Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Acer Aspire one Netbook will not complete start-up


  • Please log in to reply
44 replies to this topic

#1 Blackstar57

Blackstar57

  • Members
  • 273 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:37 AM

Posted 31 May 2015 - 09:22 AM

I have an Acer Aspire One netbook here. Friend's computer. Windows will load to, I believe, windows 8 home screen. Click enter and password log-in screen appears. Enter password and spinning cursor appears on black screen. Then standard cursor appears in black screen. That's it. Ctrl-Alt-Del will slowly bring up task manager option and when I click Task Manager I get spinning cursor for several minutes then a popup saying it can't load, or something like that. Sorry I should be writing all this down as I go through it.

 

Removed the hard drive and put it in a USB mount to access it with my computer. It shows up but just shows Acer (G) NTFS. Double click and it says "drive not accessible- access is denied".

 

Ran a check disk and it ran as far as 358501 index entries processed and won't go any further.

 

Is there anything else I can try with this computer? I'm running out of ideas.

 

Thanks for any advice... :)

 

Glenn



BC AdBot (Login to Remove)

 


#2 Blackstar57

Blackstar57
  • Topic Starter

  • Members
  • 273 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:37 AM

Posted 31 May 2015 - 09:27 AM

Added note. Tried to start netbook in safe mode, thinking this might be malware or virus related but can't find safe mode. Power off holding power button down and it just starts up to home screen again. Pressing or holding F8 does nothing.



#3 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:37 AM

Posted 31 May 2015 - 07:58 PM

Yeah, that's Windows 8 for you. :(

 

Have you ever been able to get to this screen?

 

650x274ximage31.png.pagespeed.ic.zHte_Eo

 

This guide kind of explains how you can trick the OS into getting there : http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/

Start at "If You Can’t Boot to the Login Screen"

If you do manage to get to the above screen, choose "See advanced repair options" and then work your way to the "Command Prompt".

If you can get this far, you can run a tool like Farbar Recovery Scan tool (FRST) to at least get a diagnostic log for us to review to see if there are any insights of what is causing the boot issue.

Here are the instructions on how to use FRST...

 

Step 1

rufus-128.png + FRST.gif Scan with FRST from the Recovery Environment

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply.


#4 Blackstar57

Blackstar57
  • Topic Starter

  • Members
  • 273 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:37 AM

Posted 01 June 2015 - 06:05 PM

Hi Thisisu... This computer is being very difficult. To start... it's an Acer One Netbook running win 8.1. I cannot get it to start in safe mode. I can get to the advanced options in Automatic repair. Choose an option... trouble shoot... then advanced options. In here, System restore cannot find any restore points, System image recovery- I don't have a disk image. Start-up repair just wants to reboot back to square one. Command Prompt is available. Start-up settings... restart to Windows options... which includes Safe Mode, debug mode, disable driver sig enforcement, etc.

 

When it restarts after this reboot I click #4 for safe mode and it just reboots back into automatic repair. Then back to square one. Can I try this FRST program with the command prompt in the trouble shoot path?

 

Thanks for your help.

 

Glenn



#5 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:37 AM

Posted 01 June 2015 - 06:16 PM

Can I try this FRST program with the command prompt in the trouble shoot path?

 

Not sure what you mean by "trouble shoot path", but yes, FRST can be run from that command prompt. Read my post for instructions on how to do it.



