Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 x64 failed to start and system repair dont work


  • This topic is locked This topic is locked
12 replies to this topic

#1 dieguito_nf

dieguito_nf

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 14 August 2017 - 11:18 PM

Hi guys!

 

I have the same problem as Sardonic that he had post in this entry

 

The Windows Repair Problem Signature

Problem Event Name: Startup Repair Offline

Problem Signature 1: 6.1.7600.16385

Problem Signature 2: 6.1.7600.16385

Problem Signature 3: Unknown

Problem Signature 4: 69

Problem Signature 5: AutoFailover

Problem Signature 6: 1

Problem Signature 7: BadDriver

OS Version: 6.1.7600.2.0.0.256.1

 

When i turn on the pc, windows 7 couldn't start.

 

I have tried so far boot in safe mode, boot with the onboard graphics, run chkdsk, bootrec.exe /fixboot and /fixmbr, sfc/scannow and didn't work either.

 

I post the log of the Farbar Recovery Scan Tool x64 (FRST.txt).

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
Ran by SYSTEM on MININT-G82K4GI (15-08-2017 00:27:20)
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-22] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
Startup: C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-04-09] ()
Startup: C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-04-09]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
BootExecute: autocheck autochk /r \??\C:autocheck autochk * 

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-22] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-22] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [311592 2017-07-22] (AVAST Software)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-08-10] (Microsoft Corporation)
S2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2017-05-31] (Fork, Ltd.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 NitroDriverReadSpool11; C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe [327368 2017-03-09] (Nitro Software, Inc.)
S4 NitroUpdateService; C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe [419016 2017-03-09] ()
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-22] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-22] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-22] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-22] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-10] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-10] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146704 2017-08-10] (AVAST Software)
S3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-07-10] (AVAST Software)
S1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [554528 2017-07-10] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-10] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-10] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015880 2017-08-10] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-10] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-10] (AVAST Software)
S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-10] (AVAST Software)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-08-12] ()
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-08-12] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-08-13] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-08-13] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-13] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-08-13] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-06-21] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-15 00:26 - 2017-08-15 00:27 - 000000000 ____D C:\FRST
2017-08-13 07:15 - 2017-08-13 07:15 - 000000000 ____D C:\Users\Diego\AppData\Local\Alexandre_Coelho
2017-08-13 04:49 - 2017-08-13 06:21 - 000000000 ____D C:\Users\Diego\Desktop\Windows 8.1 x64
2017-08-13 04:40 - 2017-08-13 05:58 - 000004581 _____ C:\Users\Diego\Desktop\Instalar_Windows_desde_usb.txt
2017-08-13 04:33 - 2017-08-13 04:33 - 000000000 ____D C:\Windows_Repair_Toolbox
2017-08-13 04:29 - 2017-08-13 04:29 - 003603233 _____ (Alexandre Coelho ) C:\Users\Diego\Desktop\Windows_Repair_Toolbox_setup.exe
2017-08-13 04:21 - 2017-08-13 04:21 - 000000000 ____D C:\Windows\LastGood.Tmp
2017-08-13 03:06 - 2017-08-13 04:45 - 000000000 ____D C:\Users\Diego\Desktop\Windows 10 x64
2017-08-12 18:12 - 2017-08-13 05:54 - 000000000 ____D C:\Users\Diego\Desktop\the founder
2017-08-12 17:32 - 2017-08-12 17:32 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-12 17:32 - 2017-08-12 17:32 - 000003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-12 17:32 - 2017-08-12 17:32 - 000003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-12 17:32 - 2017-08-12 17:32 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-12 17:32 - 2017-08-12 17:32 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-12 17:32 - 2017-08-12 17:32 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-12 17:32 - 2017-08-12 17:32 - 000003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-12 17:32 - 2017-08-12 17:32 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-12 17:32 - 2017-06-21 08:10 - 001903224 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll
2017-08-12 17:32 - 2017-06-21 08:10 - 001755256 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge64.dll
