Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 7 64-bit Startup Repair Loop

Started by arliday , Aug 05 2012 04:31 PM

  • This topic is locked This topic is locked

#1
arliday
Posted 05 August 2012 - 04:31 PM

arliday

    Member

  • Member
  • PipPip
  • 16 posts
Hello I'm having problems with Thinkpad edge, Windows 7, 64bit.All of sudden, yesterday evening when I tried to start my Thinkpad edge during boot up it goes into the Startup Repair Loop.
When I try to start windows normally, as soon as the windows logo animation appears, a blue screen very briefly flashes (So brief I can't read the message).
Then I am directed to another screen which indicates my options as either commencing the Startup Repair or Start Windows normally. If I start the Startup Repair, the process is not able to fix the problem automatically.
I have tried using Lenovo rescue and recovery to fix it with no luck.
I tried restoring the system using backup restore points but no luck again.


I have gone through your previous suggestion for nearly same problem

http://www.geekstogo...up-repair-loop/

and did everything as suggested but till no luck. I did install all three softwares

1. Wintoboot
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

Created bootup flash drive and ran FRST64.exe. Please let me know ifanyone want frstlog.txt file.

Please help. Thanks in advance!
  • 0

Advertisements

#2
JSntgRvr
Posted 05 August 2012 - 06:46 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
:welcome:

Created bootup flash drive and ran FRST64.exe. Please let me know ifanyone want frstlog.txt file.


It will help.
  • 0

#3
arliday
Posted 05 August 2012 - 08:07 PM

arliday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks for replying!

Here is logfile FRST.txt. Hope this helps!

Scan result of Farbar Recovery Scan Tool Version: 05-08-2012 03
Ran by SYSTEM at 05-08-2012 13:17:37
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11049576 2010-07-14] (Realtek Semiconductor)
HKLM\...\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-04-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [414744 2010-04-29] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-06-04] (RealNetworks, Inc.)
HKU\archana\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
HKU\archana\...\Run: [Google Update] "C:\Users\archana\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-18] (Google Inc.)
HKU\archana\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-02] (Google Inc.)
HKU\archana\...\Run: [VoipRaider] "C:\Program Files (x86)\VoipRaider.com\VoipRaider\voipraider.exe" -nosplash -minimized [13863728 2012-01-06] (VoipRaider)
HKU\archana\...\Run: [ckerod] rundll32.exe "C:\Users\archana\AppData\Roaming\ckerod.dll",WriteStreamToFile [151552 2012-06-27] (DT Soft Ltd)
HKU\archana\...\Run: [qdvcf] "C:\Windows\System32\rundll32.exe" "C:\Users\archana\AppData\Roaming\qdvcf.dll",SpeedOfSound [367104 2012-07-11] ()
HKU\archana\...\Run: [Facebook Update] "C:\Users\archana\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-17] (Facebook Inc.)
HKU\archana27\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-02] (Google Inc.)
HKU\archana27\...\Run: [Google Update] "C:\Users\archana27\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-01] (Google Inc.)
HKU\archana27\...\Run: [VoipRaider] "C:\Program Files (x86)\VoipRaider.com\VoipRaider\voipraider.exe" -nosplash -minimized [13863728 2012-01-06] (VoipRaider)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) ======

2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [45928 2009-11-17] (Lenovo.)
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-04-20] (Lenovo Group Limited)
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-06] (Lenovo Group Limited)
2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-04-20] (Lenovo Group Limited)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)
2 lxda_device; C:\Windows\system32\lxdacoms.exe -service [566192 2007-04-26] ( )
2 lxda_device; C:\Windows\SysWow64\lxdacoms.exe -service [537520 2007-04-26] ( )
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
3 Power Manager DBC Service; "C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE" [75112 2010-08-24] (Lenovo)
2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-14] (Realtek Semiconductor)
2 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [28672 2010-03-15] (Lenovo Group Limited)
2 TeamViewer; "C:\Program Files (x86)\TeamViewer3\TeamViewer_Service.exe" -service [185640 2008-11-17] (TeamViewer GmbH)
3 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG64.exe [47656 2009-10-09] (Lenovo.)
2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [63928 2010-04-06] (Lenovo Group Limited)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-11-03] (Intel Corporation)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 5U877; C:\Windows\System32\Drivers\5U877.sys [161664 2010-03-17] (Ricoh co.,Ltd.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20100522.001\BHDrvx64.sys [942640 2010-05-18] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-05-28] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-05-28] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20100518.002\IDSVia64.sys [463408 2010-05-17] (Symantec Corporation)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS [117808 2010-05-28] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS [1773104 2010-05-28] (Symantec Corporation)
0 Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [136744 2009-10-09] (Lenovo.)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
0 TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [23592 2009-10-09] (Lenovo.)
1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
1 gzggdvbh; \??\C:\Windows\system32\drivers\gzggdvbh.sys [x]
3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3892.55 MB
Available physical RAM: 3282.86 MB
Total Pagefile: 3890.7 MB
Available Pagefile: 3263.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:369.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.2 GB) NTFS
4 Drive g: () (Removable) (Total:7.45 GB) (Free:7.22 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7628 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1200 MB 1024 KB
Partition 2 Primary 454 GB 1201 MB
Partition 3 Primary 9 GB 455 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM_DRV NTFS Partition 1200 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows7_OS NTFS Partition 454 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Lenovo_Reco NTFS Partition 9 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7624 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G NTFS Removable 7624 MB Healthy