#6 Blackstar57

Blackstar57
  • Topic Starter

  • Members
  • 273 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:37 AM

Posted 01 June 2015 - 06:17 PM

That worked... :)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by SYSTEM on MININT-1ME7NDU on 01-06-2015 20:08:37
Running from d:\
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-07-18] (Alcor Micro Corp.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-03] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-13] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-13] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Startup: C:\Users\Colleen McCulloch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2013-11-08]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe [143488 2013-11-11] ()
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-19] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It) <==== ATTENTION
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-22] (NTI Corporation)
S2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-22] (Dritek System INC.)
S2 vToolbarUpdater18.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-13] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-16] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-24] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-03] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-06-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-22] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2014-11-03] (AVG Technologies CZ, s.r.o.)
S3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-22] (Dritek System Inc.)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 20:08 - 2015-06-01 20:08 - 00000000 ____D () C:\FRST
2015-05-31 16:13 - 2015-05-31 16:13 - 00000000 ___HD () C:\$SysReset
2015-05-31 15:42 - 2015-05-31 15:42 - 00000000 _____ () C:\Recovery.txt
2015-05-31 14:47 - 2015-05-31 14:47 - 00000000 __SHD () C:\found.000
2015-05-12 23:35 - 2015-04-30 12:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:35 - 2015-04-30 12:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:06 - 2015-04-09 16:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2015-05-12 19:06 - 2015-04-09 16:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-12 19:06 - 2015-03-17 09:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2015-05-12 19:06 - 2015-03-08 18:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\bthhfenum.sys
2015-05-12 19:04 - 2015-04-30 15:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-05-12 19:04 - 2015-04-30 14:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 19:04 - 2015-04-24 13:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\UtcResources.dll
2015-05-12 19:04 - 2015-04-21 09:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-05-12 19:04 - 2015-04-21 08:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-05-12 19:04 - 2015-04-21 08:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-05-12 19:04 - 2015-04-21 08:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-05-12 19:04 - 2015-04-21 08:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-05-12 19:04 - 2015-04-21 08:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-05-12 19:04 - 2015-04-21 08:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-05-12 19:04 - 2015-04-21 08:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 19:04 - 2015-04-21 08:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2015-05-12 19:04 - 2015-04-21 08:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 19:04 - 2015-04-21 08:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 19:04 - 2015-04-21 08:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-05-12 19:04 - 2015-04-21 08:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2015-05-12 19:04 - 2015-04-21 08:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-05-12 19:04 - 2015-04-21 08:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 19:04 - 2015-04-21 07:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2015-05-12 19:04 - 2015-04-21 07:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 19:04 - 2015-04-21 07:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2015-05-12 19:04 - 2015-04-21 07:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-05-12 19:04 - 2015-04-21 07:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-05-12 19:04 - 2015-04-21 07:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-05-12 19:04 - 2015-04-21 07:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-05-12 19:04 - 2015-04-21 07:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-05-12 19:04 - 2015-04-21 07:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 19:04 - 2015-04-21 07:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 19:04 - 2015-04-21 07:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 19:04 - 2015-04-21 07:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 19:04 - 2015-04-21 07:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 19:04 - 2015-04-21 07:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 19:04 - 2015-04-21 07:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-05-12 19:04 - 2015-04-21 07:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 19:04 - 2015-04-21 07:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 19:04 - 2015-04-21 07:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 19:04 - 2015-04-21 07:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 19:04 - 2015-04-21 07:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-05-12 19:04 - 2015-04-21 07:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-05-12 19:04 - 2015-04-21 07:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 19:04 - 2015-04-21 06:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 19:04 - 2015-04-21 06:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 19:04 - 2015-04-01 14:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-12 19:04 - 2015-04-01 14:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\System32\dbgeng.dll
2015-05-12 19:04 - 2015-03-31 19:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\System32\dbghelp.dll
