Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble booting in Win 7 (FRST log posted)


  • Please log in to reply
4 replies to this topic

#1 elmoV

elmoV

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 21 January 2016 - 02:33 AM

Hello,

 

I am not a computer novice, but I'm having trouble with bootup on Windows 7.

 

  • Safe mode doesn't work.
  • I tried to do a System Restore to previous restore points, but all 3 available restore points failed.
  • Because of the above, sfc /scannow doesn't run either, saying there are some restore pending and to reboot. Rebooting still does not allow me to run sfc /scannow.
  • I have run chkdsk and the Windows Memory Diagnostic tool; it fixed 1 error.
  • I have run Startup Repair repeatedly.
  • I tried to use FRST logs to naively repair, to no avail. The FRST logs are below.

 

Please help.

 

Thank you, kindly!


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by SYSTEM on MININT-5JP5PQI (21-01-2016 00:00:16)
Running from H:\
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]


Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112 2012-07-25] (Intel® Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [456704 2015-12-07] (Code 42 Software, Inc.)
HKLM\...\Run: [BoxSyncHelper] => C:\Program Files\Box Sync\BoxSyncHelper.exe [393216 2012-12-19] (Box, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-07-22] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2015-03-16] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
IFEO\taskmgr.exe: [Debugger] "D:\PROCEXP.EXE"
SSODL: EldosMountNotificator-cbfs4 - {824AA30C-ED01-4C6A-9288-E37FB039C3D7} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {824AA30C-ED01-4C6A-9288-E37FB039C3D7} -  No File
GroupPolicyScripts: Restriction <======= ATTENTION


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
S2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2011-03-16] (CrashPlan)
S2 Granola PM Manager; C:\Program Files (x86)\MiserWare\Granola Personal\GranolaManager.exe [444656 2012-08-31] ()
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [944424 2014-01-14] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-01-14] ()
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2014-01-14] ()
S3 memcached; C:\memcached1.4\memcached.exe [507640 2009-12-16] ()
S3 memcached Server; c:\memcached\memcached.exe [86016 2008-09-24] (Danga Interactive, Inc.)
S3 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation)
S3 MSSQL$SQLEXPRESS2012; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS2012\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S3 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
S4 postgresql-x64-9.4; C:\Program Files\PostgreSQL\9.4\bin\pg_ctl.exe [91648 2015-03-24] (PostgreSQL Global Development Group)
S3 PsShutdownSvc; C:\Windows\PSSDNSVC.EXE [87616 2012-06-04] (Systems Internals)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS2012; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS2012\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation)
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [16664 2013-11-25] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [X]


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [385728 2013-03-01] (EldoS Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [56320 2011-04-08] (Fresco Logic)
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-01-14] (AnchorFree Inc.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S4 LMIRfsClientNP; no ImagePath
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-14] (Anchorfree Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2012-07-06] (Scott)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-07-22] (Cisco Systems, Inc.)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-01-21 00:00 - 2016-01-21 00:00 - 00000000 ____D C:\FRST
2016-01-20 22:34 - 2016-01-20 22:34 - 00000000 __SHD C:\found.001


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-01-20 23:29 - 2012-01-11 19:09 - 00000000 ____D C:\Program Files\CrashPlan
2016-01-20 23:29 - 2011-12-21 22:12 - 00000000 ____D C:\Windows\System32\Macromed
2016-01-20 23:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-01-20 23:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-20 23:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2016-01-20 23:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2016-01-20 23:28 - 2011-12-24 01:25 - 00000000 __RHD C:\MSOCache
2016-01-20 21:30 - 2011-12-31 03:13 - 00833450 _____ C:\Windows\ntbtlog.txt
2015-12-28 10:35 - 2009-07-13 20:45 - 00016640 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-28 10:35 - 2009-07-13 20:45 - 00016640 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-28 09:59 - 2015-06-30 18:18 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2242510786-1740350984-2242133940-1005UA.job
2015-12-28 09:59 - 2015-06-30 18:18 - 00000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2242510786-1740350984-2242133940-1005Core.job
2015-12-28 09:57 - 2012-06-17 12:18 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2242510786-1740350984-2242133940-1004UA.job
2015-12-28 09:37 - 2014-12-11 16:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-27 17:57 - 2012-06-17 12:18 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2242510786-1740350984-2242133940-1004Core.job


==================== Known DLLs (Whitelisted) =========================




==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


==================== EXE Association (Whitelisted) =============




==================== Restore Points =========================


Restore point date: 2016-01-05 10:22
Restore point date: 2016-01-13 18:27
Restore point date: 2016-01-18 10:57
Restore point date: 2016-01-18 11:26
Restore point date: 2016-01-20 11:31


==================== Memory info =========================== 


Percentage of memory in use: 10%
Total physical RAM: 8102.76 MB
Available physical RAM: 7231.83 MB
Total Virtual: 8100.96 MB
Available Virtual: 7226.81 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:97.56 GB) (Free:23.05 GB) NTFS
Drive e: (Programs) (Fixed) (Total:600.98 GB) (Free:475.2 GB) NTFS
Drive g: (Columbia) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive h: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AA9693FE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=601 GB) - (Type=07 NTFS)


========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)


Partition: GPT.




LastRegBack: 2016-01-19 08:53


==================== End of FRST.txt ============================

 
I ran the following in a naive attempt to fix it myself. It did not work.

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by SYSTEM (2016-01-21 00:33:27) Run:1
Running from H:\
Boot Mode: Recovery
==============================================


fixlist content:
*****************
start
GroupPolicyScripts: Restriction <======= ATTENTION
SSODL-x32: EldosMountNotificator-cbfs4 - {824AA30C-ED01-4C6A-9288-E37FB039C3D7} -  No File
S4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
End

*****************
C:\Windows\System32\GroupPolicy\Machine => moved successfully C:\Windows\System32\GroupPolicy\GPT.ini => moved successfullyHKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\EldosMountNotificator-cbfs4 => value removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{824AA30C-ED01-4C6A-9288-E37FB039C3D7} => key not found. 
LMIGuardianSvc => service removed successfully
LMIInfo => service removed successfully
VBoxNetFlt => service removed successfully
VGPU => service removed successfully

==== End of Fixlog 00:33:27 ====

 



BC AdBot (Login to Remove)

 


#2 elmoV

elmoV
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 21 January 2016 - 02:48 AM

Update: I enabled boot logging and the last driver it stops at is:

Loaded driver \SystemRoot\system32\drivers\luafv.sys


#3 elmoV

elmoV
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 21 January 2016 - 03:28 AM

Update: I was able to get sfc /scannow to run by deleting X:\Windows\winsxs\pending.xml.

 

sfc /scannow ran successfully, saying it did not find any integrity violations.


Edited by elmoV, 21 January 2016 - 03:30 AM.


#4 elmoV

elmoV
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 21 January 2016 - 02:06 PM

Update: RESOLVED.

 

After fiddling and trying the same things over and over (chckdsk, trying to start, praying), it finally worked.

 

I did not do anything fancy other than all the things I've already noted. It BSOD'd while it'd been running for a while prior to this bootup trouble.


Edited by elmoV, 21 January 2016 - 02:07 PM.


#5 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:57 PM

Posted 28 January 2016 - 03:36 PM

Hi elmoV,


Sorry for the late reply. Thanks a lot for letting us know about the solution. I am sure it will help the future visitors. In case you are still facing problems, please let me know :)


-Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users