==================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-07-30 08:32

======================= End Of Log ==========================
  • 0

#4
JSntgRvr
Posted 05 August 2012 - 08:26 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Download the enclosed file.

Save it next to FRST64. Insert the removable drive back into the ailing computer. Run FRST64 as you did before, except that this time around, click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

If successful, boot in normal mode. If able to, run Combofix as follows:


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#5
arliday
Posted 05 August 2012 - 09:49 PM

arliday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
it didn't fix. it is still going into same loop back with two options,
1) windows (Repair)
2) start windows normally

and keep restarting with flashy blue screen with errors.

Here is fixlog.txt

---------------------------------- Fixlog.txt Start--------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 03
Ran by SYSTEM at 2012-08-05 23:40:54 Run:2
Running from G:\

==============================================

gzggdvbh service deleted successfully.

An error occurred while attempting to delete the specified data element.
Element not found.
The operation completed successfully.

==== End of Fixlog ====
  • 0

#6
arliday
Posted 06 August 2012 - 09:49 AM

arliday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi JSntgRvr,

Do you want me to re-run fix from FRST? OR please let me know next step. I have very important data into this laptop as well as I need this laptop back to normal as soon as possible so please help with next steps.


Waiting for your next command!
  • 0

#7
JSntgRvr
Posted 06 August 2012 - 12:17 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
No. Let me first re-check the entry. Please run FRST64 as you did before and click on the Scan button. Post the contents of the new FRST.txt log.
  • 0

#8
arliday
Posted 06 August 2012 - 03:58 PM

arliday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Scan result of Farbar Recovery Scan Tool Version: 05-08-2012 03
Ran by SYSTEM at 06-08-2012 17:54:06
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11049576 2010-07-14] (Realtek Semiconductor)
HKLM\...\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-04-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [414744 2010-04-29] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-06-04] (RealNetworks, Inc.)
HKU\archana\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
HKU\archana\...\Run: [Google Update] "C:\Users\archana\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-18] (Google Inc.)
HKU\archana\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-02] (Google Inc.)
HKU\archana\...\Run: [VoipRaider] "C:\Program Files (x86)\VoipRaider.com\VoipRaider\voipraider.exe" -nosplash -minimized [13863728 2012-01-06] (VoipRaider)
HKU\archana\...\Run: [ckerod] rundll32.exe "C:\Users\archana\AppData\Roaming\ckerod.dll",WriteStreamToFile [151552 2012-06-27] (DT Soft Ltd)
HKU\archana\...\Run: [qdvcf] "C:\Windows\System32\rundll32.exe" "C:\Users\archana\AppData\Roaming\qdvcf.dll",SpeedOfSound [367104 2012-07-11] ()
HKU\archana\...\Run: [Facebook Update] "C:\Users\archana\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-17] (Facebook Inc.)
HKU\archana27\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-02] (Google Inc.)
HKU\archana27\...\Run: [Google Update] "C:\Users\archana27\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-01] (Google Inc.)
HKU\archana27\...\Run: [VoipRaider] "C:\Program Files (x86)\VoipRaider.com\VoipRaider\voipraider.exe" -nosplash -minimized [13863728 2012-01-06] (VoipRaider)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) ======