2015-05-12 19:04 - 2015-03-31 18:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-12 19:04 - 2015-03-29 21:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-05-12 19:04 - 2015-03-26 19:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2015-05-12 19:04 - 2015-03-26 18:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 19:04 - 2015-03-26 18:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-05-12 19:04 - 2015-03-19 17:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys
2015-05-12 19:04 - 2015-03-12 17:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\System32\SRH.dll
2015-05-12 19:04 - 2015-03-12 16:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-12 19:04 - 2015-03-12 16:29 - 00410017 _____ () C:\Windows\System32\ApnDatabase.xml
2015-05-12 19:04 - 2015-03-04 15:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2015-05-12 19:04 - 2015-03-03 17:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Input.Inking.dll
2015-05-12 19:04 - 2015-03-03 17:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 19:04 - 2015-01-29 16:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers.dll
2015-05-12 19:04 - 2014-11-13 22:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettingsDatabase.dll
2015-05-12 19:03 - 2015-04-13 14:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-05-12 19:03 - 2015-04-09 17:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-05-12 19:03 - 2015-04-09 16:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-05-12 19:03 - 2015-04-09 16:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 19:03 - 2015-04-08 14:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\System32\services.exe
2015-05-12 19:03 - 2015-04-02 16:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2015-05-12 19:03 - 2015-04-02 16:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 19:03 - 2015-03-12 20:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2015-05-12 19:03 - 2015-03-12 20:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2015-05-12 19:03 - 2015-03-12 18:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys
2015-05-12 19:03 - 2015-03-10 17:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\sdbinst.exe
2015-05-12 19:03 - 2015-03-10 17:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 19:03 - 2015-03-05 19:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\System32\wpdshext.dll
2015-05-12 19:03 - 2015-03-05 18:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\System32\wevtsvc.dll
2015-05-12 19:03 - 2015-03-05 18:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 19:03 - 2015-02-17 15:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\System32\dpapisrv.dll
2015-05-06 09:16 - 2015-05-13 18:56 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 12:41 - 2014-01-17 13:36 - 00000000 ____D () C:\users\Colleen McCulloch
2015-05-31 11:30 - 2013-03-14 06:48 - 213360278 _____ () C:\Windows\MEMORY.DMP
2015-05-31 05:13 - 2013-03-11 07:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 05:03 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru
2015-05-31 04:54 - 2013-04-26 17:09 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 04:38 - 2013-11-13 23:28 - 00863592 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-05-31 04:35 - 2013-08-22 06:46 - 00306787 _____ () C:\Windows\setupact.log
2015-05-31 04:21 - 2013-03-11 07:34 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-31 04:20 - 2013-04-26 17:09 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 04:15 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 14:27 - 2014-01-17 14:03 - 01377093 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 14:20 - 2014-01-27 04:56 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1EB14C1-9A22-4297-B4F1-70271E3D428E}
2015-05-23 14:19 - 2014-02-17 16:14 - 00000000 __RDO () C:\Users\Colleen McCulloch\SkyDrive
2015-05-23 14:14 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2015-05-22 09:24 - 2013-03-11 03:09 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-39372486-3391042610-3332453862-1001
2015-05-20 10:15 - 2012-07-25 23:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-20 10:13 - 2015-04-04 00:50 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 10:13 - 2015-04-04 00:50 - 00000000 ___SD () C:\Windows\System32\GWX
2015-05-20 09:59 - 2013-11-13 09:52 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-20 01:58 - 2013-08-22 05:25 - 00524288 ___SH () C:\Windows\System32\config\BBI
2015-05-17 10:54 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-15 11:25 - 2013-11-13 23:20 - 00016314 _____ () C:\Windows\PFRO.log
2015-05-14 23:45 - 2013-04-26 17:09 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-14 23:45 - 2013-04-26 17:09 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 23:03 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2015-05-13 18:56 - 2014-04-28 10:26 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2015-05-13 11:54 - 2013-08-22 06:44 - 00348872 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-05-13 11:54 - 2013-03-16 16:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 11:54 - 2013-03-16 16:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 09:09 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-13 09:09 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\System32\AdvancedInstallers
2015-05-12 23:30 - 2013-08-19 05:04 - 00000000 ____D () C:\Windows\System32\MRT
2015-05-12 23:14 - 2013-03-15 04:10 - 140425016 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-05-12 22:50 - 2013-11-13 23:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-05 09:59 - 2014-08-25 13:24 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 09:59 - 2014-08-25 13:24 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some files in TEMP:
====================
C:\Users\Colleen McCulloch\AppData\Local\Temp\RSPUpgradeInstaller.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2015-03-11 16:38] - [2014-10-28 17:22] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437

