Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 failed to load.


  • This topic is locked This topic is locked
44 replies to this topic

#1 Eriot

Eriot

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poole
  • Local time:10:41 PM

Posted 02 December 2016 - 06:05 AM

Hi. I have similar problem as this user. https://www.bleepingcomputer.com/forums/t/448339/windows-failed-to-start-system-repair-cant-discover-problem/

But my log looks slightly different than his.

The Windows Repair Problem Signature
Problem Event Name: Startup Repair Offline
Problem Signature 1: 6.1.7600.16385
Problem Signature 2: 6.1.7600.16385
Problem Signature 3: Unknown
Problem Signature 4: 21198665
Problem Signature 5: AutoFailover
Problem Signature 6: 26
Problem Signature 7: CorruptFile
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

I was trying to use farbar64 tool. But it failed to fix problem.

Day before i used Malwarebytes to check system. And i found few infections which were removed successfuly. I won't be surprised if this is a reason why PC suddenly stopped working.

Any help and suggestions welcome. Last thing i want to do is setting up system again.

Greetings

Greg

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,451 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:41 PM

Posted 02 December 2016 - 10:19 AM

Hi, Eriot. :)

 

Please run FRST64 and post its report.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 RolandJS

RolandJS

  • Members
  • 4,517 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:05:41 PM

Posted 02 December 2016 - 10:24 AM

Two of the best techs in here will often ask thread starter to download and run MiniToolBox and Piriform's Speccy.  If you do, keep the logs, don't copy 'em into here.  The BC team will tell you how and what to copyNpaste into this thread.


Edited by RolandJS, 02 December 2016 - 11:38 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#4 Eriot

Eriot
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poole
  • Local time:10:41 PM

Posted 02 December 2016 - 10:36 AM

I will do in a second. Do you want test only result or fix report as well??

#5 JinXiang91

JinXiang91

  • Members
  • 97 posts
  • OFFLINE
  •  

Posted 02 December 2016 - 10:43 AM

I will do in a second. Do you want test only result or fix report as well??

Hi,

Please run Mini-Toolbox (Link: http://www.bleepingcomputer.com/download/minitoolbox/) and attach the report here. (In safe mode if you can't startup your PC normally)
 
Kindly check for the following:
 
- List last 10 Event Viewer Errors
- List Installed Programs
- List all
- List Minidump Files.
 
And also please run sfc /scannow in CMD with administrator rights.
 
Thanks.


#6 Eriot

Eriot
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poole
  • Local time:10:41 PM

Posted 02 December 2016 - 10:52 AM

Hi, Eriot. :)
 
Please run FRST64 and post its report.