2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [45928 2009-11-17] (Lenovo.)
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-04-20] (Lenovo Group Limited)
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-06] (Lenovo Group Limited)
2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-04-20] (Lenovo Group Limited)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)
2 lxda_device; C:\Windows\system32\lxdacoms.exe -service [566192 2007-04-26] ( )
2 lxda_device; C:\Windows\SysWow64\lxdacoms.exe -service [537520 2007-04-26] ( )
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
3 Power Manager DBC Service; "C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE" [75112 2010-08-24] (Lenovo)
2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-14] (Realtek Semiconductor)
2 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [28672 2010-03-15] (Lenovo Group Limited)
2 TeamViewer; "C:\Program Files (x86)\TeamViewer3\TeamViewer_Service.exe" -service [185640 2008-11-17] (TeamViewer GmbH)
3 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG64.exe [47656 2009-10-09] (Lenovo.)
2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [63928 2010-04-06] (Lenovo Group Limited)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-11-03] (Intel Corporation)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 5U877; C:\Windows\System32\Drivers\5U877.sys [161664 2010-03-17] (Ricoh co.,Ltd.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20100522.001\BHDrvx64.sys [942640 2010-05-18] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-05-28] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-05-28] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20100518.002\IDSVia64.sys [463408 2010-05-17] (Symantec Corporation)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS [117808 2010-05-28] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS [1773104 2010-05-28] (Symantec Corporation)
0 Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [136744 2009-10-09] (Lenovo.)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
0 TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [23592 2009-10-09] (Lenovo.)
1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-05 13:18 - 2012-08-05 13:18 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-08-05 13:08 - 2012-08-05 13:10 - 00000000 ____D C:\FRST
2012-07-27 07:32 - 2012-07-27 07:32 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-26 06:19 - 2012-08-04 19:15 - 00000000 ____D C:\Users\archana\AppData\Roaming\Mozilla
2012-07-17 19:16 - 2012-07-30 19:21 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1001UA.job
2012-07-17 19:16 - 2012-07-30 19:21 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1001Core.job
2012-07-17 19:16 - 2012-07-17 19:16 - 00000000 ____D C:\Users\archana\AppData\Local\Facebook
2012-07-11 23:04 - 2012-06-11 19:04 - 03151360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 23:03 - 2012-07-11 23:03 - 00000127 ____A C:\Windows\System32\MRT.INI
2012-07-11 18:36 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 18:36 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 18:36 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 18:36 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 18:36 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 18:36 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 18:33 - 2012-07-11 18:33 - 00367104 ____A C:\Users\archana\AppData\Roaming\qdvcf.dll
2012-07-11 18:33 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 18:33 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 18:33 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 18:33 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 18:33 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 18:33 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 18:33 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 18:33 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 18:33 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