C:\Windows\System32\wininit.exe
[2015-03-11 16:38] - [2014-10-28 17:25] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380

C:\Windows\explorer.exe
[2015-03-10 11:43] - [2015-01-27 15:47] - 2501368 ____A (Microsoft Corporation) C10A66189DC8C090E7C84873EDCEBC88

C:\Windows\SysWOW64\explorer.exe
[2015-03-10 11:43] - [2015-01-27 15:41] - 2207488 ____A (Microsoft Corporation) 91E24273FCA076EA9E65DAFA98901225

C:\Windows\System32\svchost.exe
[2015-03-11 16:34] - [2014-10-28 20:11] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47

C:\Windows\SysWOW64\svchost.exe
[2015-03-11 17:05] - [2014-10-28 19:17] - 0033088 ____A (Microsoft Corporation) D0ABC231C0B3E88C6B612B28ABBF734D

C:\Windows\System32\services.exe
[2015-05-12 19:03] - [2015-04-08 14:55] - 0410128 ____A (Microsoft Corporation) E0C7813A97CA7947FF5C18A8F3B61A45

C:\Windows\System32\User32.dll
[2015-03-11 16:36] - [2014-10-28 20:00] - 1540696 ____A (Microsoft Corporation) 25026E350BC3BE37631634EC72B10BD5

C:\Windows\SysWOW64\User32.dll
[2015-03-11 16:57] - [2014-10-28 17:04] - 1376256 ____A (Microsoft Corporation) 76C5CF09F53A3B089B5581B9938F8CAE

C:\Windows\System32\userinit.exe
[2015-03-11 16:36] - [2014-10-28 17:28] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F

C:\Windows\SysWOW64\userinit.exe
[2015-03-11 17:06] - [2014-10-28 17:05] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0

C:\Windows\System32\rpcss.dll
[2015-03-11 16:23] - [2014-10-28 17:19] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 1738.25 MB
Available physical RAM: 1102.02 MB
Total Pagefile: 1738.25 MB
Available Pagefile: 1110.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:282.94 GB) (Free:213.42 GB) NTFS
Drive d: (Thumb.1) (Removable) (Total:1.89 GB) (Free:0.8 GB) NTFS
Drive f: () (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 34FC1C51)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 0217934C)
Partition 1: (Active) - (Size=1.9 GB) - (Type=07 NTFS)

LastRegBack: 2015-05-29 15:05

==================== End of log ============================



#7 Blackstar57

Blackstar57
  • Topic Starter

  • Members
  • 273 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:37 AM

Posted 01 June 2015 - 06:22 PM

 

Can I try this FRST program with the command prompt in the trouble shoot path?

 

Not sure what you mean by "trouble shoot path", but yes, FRST can be run from that command prompt. Read my post for instructions on how to do it.

 

When I clicked on the automatic repair I have 3 options:

Continue (exit and continue to win 8.1)

Trouble shoot (refresh or reset your PC)

Turn off your PC

 

The Trouble shoot options takes me to the next page with 3 options:

Refresh

Reset

Advanced Options

 

Advanced takes me to 5 options

 

System restore

System image recovery

Startup repair

Command Prompt

Startup settings



#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:37 AM

Posted 01 June 2015 - 06:32 PM

Hi,

 

Can you go back into the Command Prompt and enter in this command: bcdedit /set {default} bootmenupolicy legacy

 

Once you enter the above text, your command prompt should look like:

 

enable-f8-command-prompt.jpg

 

Once the command has been enter as shown above, press the Enter key on your keyboard. If you entered the command correctly, Windows will report that the "The operation completed successfully.". You now need to restart your computer for the change to go into effect. With this settings configured, you can now press F8 while Windows 8 starts in order to access Safe Mode and other Advanced Boot options.



#9 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:37 AM

Posted 01 June 2015 - 06:37 PM

If you're able to get into Safe Mode. I would recommend uninstalling AVG. Their removal tool can be found here: http://download.avg.com/filedir/util/support/avg_remover_stf_x64_2015_5501.exe



#10 Blackstar57

Blackstar57
  • Topic Starter

  • Members
  • 273 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:37 AM

Posted 01 June 2015 - 06:47 PM

Doing the same thing. Says computer needs to restart. Then goes into auto repair



#11 Blackstar57

Blackstar57
  • Topic Starter

  • Members
  • 273 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:37 AM

Posted 01 June 2015 - 06:50 PM

Ok, I went back to the option list I mentioned before, clicked startup settings to allow safe mode and it rebooted into the safe mode option window :)

 

Waiting for the boot to complete



#12 Blackstar57

Blackstar57
  • Topic Starter

  • Members
  • 273 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:37 AM

Posted 01 June 2015 - 06:51 PM

nope. Says windows ran into a problem and needs to reboot. Now back to preparing auto repair



#13 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:37 AM

Posted 01 June 2015 - 06:59 PM

Going to try to manually remove some startup entries. 