2017-08-12 17:32 - 2017-06-21 08:10 - 001489528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-08-12 17:32 - 2017-06-21 08:10 - 001317496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-08-12 17:32 - 2017-06-21 08:10 - 000121464 _____ C:\Windows\System32\NvRtmpStreamer64.dll
2017-08-12 17:32 - 2017-06-20 21:58 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-08-12 17:32 - 2017-06-07 21:51 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-08-12 17:08 - 2017-08-13 06:05 - 000101246 _____ C:\Windows\ntbtlog.txt
2017-08-12 16:43 - 2017-08-12 16:43 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-08-12 16:23 - 2017-06-21 08:10 - 000179320 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap64v.dll
2017-08-12 16:23 - 2017-06-21 08:10 - 000146552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-08-12 16:23 - 2017-06-21 08:10 - 000057976 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvhci.sys
2017-08-12 16:23 - 2017-06-21 08:10 - 000048248 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys
2017-08-12 16:20 - 2017-08-12 16:20 - 000112320 _____ C:\Users\Diego\AppData\Local\GDIPFONTCACHEV1.DAT
2017-08-12 16:12 - 2017-08-12 16:12 - 000049504 _____ (Prevx) C:\Users\Diego\Desktop\fixShell.exe
2017-08-12 00:26 - 2017-08-12 22:02 - 000000000 ____D C:\Temp
2017-08-11 03:12 - 2017-08-11 03:12 - 000000000 _____ C:\Windows\System32\last.dump
2017-08-11 03:08 - 2017-08-11 03:08 - 000000000 ____D C:\Windows\pss
2017-08-11 02:50 - 2017-08-11 02:51 - 000436120 _____ C:\Windows\System32\FNTCACHE.DAT
2017-08-08 14:12 - 2017-07-22 20:00 - 000400464 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2017-08-08 04:17 - 2017-08-08 04:40 - 000000000 ____D C:\Users\Diego\Desktop\actividad
2017-08-08 02:42 - 2017-08-08 02:42 - 000000225 _____ C:\Users\Diego\Desktop\error_placa_video.txt
2017-08-07 16:24 - 2017-08-08 05:43 - 000280528 _____ C:\Users\Diego\Desktop\Contencion_presentacion.ppsx
2017-08-06 22:34 - 2017-08-06 22:34 - 000000165 ____H C:\Users\Diego\Desktop\~$SOP - Mediaciones (2017.06.13) (1).xlsx
2017-08-06 21:52 - 2017-08-11 22:47 - 000281001 _____ C:\Users\Diego\Desktop\Contencion.pptx
2017-08-06 21:52 - 2017-08-06 21:52 - 000000165 ____H C:\Users\Diego\Desktop\~$Contencion.pptx
2017-08-06 20:51 - 2017-08-06 20:51 - 000000000 ____D C:\Users\Diego\AppData\Roaming\NVIDIA
2017-08-06 20:50 - 2017-08-06 20:50 - 000000000 ____D C:\Program Files\NV-Inspector
2017-08-06 20:44 - 2016-11-14 10:45 - 000615992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-08-06 20:43 - 2016-11-14 13:30 - 000082488 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll
2017-08-06 20:43 - 2016-11-14 13:30 - 000067520 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-08-06 20:43 - 2016-11-14 12:15 - 006789056 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2017-08-06 20:43 - 2016-11-14 12:15 - 003528128 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2017-08-06 20:43 - 2016-11-14 12:15 - 002558512 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2017-08-06 20:43 - 2016-11-14 12:15 - 000932728 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2017-08-06 20:43 - 2016-11-14 12:15 - 000384888 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2017-08-06 20:43 - 2016-11-14 12:15 - 000062328 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2017-08-06 20:43 - 2016-11-14 10:09 - 007513855 _____ C:\Windows\System32\nvcoproc.bin
2017-08-06 20:41 - 2016-11-14 13:30 - 031523384 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 024208440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 023000000 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 016128720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 015301056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 014497712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 013915720 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 013826968 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 012905016 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2017-08-06 20:41 - 2016-11-14 13:30 - 011270656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 011208312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 004253240 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 003995192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 003207824 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 002822568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 001908272 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434201.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 001557552 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434201.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 000951232 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 000913856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 000909760 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 000876480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-08-06 20:41 - 2016-11-14 13:30 - 000026157 _____ C:\Windows\System32\nvinfo.pb
2017-08-06 17:59 - 2017-08-06 17:59 - 000228175 _____ C:\Users\Diego\Desktop\NV-Inspector [Para OC gpu].rar
2017-08-06 16:50 - 2017-08-06 16:50 - 000000000 ____D C:\Program Files (x86)\ASRock Utility
2017-08-06 16:43 - 2017-08-06 16:43 - 002532603 _____ C:\Users\Diego\Desktop\OCTuner(2.3.91).zip
2017-08-06 16:33 - 2017-08-06 16:33 - 000000000 ____D C:\NV41285660.TMP
2017-08-06 16:32 - 2017-08-06 16:32 - 000000000 ____D C:\NV27365592.TMP