============ 3 Months Modified Files ========================

2012-07-31 05:02 - 2010-11-29 00:51 - 01139400 ____A C:\Windows\WindowsUpdate.log
2012-07-31 05:00 - 2012-04-05 12:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-31 05:00 - 2010-11-29 01:27 - 00000332 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-31 04:58 - 2012-01-02 16:36 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-31 04:58 - 2012-01-02 16:36 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-31 04:57 - 2010-11-29 00:59 - 00160658 ____A C:\Windows\PFRO.log
2012-07-31 04:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-31 04:57 - 2009-07-13 20:51 - 00138454 ____A C:\Windows\setupact.log
2012-07-30 20:51 - 2011-08-18 13:38 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1001UA.job
2012-07-30 20:05 - 2012-02-22 06:50 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1004UA.job
2012-07-30 19:21 - 2012-07-17 19:16 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1001UA.job
2012-07-30 19:21 - 2012-07-17 19:16 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1001Core.job
2012-07-30 18:57 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 18:57 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-30 18:54 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-30 08:41 - 2011-08-18 13:38 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1001Core.job
2012-07-29 19:47 - 2012-02-22 06:50 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1004Core.job
2012-07-27 07:32 - 2012-07-27 07:32 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-26 18:00 - 2012-04-05 12:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-26 18:00 - 2011-05-17 12:51 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-23 08:40 - 2012-07-06 09:26 - 00000281 ____A C:\Windows\Lexstat.ini
2012-07-11 23:20 - 2009-07-13 20:45 - 00335160 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 23:03 - 2012-07-11 23:03 - 00000127 ____A C:\Windows\System32\MRT.INI
2012-07-11 23:01 - 2011-02-16 15:43 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 18:33 - 2012-07-11 18:33 - 00367104 ____A C:\Users\archana\AppData\Roaming\qdvcf.dll
2012-07-06 09:33 - 2012-07-06 09:33 - 00001146 ____A C:\Users\Public\Desktop\Lexmark 640 Series Solution Center.lnk
2012-07-06 09:26 - 2012-07-06 09:25 - 00004349 ____A C:\Windows\System32\LexFiles.ulf
2012-06-27 16:35 - 2012-06-27 16:35 - 00151552 ____A (DT Soft Ltd) C:\Users\archana\AppData\Roaming\ckerod.dll
2012-06-13 17:26 - 2009-07-13 21:08 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 19:04 - 2012-07-11 23:04 - 03151360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-11 18:36 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-11 18:36 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 10:19 - 2010-11-29 01:27 - 00000528 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-05 21:50 - 2012-07-11 18:36 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-11 18:36 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-11 18:36 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-11 18:36 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-04 05:40 - 2012-06-04 05:40 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-06-04 05:39 - 2012-01-02 16:35 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-06-04 05:39 - 2012-01-02 16:35 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-06-04 05:39 - 2012-01-02 16:35 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-06-04 05:39 - 2012-01-02 16:35 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-06-04 05:39 - 2009-10-21 23:09 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-06-04 05:39 - 2009-10-21 23:09 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-02 14:19 - 2012-06-18 18:03 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 18:03 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 18:03 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 18:02 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 18:02 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 18:03 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 18:02 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-18 18:02 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-18 18:02 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:38 - 2012-07-11 18:33 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-11 18:33 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-11 18:33 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-11 18:33 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-11 18:33 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-11 18:33 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-11 18:33 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-11 18:33 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-11 18:33 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 07:27 - 2012-06-01 07:27 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-31 08:25 - 2011-05-26 20:39 - 00279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-20 08:52 - 2012-05-20 08:52 - 00000938 ____A C:\Users\Public\Desktop\Zune.lnk
2012-05-20 08:46 - 2012-05-20 08:46 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2012-05-20 08:46 - 2012-05-20 08:46 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-05-14 19:56 - 2012-06-12 14:36 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:52 - 2012-06-12 14:36 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:08 - 2012-06-12 14:36 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:06 - 2012-06-12 14:36 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3892.55 MB
Available physical RAM: 3259.63 MB
Total Pagefile: 3890.7 MB
Available Pagefile: 3244.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:369.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.2 GB) NTFS
4 Drive g: () (Removable) (Total:7.45 GB) (Free:7.22 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7628 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1200 MB 1024 KB
Partition 2 Primary 454 GB 1201 MB
Partition 3 Primary 9 GB 455 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM_DRV NTFS Partition 1200 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows7_OS NTFS Partition 454 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Lenovo_Reco NTFS Partition 9 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7624 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G NTFS Removable 7624 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-30 08:32

======================= End Of Log ==========================
  • 0

#9
JSntgRvr
Posted 06 August 2012 - 08:07 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
We will need to check the Master Boot Record.

Download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix64.exe application to the USB drive, next to FRST64.

Download the enclosed file.

Save it next to FRST64, replacing the existing one. Insert the removable drive back into the ailing computer. Run FRST64 as you did before, except that this time around, click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. It should also create a file, MBRDUMP.txt. Please attach the MBRDUMP.txt to your reply as it is a hex file.
  • 0

#10
arliday
Posted 06 August 2012 - 09:40 PM

arliday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here you go for FRST.txt log file.


Scan result of Farbar Recovery Scan Tool Version: 05-08-2012 03
Ran by SYSTEM at 06-08-2012 23:34:51
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11049576 2010-07-14] (Realtek Semiconductor)
HKLM\...\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-04-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [414744 2010-04-29] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-04-20] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-06-04] (RealNetworks, Inc.)
HKU\archana\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
HKU\archana\...\Run: [Google Update] "C:\Users\archana\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-18] (Google Inc.)
HKU\archana\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-02] (Google Inc.)
HKU\archana\...\Run: [VoipRaider] "C:\Program Files (x86)\VoipRaider.com\VoipRaider\voipraider.exe" -nosplash -minimized [13863728 2012-01-06] (VoipRaider)
HKU\archana\...\Run: [ckerod] rundll32.exe "C:\Users\archana\AppData\Roaming\ckerod.dll",WriteStreamToFile [151552 2012-06-27] (DT Soft Ltd)
HKU\archana\...\Run: [qdvcf] "C:\Windows\System32\rundll32.exe" "C:\Users\archana\AppData\Roaming\qdvcf.dll",SpeedOfSound [367104 2012-07-11] ()
HKU\archana\...\Run: [Facebook Update] "C:\Users\archana\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-17] (Facebook Inc.)
HKU\archana27\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-02] (Google Inc.)
HKU\archana27\...\Run: [Google Update] "C:\Users\archana27\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-01] (Google Inc.)
HKU\archana27\...\Run: [VoipRaider] "C:\Program Files (x86)\VoipRaider.com\VoipRaider\voipraider.exe" -nosplash -minimized [13863728 2012-01-06] (VoipRaider)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