Test result

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016
Ran by SYSTEM on MININT-5PDB3TB (02-12-2016 15:38:19)
Running from E:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7144960 2008-12-31] (Broadcom Corporation)
HKLM\...\Run: [ba4c12bee3027d94da5c81db2d196bfd] => "C:\Users\Eriot\AppData\Local\Temp\svchost.exe" .. <===== ATTENTION
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2011-10-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [GPU TweakIt Server Execute] => C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe [1355936 2012-05-24] ()
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.139.290\AsusWSPanel.exe [740704 2012-03-15] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS OCKeyPlus] => C:\Program Files (x86)\ASUS\ASUS OC Key Plus\OCKeyPlus.exe [1823392 2010-07-01] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S2 ASDiskUnlocker; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe [262816 2012-06-18] (ASUSTeK Computer Inc.)
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2012-05-18] (ASUSTeK Computer Inc.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5834752 2008-12-31] (Broadcom Corporation)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S3 ASFLTDrv.sys; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-02] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-20] (Broadcom Corporation.)
S0 dtmdpk; C:\Windows\System32\drivers\qgwu.sys [79064 2016-11-28] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-28] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-10-18] (Duplex Secure Ltd.)
S1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [133064 2016-05-27] (BigNox Corporation)
S1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [42656 2012-06-01] (ASUSTeK Computer Inc.)
S1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [281544 2016-05-27] (BigNox Corporation)
S1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [281544 2016-05-27] (BigNox Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-02 09:42 - 2016-12-02 09:42 - 00000098 _____ C:\aaa.txt
2016-12-01 18:26 - 2016-12-02 15:38 - 00000000 ____D C:\FRST
2016-11-28 17:59 - 2016-11-28 17:59 - 00119315 _____ C:\Users\Eriot\Downloads\2c61eb5f4be87925101dd266999cb699.jpeg
2016-11-28 17:59 - 2016-11-28 17:59 - 00099550 _____ C:\Users\Eriot\Downloads\32b751aff35c2b1c9f0b9ecf3fe5d3a4.jpeg
2016-11-28 17:58 - 2016-11-28 17:58 - 00097115 _____ C:\Users\Eriot\Downloads\5429d79774d8d0862190c76a6137ef63.jpeg
2016-11-28 17:58 - 2016-11-28 17:58 - 00089062 _____ C:\Users\Eriot\Downloads\2d752d3fed2b813c403d0605cab659a3.jpeg
2016-11-28 17:58 - 2016-11-28 17:58 - 00075784 _____ C:\Users\Eriot\Downloads\bffd6fa2a19ef4db66de3017f06482b4.jpeg
2016-11-28 17:58 - 2016-11-28 17:58 - 00069625 _____ C:\Users\Eriot\Downloads\8aef7b4e080dfa9f9526397ee7651798.jpeg
2016-11-28 11:01 - 2016-11-28 11:01 - 00105194 _____ C:\Users\Eriot\Downloads\fb2f8532f66e1873167ceb480c69ce8b.jpeg
2016-11-28 11:01 - 2016-11-28 11:01 - 00088797 _____ C:\Users\Eriot\Downloads\b7e8be0813aee2f49ebf42a5c5b665fc.jpeg
2016-11-28 11:01 - 2016-11-28 11:01 - 00083257 _____ C:\Users\Eriot\Downloads\f362537108b2f199b3903bdf7b7345ec.jpeg
2016-11-28 11:01 - 2016-11-28 11:01 - 00077594 _____ C:\Users\Eriot\Downloads\152efd352a2352df5c38373449dddaa9.jpeg
2016-11-28 11:01 - 2016-11-28 11:01 - 00064946 _____ C:\Users\Eriot\Downloads\31144d48f74c50643b871f9a7355fc91.jpeg
2016-11-28 11:00 - 2016-11-28 11:00 - 00088908 _____ C:\Users\Eriot\Downloads\705ba509c3a7f474549dd7c59f5b8317.jpeg
2016-11-28 11:00 - 2016-11-28 11:00 - 00080312 _____ C:\Users\Eriot\Downloads\f235986d9b2c6ba3a42c801f3ec36253.jpeg
2016-11-28 11:00 - 2016-11-28 11:00 - 00058039 _____ C:\Users\Eriot\Downloads\b8e90ea0efe6e8b79ff33c36445814dc.jpeg
2016-11-28 10:00 - 2016-11-28 10:00 - 00262144 _____ C:\Windows\Minidump\112816-11263-01.dmp
2016-11-28 09:59 - 2016-11-28 09:59 - 00079064 _____ C:\Windows\System32\Drivers\qgwu.sys