2017-08-06 16:32 - 2009-01-07 12:47 - 000410656 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.cpl
2017-08-06 16:32 - 2008-06-04 14:15 - 002088992 ____N (NVIDIA Corporation) C:\Windows\System32\nvcplUI.exe
2017-08-06 16:32 - 2008-06-04 14:15 - 001071648 ____N (NVIDIA Corporation) C:\Windows\System32\nvcplUIR.dll
2017-08-06 16:32 - 2008-06-04 14:15 - 000388640 _____ (NVIDIA Corporation) C:\Windows\System32\nvexpBar.dll
2017-08-06 16:30 - 2017-08-06 16:31 - 203656551 _____ C:\Users\Diego\Desktop\Aida64 Extreme v5.92 Full.rar
2017-08-06 16:30 - 2009-01-07 15:28 - 000501280 _____ (NVIDIA Corporation) C:\Windows\System32\NVUNINST.EXE
2017-08-06 16:19 - 2017-08-06 16:19 - 000000000 ____D C:\Program Files (x86)\FinalWire
2017-08-06 15:50 - 2017-08-06 15:51 - 000000000 ____D C:\Program Files\bluescreenview-x64
2017-08-06 15:49 - 2017-08-06 15:51 - 000086827 _____ C:\Users\Diego\Desktop\bluescreenview-x64.zip
2017-08-05 21:49 - 2017-08-05 21:49 - 000000000 ____D C:\Program Files\MKVToolNix
2017-08-05 04:49 - 2017-08-05 04:49 - 000000000 ____D C:\Users\Diego\AppData\Local\TempOfficeC2RDF0E23DB-01D7-4B5D-B5B9-F34061CB93A6
2017-08-04 04:02 - 2017-08-08 15:28 - 011621905 _____ C:\Users\Diego\Desktop\SOP - Mediaciones (2017.06.13) (1).xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-13 06:05 - 2017-03-28 20:42 - 000084256 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2017-08-13 05:19 - 2017-04-09 00:53 - 000000000 ____D C:\Users\Diego\.rainlendar2
2017-08-13 05:13 - 2017-05-31 01:45 - 000000000 ____D C:\Windows\Prey
2017-08-13 04:43 - 2009-07-14 05:45 - 000025536 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-13 04:43 - 2009-07-14 05:45 - 000025536 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-13 04:21 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-08-13 04:16 - 2009-07-14 10:31 - 000815786 _____ C:\Windows\System32\perfh00A.dat
2017-08-13 04:16 - 2009-07-14 10:31 - 000185688 _____ C:\Windows\System32\perfc00A.dat
2017-08-13 04:16 - 2009-07-14 06:13 - 001852154 _____ C:\Windows\System32\PerfStringBackup.INI
2017-08-13 02:10 - 2017-03-28 20:42 - 000101784 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2017-08-13 02:10 - 2017-03-28 20:42 - 000045472 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-08-13 02:10 - 2017-03-28 20:24 - 000253856 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-08-13 02:05 - 2017-04-01 22:52 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-13 02:04 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-12 18:06 - 2017-03-31 21:40 - 000000000 ____D C:\Program Files\Microsoft Office
2017-08-12 17:41 - 2017-04-01 22:53 - 000000000 ____D C:\Users\Diego\AppData\Local\NVIDIA Corporation
2017-08-12 17:35 - 2017-03-28 20:42 - 000188352 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2017-08-12 17:35 - 2017-03-28 20:24 - 000077376 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-08-12 17:33 - 2017-04-01 22:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-12 17:32 - 2017-04-01 22:53 - 000000000 ____D C:\Users\Diego\AppData\Local\NVIDIA
2017-08-12 17:32 - 2017-04-01 22:52 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-12 17:32 - 2017-04-01 22:36 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-12 16:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\System32\NDF
2017-08-12 16:44 - 2017-03-31 21:48 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-12 16:43 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-08-12 04:36 - 2017-03-28 20:15 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-08-11 03:10 - 2009-07-14 06:08 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-11 02:51 - 2017-03-28 18:11 - 000000000 ____D C:\users\Diego
2017-08-10 02:41 - 2017-03-28 20:14 - 001015880 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2017-08-10 02:41 - 2017-03-28 20:14 - 000146704 _____ (AVAST Software) C:\Windows\System32\Drivers\aswmonflt.sys
2017-08-09 05:31 - 2017-04-03 06:20 - 000000000 ____D C:\Program Files\Everything
2017-08-07 06:28 - 2017-04-03 18:16 - 000000000 ____D C:\Users\Diego\AppData\Local\CrashDumps
2017-08-07 00:09 - 2017-04-10 05:15 - 000000000 ____D C:\Windows\Minidump
2017-08-06 20:58 - 2017-04-10 06:11 - 000000000 ____D C:\Users\Diego\AppData\Roaming\Nitro
2017-08-06 16:41 - 2017-03-30 04:17 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-06 15:52 - 2017-03-28 19:06 - 000000000 ___RD C:\Users\Diego\Desktop\J&P
2017-08-05 22:17 - 2017-04-03 04:40 - 000000000 ____D C:\Users\Diego\AppData\Roaming\qBittorrent
2017-07-30 03:57 - 2017-04-02 21:42 - 000000000 ____D C:\Users\Diego\AppData\Roaming\vlc
2017-07-30 03:01 - 2017-06-12 20:26 - 000000000 ____D C:\Users\Diego\AppData\Roaming\Mipony
2017-07-29 19:22 - 2017-04-02 19:16 - 000000000 ____D C:\Users\Diego\AppData\Roaming\AIMP
2017-07-22 20:00 - 2017-03-28 20:14 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbloga.sys
2017-07-22 20:00 - 2017-03-28 20:14 - 000320008 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2017-07-22 20:00 - 2017-03-28 20:14 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbidsha.sys
2017-07-22 20:00 - 2017-03-28 20:14 - 000146664 _____ (AVAST Software) C:\Windows\System32\Drivers\aswmonflt.sys.150075006545303
2017-07-22 20:00 - 2017-03-28 20:14 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\System32\Drivers\aswbuniva.sys
2017-07-22 04:16 - 2017-03-29 22:07 - 000005976 _____ C:\Users\Diego\Desktop\LEEME - Reglas generales.txt

