 00000000 ____D () C:\MFG
2014-12-08 17:43 - 2011-02-10 22:25 - 00000000 ____D () C:\Windows\panther
2014-12-08 17:43 - 2009-07-14 12:51 - 00035870 _____ () C:\Windows\setupact.log
2014-12-08 17:42 - 2010-11-21 11:47 - 00005214 _____ () C:\Windows\PFRO.log
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-09-19 17:54:20
 
==================== Memory info =========================== 
 
Percentage of memory in use: 9%
Total physical RAM: 8173.6 MB
Available physical RAM: 7390.22 MB
Total Pagefile: 8171.8 MB
Available Pagefile: 7386.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.96 GB) (Free:879.28 GB) NTFS
Drive h: () (Removable) (Total:1.94 GB) (Free:1.93 GB) FAT
Drive i: (RECOVERY) (Fixed) (Total:9.51 GB) (Free:2.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 88145626)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
 
LastRegBack: 2011-02-11 00:26
 
==================== End Of Log ============================
 
 
 
I also attempted the fixlist.txt, and this was the result : 
 
 
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02
Ran by SYSTEM at 2014-12-08 18:59:31 Run:2
Running from j:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
Start
SubSystems: [Windows] ==> ZeroAccess
CMD: Del /q C:\Windows\Tasks\At*.job
C:\Windows\system64
End
*****************
 
HKLM\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
 
=========  Del /q C:\Windows\Tasks\At*.job =========
 
Could Not Find C:\Windows\Tasks\At*.job
 
========= End of CMD: =========
 
"C:\Windows\system64" => File/Directory not found.
 
==== End of Fixlog ====
 
 
 
Can anyone help me to fix the issues? Thank you !
Im unsure if this is under Windows 7 or Virus issues, but since the previous post was moved here, i shall post it here.
If I'm wrong, I'm sorry !


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 13 December 2014 - 06:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559016 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 3kelvin9

3kelvin9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 19 December 2014 - 09:57 AM

The Issue : 

I turn on the system, it will load till the Windows is starting screen. However, it will have a dark screen after, and I cannot do anything on the PC anymore.

I attempted Factory Restore and it didn't work either.

 

I am unsure how to run DDS since my computer cant even boot properly. 

I do not have the Windows Installation disc.

 

Startup repair had an error:

Problem Event Name: Startup Repair Offline
Problem Signature 1: 6.1.7600.16385
Problem Signature 2: 6.1.7600.16385
Problem Signature 3: Unknown
Problem Signature 4: 21200330
Problem Signature 5: AutoFailover
Problem Signature 6: 6
Problem Signature 7: FailureDuringSetup
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

 

 

thank oyu for your help



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:54 AM

Posted 19 December 2014 - 09:10 PM

Greetings 3kelvin9 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I would caution you regarding the use of instructions intended for another user. In a sense it could be like treating someone for a heart attack when they only had a cold. The patient (computer) must be evaluated before any significant treatment is applied. You are fortunate running the instructions did not damage your computer.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM\...\RunOnce: [Unattend0000000001{0E0DAAE4-476A-4746-A1AD-EDEDC88279FD}] => c:\MFG\WINCLEAN.EXE [323584 2011-11-16] ()
HKLM\...\RunOnce: [Unattend0000000002{30203D4D-6DAA-4F8C-8B4A-22C4D90686DF}] => C:\MFG\pwrcfg.bat [356 2011-11-16] ()
HKLM\...\RunOnce: [Unattend0000000003{D83A7536-D326-4A44-B6CC-E6D9497F8A0E}] => C:\MFG\pwrcfg.bat [356 2011-11-16] ()
HKLM\...\RunOnce: [Unattend0000000007{42322F4F-20E0-445F-BDE1-05E482E852B3}] => c:\DELL\clearevt.bat
HKLM-x32\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI]  <==== ATTENTION!
c:\MFG
c:\DELL\clearevt.bat
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 3kelvin9