2016-11-28 09:50 - 2016-11-28 17:45 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-11-28 09:49 - 2016-11-28 09:49 - 22851472 _____ (Malwarebytes ) C:\Users\Eriot\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-28 09:49 - 2016-11-28 09:49 - 00001112 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-28 09:49 - 2016-11-28 09:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-28 09:49 - 2016-11-28 09:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-28 09:49 - 2016-03-10 06:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2016-11-28 09:49 - 2016-03-10 06:08 - 00140672 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2016-11-28 09:49 - 2016-03-10 06:08 - 00027008 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2016-11-28 04:37 - 2016-11-28 04:37 - 57914769 _____ C:\Users\Eriot\Downloads\ULTIMATE Twitch Fails Compilation 2016 #92.mp4
2016-11-28 04:31 - 2016-11-28 04:31 - 00042820 _____ C:\Users\Eriot\Downloads\BsIjsmqCAAA72oq.jpg-large1.jpeg
2016-11-28 04:26 - 2016-11-28 04:26 - 28010877 _____ C:\Users\Eriot\Downloads\Probably the Worst Live Poker Commentators Ever.mp4
2016-11-28 04:26 - 2016-11-28 04:26 - 06291064 _____ (SaveFrom.net ) C:\Users\Eriot\Downloads\SFHelper-Setup-[73afc83146036b1b#308#] (1).exe
2016-11-28 04:25 - 2016-11-28 04:25 - 06291064 _____ (SaveFrom.net ) C:\Users\Eriot\Downloads\SFHelper-Setup-[73afc83146036b1b#308#].exe
2016-11-28 02:45 - 2016-11-28 09:59 - 00013203 _____ C:\Windows\System32\.tmp
2016-11-28 02:45 - 2016-11-28 02:45 - 00262144 _____ C:\Windows\Minidump\112816-13291-01.dmp
2016-11-26 17:20 - 2016-11-26 18:31 - 00000000 ____D
2016-11-26 15:42 - 2016-11-26 15:42 - 00243600 _____ C:\Users\Eriot\Downloads\Firefox Setup Stub 50.0 (5).exe
2016-11-26 13:57 - 2016-11-26 13:57 - 00243600 _____ C:\Users\Eriot\Downloads\Firefox Setup Stub 50.0 (4).exe
2016-11-25 22:11 - 2016-11-25 22:11 - 00243600 _____ C:\Users\Eriot\Downloads\Firefox Setup Stub 50.0 (3).exe
2016-11-25 03:52 - 2016-11-25 04:18 - 00000000 ____D C:\Users\Eriot\AppData\Roaming\dvdcss
2016-11-22 01:03 - 2016-11-22 01:03 - 00243600 _____ C:\Users\Eriot\Downloads\Firefox Setup Stub 50.0 (2).exe
2016-11-22 00:57 - 2016-11-22 00:57 - 00243600 _____ C:\Users\Eriot\Downloads\Firefox Setup Stub 50.0 (1).exe
2016-11-19 14:47 - 2016-11-19 14:47 - 00042586 _____ C:\Users\Eriot\Desktop\criminal.txt
2016-11-19 11:00 - 2014-05-29 11:18 - 2396996570 _____ C:\Users\Eriot\Desktop\Casino Jack 480p ac3 pl 2010.avi
2016-11-19 10:55 - 2015-12-10 04:57 - 1460493043 _____ C:\Users\Eriot\Desktop\[ DEVIL-TORRENTS.PL ] White House Down 2013 AC3 DVDRip XviD.avi
2016-11-19 10:41 - 2013-11-08 15:06 - 00017067 _____ C:\Users\Eriot\Desktop\GRZEGORZ ERDMANN.pdf
2016-11-18 16:49 - 2016-11-28 08:40 - 00000000 ____D C:\Users\Eriot\AppData\LocalLow\Mozilla
2016-11-18 16:43 - 2016-11-22 01:10 - 00000000 ____D C:\Users\Eriot\AppData\Local\Mozilla
2016-11-18 16:43 - 2016-11-18 16:49 - 00000000 ____D C:\Users\Eriot\AppData\Roaming\Mozilla
2016-11-18 16:43 - 2016-11-18 16:43 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-11-18 16:43 - 2016-11-18 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-18 16:43 - 2016-11-18 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-18 16:42 - 2016-11-18 16:42 - 00243600 _____ C:\Users\Eriot\Downloads\Firefox Setup Stub 50.0.exe
2016-11-18 10:45 - 2014-11-13 03:08 - 152227135 _____ C:\Users\Eriot\Desktop\20141113_110652.mp4
2016-11-10 16:02 - 2016-11-16 03:34 - 00000000 ____D C:\Users\Eriot\Documents\Add-in Express
2016-11-10 16:02 - 2016-11-10 16:02 - 00002287 _____ C:\Users\Public\Desktop\WinZip.lnk
2016-11-10 16:02 - 2016-11-10 16:02 - 00000000 ____D C:\Users\Eriot\AppData\Local\WinZip
2016-11-10 16:02 - 2016-11-10 16:02 - 00000000 ____D C:\Program Files\WinZip
2016-11-10 16:02 - 2016-11-10 16:02 - 00000000 ____D C:\Program Files\File Association Helper
2016-11-10 16:01 - 2016-11-10 16:01 - 00880584 _____ ( ) C:\Users\Eriot\Downloads\winzip19.exe
2016-11-10 15:54 - 2016-11-10 15:54 - 22349887 _____ C:\Users\Eriot\Downloads\VALERIAN Official Trailer (2017) Cara Delevingne, Rihanna Sci Fi Movie HD.mp4
2016-11-10 15:52 - 2016-11-10 15:52 - 16336281 _____ C:\Users\Eriot\Downloads\GOOD KIDS Trailer (Teenage Comedy - 2016).mp4
2016-11-10 15:45 - 2016-11-10 15:45 - 115326996 _____ C:\Users\Eriot\Downloads\THE MOST HUMILIATING FOOTBALL SKILLS - VINES.mp4