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================

Restore point date: 2017-05-28 14:56
Restore point date: 2017-05-28 15:12
Restore point date: 2017-08-10 04:23
Restore point date: 2017-08-10 15:49
Restore point date: 2017-08-12 03:14
Restore point date: 2017-08-13 06:22
Restore point date: 2017-08-13 06:46

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 8063.3 MB
Available physical RAM: 7271.29 MB
Total Virtual: 8061.45 MB
Available Virtual: 7253.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:142.59 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (ESD-ISO) (CDROM) (Total:3.1 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:0.95 GB) (Free:0.92 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Almacenamiento) (Fixed) (Total:465.76 GB) (Free:19.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EA67B46A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: D1CCD4B2)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 977.5 MB) (Disk ID: 00576BCE)
Partition 1: (Active) - (Size=977 MB) - (Type=07 NTFS)

LastRegBack: 2017-08-12 04:57

==================== End of FRST.txt ============================

Thank you for your attention and I look forward to hearing your views on the issue.

 

I will here awaiting instructions  :bananas:

 

Bye bye.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 AM

Posted 15 August 2017 - 02:49 PM

Greetings dieguito_nf and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

When did this problem firs appear?

Please run this for me. Copy and paste the contents of the fixlog.txt report directly into your reply without using the Code Box.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • On a clean computer press the Windows Key + R at the same time, type notepad and press Enter
  • Copy and paste the contents of the below code box into the open notepad and save it on the flashdrive containing FRST as fixlist.txt
2017-08-06 16:33 - 2017-08-06 16:33 - 000000000 ____D C:\NV41285660.TMP
2017-08-06 16:32 - 2017-08-06 16:32 - 000000000 ____D C:\NV27365592.TMP
2017-07-30 03:01 - 2017-06-12 20:26 - 000000000 ____D C:\Users\Diego\AppData\Roaming\Mipony
cmd: dir /s C:\Users\Diego\AppData\Local\TempOfficeC2RDF0E23DB-01D7-4B5D-B5B9-F34061CB93A6
zip: C:\Windows\Minidump
  • Insert the USB device into your infected computer
  • Boot your computer to the Recovery Environment Command Prompt like you did to run the FRST scan
  • Run FRST as you did the first time and press the Fix button
  • The tool will create a the Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • The tool will also create a zip file on your Desktop with today's date and time, example 05.12.2016_13.04.06.zip. Please attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached zip file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 dieguito_nf

dieguito_nf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 16 August 2017 - 10:02 PM

Gary,

 

Nice to meet you.

 

You can call me by mi first name or whatever you like.