 

Step 1

frst.pngfrstfixre.png

Please download the fixlist (attached) to your flash drive and save it in the same directory as FRST64.exe.
Start FRST again (like for the scan above) and press this time the FIX Button.
FRST will generate a file: Fixlog.txt . Please attach it to your next reply and try to boot normally.

Attached Files



#14 Blackstar57

Blackstar57
  • Topic Starter

  • Members
  • 273 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:10:37 AM

Posted 01 June 2015 - 07:13 PM

Tried a normal reboot. Same thing... Windows has run into a problem and needs to reboot.... Fixlist log follows...

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by SYSTEM at 2015-06-01 21:07:57 Run:1
Running from f:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-03] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [LManager] => [X]
C:\Program Files (x86)\AVG
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-13] ()
C:\Program Files (x86)\AVG SafeGuard toolbar
Startup: C:\Users\Colleen McCulloch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2013-11-08]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
S2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe [143488 2013-11-11] ()
C:\Program Files (x86)\Optimizer Pro
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-19] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
C:\Program Files (x86)\MyPC Backup
S2 vToolbarUpdater18.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-13] (AVG Secure Search)
C:\Program Files (x86)\Common Files\AVG Secure Search
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-24] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-03] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-06-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-22] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2014-11-03] (AVG Technologies CZ, s.r.o.)
C:\Windows\System32\DRIVERS\avgboota.sys
C:\Windows\System32\DRIVERS\avgidsdrivera.sys
C:\Windows\System32\DRIVERS\avgidsha.sys
C:\Windows\System32\DRIVERS\avgldx64.sys
C:\Windows\System32\DRIVERS\avgloga.sys
C:\Windows\System32\DRIVERS\avgmfx64.sys
C:\Windows\System32\DRIVERS\avgrkx64.sys
C:\Windows\system32\DRIVERS\avgwfpa.sys
2015-05-13 18:56 - 2014-04-28 10:26 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-07-18] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-13] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
cmd: bcdedit /set {default} bootmenupolicy legacy
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value Removed successfully
C:\Program Files (x86)\AVG => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value Removed successfully
C:\Program Files (x86)\AVG SafeGuard toolbar => Moved successfully.
C:\Users\Colleen McCulloch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe => Moved successfully.
70e6ca8c => Service Removed successfully
C:\Program Files (x86)\Optimizer Pro => Moved successfully.
AVGIDSAgent => Service Removed successfully
avgwd => Service Removed successfully
BackupStack => Service Removed successfully
C:\Program Files (x86)\MyPC Backup => Moved successfully.
vToolbarUpdater18.5.0 => Service Removed successfully
C:\Program Files (x86)\Common Files\AVG Secure Search => Moved successfully.
Avgboota => Service Removed successfully
AVGIDSDriver => Service Removed successfully
AVGIDSHA => Service Removed successfully
Avgldx64 => Service Removed successfully
Avgloga => Service Removed successfully
Avgmfx64 => Service Removed successfully
Avgrkx64 => Service Removed successfully
Avgwfpa => Service Removed successfully
C:\Windows\System32\DRIVERS\avgboota.sys => Moved successfully.
C:\Windows\System32\DRIVERS\avgidsdrivera.sys => Moved successfully.
C:\Windows\System32\DRIVERS\avgidsha.sys => Moved successfully.
C:\Windows\System32\DRIVERS\avgldx64.sys => Moved successfully.
C:\Windows\System32\DRIVERS\avgloga.sys => Moved successfully.
C:\Windows\System32\DRIVERS\avgmfx64.sys => Moved successfully.
C:\Windows\System32\DRIVERS\avgrkx64.sys => Moved successfully.
C:\Windows\system32\DRIVERS\avgwfpa.sys => Moved successfully.
C:\Program Files\AVG SafeGuard toolbar => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AmIcoSinglun64 => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\APSDaemon => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\StartCCC => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value Removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDVCPL => value Removed successfully

=========  bcdedit /set {default} bootmenupolicy legacy =========

The operation completed successfully.

========= End of CMD: =========

==== End of Fixlog 21:08:27 ====



#15 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:37 AM

Posted 01 June 2015 - 07:27 PM

Says windows ran into a problem and needs to reboot

 

When and from where does it say this? Elaborate as much as possible. It's not a message like this is it?

 

tXIyLRD.png

 

Once again, elaborate :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users