2016-11-10 15:44 - 2016-11-10 15:45 - 92844681 _____ C:\Users\Eriot\Downloads\Women invading football stadium ◆ Funniest & Most Violent Pitch Invaders Ever.mp4
2016-11-10 15:43 - 2016-11-10 15:43 - 15642113 _____ C:\Users\Eriot\Downloads\Man Down (2016 Movie) – Official Trailer.mp4
2016-11-10 15:42 - 2016-11-10 15:42 - 23173473 _____ C:\Users\Eriot\Downloads\Hacksaw Ridge (2016 - Movie) Official Trailer – “Believe”.mp4
2016-11-10 15:37 - 2016-11-10 15:37 - 436824598 _____ C:\Users\Eriot\Downloads\Upcoming Movies 2016 and 2017 Trailers 【Full HD】(All 25 Official Movie Trailers) #1.mp4
2016-11-10 03:38 - 2016-11-10 03:38 - 12939001 _____ C:\Users\Eriot\Downloads\videoplayback (1).mp4
2016-11-08 10:13 - 2016-11-28 11:37 - 00000000 ____D C:\Users\Eriot\Downloads\ChomikBox
2016-11-08 10:12 - 2016-11-28 11:37 - 00000000 ____D C:\Users\Eriot\AppData\Local\ChomikBox
2016-11-08 10:12 - 2016-11-28 10:00 - 00000000 ____D C:\Users\Eriot\.gstreamer-0.10
2016-11-08 10:12 - 2016-11-08 10:12 - 27987968 _____ C:\Users\Eriot\Downloads\ChomikBox.msi
2016-11-08 10:12 - 2016-11-08 10:12 - 00000662 _____ C:\Users\Public\Desktop\ChomikBox.lnk
2016-11-08 10:12 - 2016-11-08 10:12 - 00000000 ____D C:\Program Files (x86)\ChomikBox
2016-11-08 10:06 - 2016-11-08 10:06 - 00007737 _____ C:\Users\Eriot\Downloads\pierwsze prawo magii pdf.pdf
2016-11-08 01:59 - 2016-11-08 02:00 - 00000000 ____D C:\Users\Eriot\Desktop\Mix Music
2016-11-03 14:52 - 2012-09-30 01:33 - 144015360 _____ C:\Users\Eriot\Desktop\00078.MTS
2016-11-03 12:20 - 2016-11-03 12:20 - 00000000 ____D C:\ProgramData\Elcomsoft Password Recovery
2016-11-03 12:20 - 2016-11-03 12:20 - 00000000 ____D C:\Program Files (x86)\Elcomsoft Password Recovery
2016-11-03 12:20 - 2016-11-03 12:20 - 00000000 ____D C:\Program Files (x86)\Elcomsoft
2016-11-03 12:19 - 2016-11-03 12:19 - 05745152 _____ C:\Users\Eriot\Downloads\archpr_setup_en (1).msi
2016-11-03 12:05 - 2016-11-03 12:05 - 05745152 _____ C:\Users\Eriot\Downloads\archpr_setup_en.msi
2016-11-02 15:48 - 2016-11-02 15:48 - 06294136 _____ (SaveFrom.net ) C:\Users\Eriot\Downloads\SFHelper-Setup-[73afc83146036b1b#361].exe
2016-11-02 15:48 - 2016-11-02 15:48 - 00000216 _____ C:\Users\Eriot\Downloads\playlist.m3u8
2016-11-02 12:44 - 2016-11-02 12:44 - 00860376 _____ (Ashisoft ) C:\Users\Eriot\Downloads\dfsetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-28 18:04 - 2016-08-31 08:28 - 00000000 ____D C:\Users\Eriot\AppData\Roaming\uTorrent
2016-11-28 18:04 - 2016-06-14 04:15 - 00000000 ____D C:\Users\Eriot\AppData\Roaming\vlc
2016-11-28 17:34 - 2008-12-31 15:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-28 11:34 - 2008-12-31 15:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-28 10:07 - 2009-07-13 20:45 - 00020704 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-28 10:07 - 2009-07-13 20:45 - 00020704 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-28 10:06 - 2009-07-13 21:13 - 00713888 _____ C:\Windows\System32\PerfStringBackup.INI
2016-11-28 10:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-11-28 10:00 - 2016-06-27 01:21 - 00000000 ____D C:\Windows\Minidump
2016-11-28 10:00 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-28 09:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2016-11-14 15:35 - 2008-12-31 15:58 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 12:37 - 2016-08-31 08:18 - 00000000 ____D C:\Users\Eriot\AppData\Local\Nox
2016-11-14 12:16 - 2016-10-02 14:45 - 00000000 ____D C:\Users\Eriot\.BigNox
2016-11-14 12:16 - 2016-08-31 08:43 - 00000000 ____D C:\Users\Eriot\.android
2016-11-14 12:16 - 2016-08-31 08:19 - 00000000 ____D C:\Users\Eriot\vmlogs
2016-11-10 16:02 - 2008-12-31 16:15 - 00000000 ____D C:\ProgramData\WinZip
2016-11-10 03:42 - 2016-10-19 01:35 - 00000000 ____D C:\Program Files (x86)\Total Video Converter
2016-11-08 10:12 - 2016-06-06 11:39 - 00000000 ____D C:\users\Eriot
2016-11-08 05:07 - 2009-07-13 21:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-08 02:05 - 2008-12-31 15:58 - 00000000 ____D C:\Users\Eriot\AppData\Local\Google
2016-11-08 01:28 - 2016-10-18 08:21 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-08 01:16 - 2016-10-19 01:35 - 00000000 ____D C:\Users\Eriot\AppData\Roaming\Temp