3kelvin9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 22 December 2014 - 02:04 AM

Hi Gary, you can call me Kelvin  :bananas:
 
I attempted the above as mentioned, but there was an issue : 
After clicking Fix on FRST64, an error came up , showed as
 
AutoIt Error : Line 9857 (File"j:\FRST64.exe")
Error: Error in expression
 
This is the result of the Fixlog that still came after :
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014 01
Ran by SYSTEM at 2014-12-22 14:48:29 Run:5
Running from j:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKLM\...\RunOnce: [Unattend0000000001{0E0DAAE4-476A-4746-A1AD-EDEDC88279FD}] => c:\MFG\WINCLEAN.EXE [323584 2011-11-16] ()
HKLM\...\RunOnce: [Unattend0000000002{30203D4D-6DAA-4F8C-8B4A-22C4D90686DF}] => C:\MFG\pwrcfg.bat [356 2011-11-16] ()
HKLM\...\RunOnce: [Unattend0000000003{D83A7536-D326-4A44-B6CC-E6D9497F8A0E}] => C:\MFG\pwrcfg.bat [356 2011-11-16] ()
HKLM\...\RunOnce: [Unattend0000000007{42322F4F-20E0-445F-BDE1-05E482E852B3}] => c:\DELL\clearevt.bat
HKLM-x32\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI]  <==== ATTENTION!
c:\MFG
c:\DELL\clearevt.bat
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Unattend0000000001{0E0DAAE4-476A-4746-A1AD-EDEDC88279FD} => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Unattend0000000002{30203D4D-6DAA-4F8C-8B4A-22C4D90686DF} => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Unattend0000000003{D83A7536-D326-4A44-B6CC-E6D9497F8A0E} => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Unattend0000000007{42322F4F-20E0-445F-BDE1-05E482E852B3} => Value not found.
HKLM\Software\WOW6432Node\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32\\Default => Value was restored successfully.
"c:\MFG" => File/Directory not found.
"c:\DELL\clearevt.bat" => File/Directory not found.
 
 
 
Video link removed
 
Thanks for your time, Gary ! 
Truly appreciate it :)

Edited by Oh My!, 22 December 2014 - 02:48 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:54 AM

Posted 22 December 2014 - 02:54 PM

Nice to meet you Kelvin.

The error message was a bug in the program that should have been resolved by now. Let me know if you get a similar error in the future.

Thanks for the link to the video. I removed the link after reviewing it.

Please do this.

===================================================

Last Known Good Configuration

--------------------
  • Reboot your computer
  • Gently tap the F8 key repeatedly until you are presented with a Windows Advanced Options menu
  • Select Last Known Good Configuration using the arrow keys
  • Press Enter on your keyboard and attempt to boot into Normal Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Are you able to boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 3kelvin9

3kelvin9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 23 December 2014 - 04:01 AM

Hi Gary,

My computer is still unable to boot.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:54 AM

Posted 23 December 2014 - 02:22 PM

Hi Kelvin,

The FRST report we were working off of is a bit dated so let's run the program again to get fresh results. Please post the log.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 3kelvin9

3kelvin9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 23 December 2014 - 04:08 PM

Hi Gary, here is the result of FRST64.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by SYSTEM on MININT-PKMSC7A on 24-12-2014 05:05:18
Running from j:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11777128 2011-02-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch Keyboard CI] => c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe [3438088 2009-05-28] (Alienware)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13256 2011-05-02] (Microsoft)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1658440 2011-03-12] (McAfee, Inc.)
HKLM\...\RunOnce: [Unattend0000000004{292A9E66-7522-429E-B975-3ABC26475020}] => C:\windows\system32\oem\SEULAS\SEULAS.exe [133632 2011-11-16] (Dell Computer Corporation)
HKLM\...\RunOnce: [Unattend0000000005{09E57F6C-08F8-451D-B84F-D6CB05A50D2D}] => C:\Program Files\AlienAutopsy\schdTasks.exe [52552 2011-03-23] (PC-Doctor, Inc.)
HKLM\...\RunOnce: [Unattend0000000006{17D64E01-DDE8-4B71-9643-932C6054B27F}] => c:\Program Files\Common files\McAfee\MSC\McUICnt.exe [678928 2011-02-07] (McAfee, Inc.)
HKU\Administrator\...\Run: [Steam] => c:\Program Files (x86)\Steam\Steam.exe [1217808 2009-09-14] (Valve Corporation)
 