 

I understood the ground rules. The problem appears when i tried to solve a gray background where fill all the desktop. This problem couldn't allow me to see the icons and the desktop. I used to open the task manager, kill the explorer.exe and re open. It was the only way to use my pc. After that, i used Windows Repair Toolbox > WinRepair>Aio. Later the Windows 7 will never load. The pc is frozen it after the POST

 

I post the results of FRST > Fix:

 

I dont know why i couldnt run the FRST x64. I ran FRST x32. Furthermore, the FRST wont create a zip file.  :smash: 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 16-08-2017
Ran by SYSTEM (16-08-2017 23:41:28) Run:1
Running from F:\
Boot Mode: Recovery
 
==============================================
 
fixlist content:
*****************
2017-08-06 16:33 - 2017-08-06 16:33 - 000000000 ____D C:\NV41285660.TMP
2017-08-06 16:32 - 2017-08-06 16:32 - 000000000 ____D C:\NV27365592.TMP
2017-07-30 03:01 - 2017-06-12 20:26 - 000000000 ____D C:\Users\Diego\AppData\Roaming\Mipony
cmd: dir /s C:\Users\Diego\AppData\Local\TempOfficeC2RDF0E23DB-01D7-4B5D-B5B9-F34061CB93A6
zip: C:\Windows\Minidump
*****************
 
C:\NV41285660.TMP => moved successfully
C:\NV27365592.TMP => moved successfully
C:\Users\Diego\AppData\Roaming\Mipony => moved successfully
 
========= dir /s C:\Users\Diego\AppData\Local\TempOfficeC2RDF0E23DB-01D7-4B5D-B5B9-F34061CB93A6 =========
 
 El volumen de la unidad C no tiene etiqueta.
 El n£mero de serie del volumen es: 388B-7483
 
 Directorio de C:\Users\Diego\AppData\Local\TempOfficeC2RDF0E23DB-01D7-4B5D-B5B9-F34061CB93A6
 
05/08/2017  04:49    <DIR>          .
05/08/2017  04:49    <DIR>          ..
               0 archivos              0 bytes
 
     Total de archivos en la lista:
               0 archivos              0 bytes
               2 dirs  184.329.367.552 bytes libres
 
========= End of CMD: =========
 
================== Zip: ===================
C:\Windows\Minidump -> Size=zero byte
=========== Zip: End ===========
 
==== End of Fixlog 23:41:29 ====

 

I must say that I found it very hard to write in English.

 

Thanks a lot and i will waited patiently.

 

Bye!



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 AM

Posted 17 August 2017 - 09:09 AM

Greetings,
 

Later the Windows 7 will never load. The pc is frozen it after the POST

Did the computer fail to boot immediately after running All in One?

Do you see anything at all after the POST or any error information at all?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 dieguito_nf

dieguito_nf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 17 August 2017 - 09:15 PM

Did the computer fail to boot immediately after running All in One? > Yes. It does not even load the windows logo. Just pass the POST and it stays on a black screen.

 

 

Do you see anything at all after the POST or any error information at all? > No i dont. I can see only a black screen.

 

Thanks!!



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 AM

Posted 17 August 2017 - 09:33 PM

Boot into the Recovery Environment and rather than selecting Command Prompt select System Restore. Select a date prior to running All in One. Let me know if your computer boots successfully.

Edited by Oh My!, 17 August 2017 - 09:46 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 AM

Posted 20 August 2017 - 09:56 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 dieguito_nf

dieguito_nf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 21 August 2017 - 09:54 AM

Gary,

 

I'm so sorry for the long delay for the response.

 

Yes i could restore my pc to a restore point before to running All in One. So i can say that the problem is solved.

 

Thank you very much for your care and for being so kind!! :bananas:  :bananas: 

 

Bye bye!



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 AM

Posted 21 August 2017 - 10:46 AM

My pleasure, glad it worked out.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. ohmy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 dieguito_nf

dieguito_nf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 21 August 2017 - 03:36 PM

Thanks Gary!!

 

I'm going to be more careful.

 

The log of Delfix:

 

# DelFix v1.010 - Logfile created 21/08/2017 at 17:30:31
# Updated 26/04/2015 by Xplode
# Username : Diego - DIEGO-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
 
New restore point created !
 
########## - EOF - ##########
 
Now, the post still open or will you close it?


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 AM

Posted 21 August 2017 - 03:44 PM

I will leave it open until tomorrow just in case.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 dieguito_nf

dieguito_nf
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 21 August 2017 - 03:56 PM

Perfect! I hope that Murphy's Law wont appear.  :bubbles:



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:45 AM

Posted 23 August 2017 - 09:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users