Some files in TEMP:
====================
C:\Users\Eriot\AppData\Local\Temp\katawa.exe
C:\Users\Eriot\AppData\Local\Temp\ose00000.exe
C:\Users\Eriot\AppData\Local\Temp\parctmp.exe
C:\Users\Eriot\AppData\Local\Temp\_is2DF2.exe
C:\Users\Eriot\AppData\Local\Temp\_is8583.exe
C:\Users\Eriot\AppData\Local\Temp\_isE945.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2010-11-20 19:24] - [2008-12-31 16:14] - 2872320 ____A (Microsoft Corporation) ECC9072346F96A25B27D12B62164DF3C

C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-09-25 12:20] - [2016-08-16 09:36] - 1009152 ____A (Microsoft Corporation) 8F4B991E7837E8E0F90C856659456652

C:\Windows\SysWOW64\User32.dll
[2016-09-25 12:20] - [2016-08-15 18:48] - 0833024 ____A (Microsoft Corporation) 0FBC0E335B65EE5A0175631237817510

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 5%
Total physical RAM: 32448.48 MB
Available physical RAM: 30537.36 MB
Total Virtual: 32446.68 MB
Available Virtual: 30526.79 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:238.37 GB) (Free:6.23 GB) NTFS
Drive e: () (Removable) (Total:29.8 GB) (Free:2.35 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (vertex) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 45F7C05E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT.


LastRegBack: 2016-11-07 04:43

==================== End of FRST.txt ============================

I removed all hardrives of my pc. I've left only ssd system one.

I can't run computer in safe mode. After chosing dafe mode i am getting message windows loading files and then report he is unable to find problem.

Sorry for delay with reply. I am writing of my mobile

It takes time...

#7 Eriot

Eriot
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poole
  • Local time:10:41 PM

Posted 02 December 2016 - 11:01 AM

I dowloaded minitoolbox but i can't run exe file somehow. Can i run it from pendrive like i did with farbar recovery?

#8 JinXiang91

JinXiang91

  • Members
  • 97 posts
  • OFFLINE
  •  

Posted 02 December 2016 - 11:14 AM

I dowloaded minitoolbox but i can't run exe file somehow. Can i run it from pendrive like i did with farbar recovery?

Hi,

What about the SFC command.

Please advise.

Thanks.



#9 Eriot

Eriot
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poole
  • Local time:10:41 PM

Posted 02 December 2016 - 11:33 AM

Yes. Sfc works and i can use it. Scanning now.
"There is a system repair pennding which requires reboot to complete. Restart Windows and run sfc again."

I did and i am getting the same report

#10 Eriot

Eriot
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poole
  • Local time:10:41 PM

Posted 02 December 2016 - 11:52 AM

I am lossing battle with my PC today gentelmens. Last time i used command prompt about 15 years ago so appologise for any inconvenience

#11 JinXiang91

JinXiang91

  • Members
  • 97 posts
  • OFFLINE
  •  

Posted 02 December 2016 - 11:53 AM

Yes. Sfc works and i can use it. Scanning now.
"There is a system repair pennding which requires reboot to complete. Restart Windows and run sfc again."

I did and i am getting the same report

Hi,

You mean you are unable to run the SFC command?

Please advise.

Thanks.



#12 Eriot

Eriot
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poole
  • Local time:10:41 PM

Posted 02 December 2016 - 11:56 AM

I run sfc and scan but i get the line i qouted. I restarted and tried run sfc again and same thing happen. I am clueless
Everytime i restart windows repair kicks in and nothing is changing.

#13 Eriot

Eriot
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poole
  • Local time:10:41 PM

Posted 02 December 2016 - 11:58 AM

Probably solution would be simpler to find if i could show you what appears on my screen

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,451 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:41 PM

Posted 02 December 2016 - 03:20 PM

From now on, follow only my instructions. No one else is authorized to post in this topic. Please wait until I review your log.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,451 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:41 PM

Posted 02 December 2016 - 03:36 PM

 Download the attached file [attachment=187644:fixlist.txt] and save it in the same location (directory) FRST64 is saved.

  • Start FRST64.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 


Edited by JSntgRvr, 02 December 2016 - 03:41 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users