#10 3kelvin9

3kelvin9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 23 December 2014 - 04:13 PM

Hi, sorry I didn't realise the log got cut halfway.

Here is the full log :

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by SYSTEM on MININT-PKMSC7A on 24-12-2014 05:09:50
Running from j:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11777128 2011-02-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch Keyboard CI] => c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe [3438088 2009-05-28] (Alienware)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13256 2011-05-02] (Microsoft)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1658440 2011-03-12] (McAfee, Inc.)
HKLM\...\RunOnce: [Unattend0000000004{292A9E66-7522-429E-B975-3ABC26475020}] => C:\windows\system32\oem\SEULAS\SEULAS.exe [133632 2011-11-16] (Dell Computer Corporation)
HKLM\...\RunOnce: [Unattend0000000005{09E57F6C-08F8-451D-B84F-D6CB05A50D2D}] => C:\Program Files\AlienAutopsy\schdTasks.exe [52552 2011-03-23] (PC-Doctor, Inc.)
HKLM\...\RunOnce: [Unattend0000000006{17D64E01-DDE8-4B71-9643-932C6054B27F}] => c:\Program Files\Common files\McAfee\MSC\McUICnt.exe [678928 2011-02-07] (McAfee, Inc.)
HKU\Administrator\...\Run: [Steam] => c:\Program Files (x86)\Steam\Steam.exe [1217808 2009-09-14] (Valve Corporation)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [501768 2011-03-17] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-03-13] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-15] (Windows ® Codename Longhorn DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 18:50 - 2014-12-24 05:09 - 00000000 ____D () C:\FRST
2014-12-08 17:41 - 2014-12-08 17:41 - 00000000 ____D () C:\Emergency
2014-12-08 17:27 - 2014-12-08 17:41 - 00000000 ____D () C:\Windows\SMINST
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-22 14:51 - 2009-07-14 12:51 - 00035926 _____ () C:\Windows\setupact.log
2014-12-08 17:43 - 2011-02-10 22:25 - 00000000 ____D () C:\Windows\panther
2014-12-08 17:42 - 2010-11-21 11:47 - 00005214 _____ () C:\Windows\PFRO.log
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-09-19 17:54:20
 
==================== Memory info =========================== 
 
Percentage of memory in use: 9%
Total physical RAM: 8173.6 MB
Available physical RAM: 7391.93 MB
Total Pagefile: 8171.8 MB
Available Pagefile: 7385.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.96 GB) (Free:879.29 GB) NTFS
Drive i: (RECOVERY) (Fixed) (Total:9.51 GB) (Free:2.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: () (Removable) (Total:1.94 GB) (Free:1.93 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 88145626)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 1.9 GB) (Disk ID: 6F20736B)
No partition Table on disk 5.
Disk 5 is a removable device.
 
 
LastRegBack: 2011-02-11 00:26
 
==================== End Of Log ============================


#11 3kelvin9

3kelvin9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 23 December 2014 - 04:13 PM

Hi, sorry I didn't realise the log got cut halfway.

Here is the full log :

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by SYSTEM on MININT-PKMSC7A on 24-12-2014 05:09:50
Running from j:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11777128 2011-02-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch Keyboard CI] => c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe [3438088 2009-05-28] (Alienware)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13256 2011-05-02] (Microsoft)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1658440 2011-03-12] (McAfee, Inc.)
HKLM\...\RunOnce: [Unattend0000000004{292A9E66-7522-429E-B975-3ABC26475020}] => C:\windows\system32\oem\SEULAS\SEULAS.exe [133632 2011-11-16] (Dell Computer Corporation)
HKLM\...\RunOnce: [Unattend0000000005{09E57F6C-08F8-451D-B84F-D6CB05A50D2D}] => C:\Program Files\AlienAutopsy\schdTasks.exe [52552 2011-03-23] (PC-Doctor, Inc.)
HKLM\...\RunOnce: [Unattend0000000006{17D64E01-DDE8-4B71-9643-932C6054B27F}] => c:\Program Files\Common files\McAfee\MSC\McUICnt.exe [678928 2011-02-07] (McAfee, Inc.)
HKU\Administrator\...\Run: [Steam] => c:\Program Files (x86)\Steam\Steam.exe [1217808 2009-09-14] (Valve Corporation)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [501768 2011-03-17] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-03-13] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-15] (Windows ® Codename Longhorn DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 18:50 - 2014-12-24 05:09 - 00000000 ____D () C:\FRST
2014-12-08 17:41 - 2014-12-08 17:41 - 00000000 ____D () C:\Emergency
2014-12-08 17:27 - 2014-12-08 17:41 - 00000000 ____D () C:\Windows\SMINST
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-22 14:51 - 2009-07-14 12:51 - 00035926 _____ () C:\Windows\setupact.log
2014-12-08 17:43 - 2011-02-10 22:25 - 00000000 ____D () C:\Windows\panther
2014-12-08 17:42 - 2010-11-21 11:47 - 00005214 _____ () C:\Windows\PFRO.log
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-09-19 17:54:20
 
==================== Memory info =========================== 
 
Percentage of memory in use: 9%
Total physical RAM: 8173.6 MB
Available physical RAM: 7391.93 MB
Total Pagefile: 8171.8 MB
Available Pagefile: 7385.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.96 GB) (Free:879.29 GB) NTFS
Drive i: (RECOVERY) (Fixed) (Total:9.51 GB) (Free:2.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: () (Removable) (Total:1.94 GB) (Free:1.93 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 88145626)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 1.9 GB) (Disk ID: 6F20736B)
No partition Table on disk 5.
Disk 5 is a removable device.
 
 
LastRegBack: 2011-02-11 00:26
 
==================== End Of Log ============================


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:54 AM

Posted 23 December 2014 - 05:12 PM

Thank you for running that again. Please do this.

===================================================

Running chkdsk /r from Recovery Environment in Windows 7

--------------------
  • Boot your computer into the Recovery Environment (tap F8)
  • Select Command Prompt
  • Type c: and Enter
  • Type chkdsk /r and Enter
  • If you receive a message about unmounting the volume check Yes
  • If the program doesn't start automatically repeat the chkdsk /r command
  • Once the process is finished please write down any information provided on the screen
  • Attempt to reboot your computer into Normal Mode.
  • If you receive a Blue Screen of Death (BSOD) please provide that information in your post.
Note: This process may take awhile to complete. You may also notice the progress bar jumping back and forth. This is normal. Please be patient.

===================================================

Things I would like to see in your next reply. :thumbsup2:
  • chkdsk results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 3kelvin9

3kelvin9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 24 December 2014 - 01:29 PM

Hi Gary, I ran chkdsk as you requested.

The PC is still unable to boot.

 

 

After running the chkdsk, the last sentence was

 

Unable to obtain a handle to the event log.

 

 

But basically before that there was no issue, it seemed. Do I run it again?



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:54 AM

Posted 24 December 2014 - 01:43 PM

No need to worry about that last sentence. Did you ever try to boot into Safe Mode?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 3kelvin9

3kelvin9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 25 December 2014 - 02:38 AM

Hi Gary,

I cant boot into safe mode .

An error shows up, saying Windows cannot complete installation , and something about first time use.

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users