==================== Services (Whitelisted) ======

2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [45928 2009-11-17] (Lenovo.)
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-04-20] (Lenovo Group Limited)
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-04-06] (Lenovo Group Limited)
2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [74088 2010-04-20] (Lenovo Group Limited)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)
2 lxda_device; C:\Windows\system32\lxdacoms.exe -service [566192 2007-04-26] ( )
2 lxda_device; C:\Windows\SysWow64\lxdacoms.exe -service [537520 2007-04-26] ( )
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
3 Power Manager DBC Service; "C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE" [75112 2010-08-24] (Lenovo)
2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-14] (Realtek Semiconductor)
2 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [28672 2010-03-15] (Lenovo Group Limited)
2 TeamViewer; "C:\Program Files (x86)\TeamViewer3\TeamViewer_Service.exe" -service [185640 2008-11-17] (TeamViewer GmbH)
3 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG64.exe [47656 2009-10-09] (Lenovo.)
2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [63928 2010-04-06] (Lenovo Group Limited)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-11-03] (Intel Corporation)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 5U877; C:\Windows\System32\Drivers\5U877.sys [161664 2010-03-17] (Ricoh co.,Ltd.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20100522.001\BHDrvx64.sys [942640 2010-05-18] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-05-28] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-05-28] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20100518.002\IDSVia64.sys [463408 2010-05-17] (Symantec Corporation)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS [117808 2010-05-28] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS [1773104 2010-05-28] (Symantec Corporation)
0 Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [136744 2009-10-09] (Lenovo.)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
0 TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [23592 2009-10-09] (Lenovo.)
1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
3 PCDSRVC{127174DC-C366ED8B-06020000}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-05 13:18 - 2012-08-05 13:18 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-08-05 13:08 - 2012-08-05 13:10 - 00000000 ____D C:\FRST
2012-07-27 07:32 - 2012-07-27 07:32 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-26 06:19 - 2012-08-04 19:15 - 00000000 ____D C:\Users\archana\AppData\Roaming\Mozilla
2012-07-17 19:16 - 2012-07-30 19:21 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1001UA.job
2012-07-17 19:16 - 2012-07-30 19:21 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1001Core.job
2012-07-17 19:16 - 2012-07-17 19:16 - 00000000 ____D C:\Users\archana\AppData\Local\Facebook
2012-07-11 23:04 - 2012-06-11 19:04 - 03151360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 23:03 - 2012-07-11 23:03 - 00000127 ____A C:\Windows\System32\MRT.INI
2012-07-11 18:36 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 18:36 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 18:36 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 18:36 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 18:36 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 18:36 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 18:33 - 2012-07-11 18:33 - 00367104 ____A C:\Users\archana\AppData\Roaming\qdvcf.dll
2012-07-11 18:33 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 18:33 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 18:33 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 18:33 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 18:33 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 18:33 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 18:33 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 18:33 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 18:33 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

============ 3 Months Modified Files ========================

2012-07-31 05:02 - 2010-11-29 00:51 - 01139400 ____A C:\Windows\WindowsUpdate.log
2012-07-31 05:00 - 2012-04-05 12:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-31 05:00 - 2010-11-29 01:27 - 00000332 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-31 04:58 - 2012-01-02 16:36 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-31 04:58 - 2012-01-02 16:36 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-31 04:57 - 2010-11-29 00:59 - 00160658 ____A C:\Windows\PFRO.log
2012-07-31 04:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-31 04:57 - 2009-07-13 20:51 - 00138454 ____A C:\Windows\setupact.log
2012-07-30 20:51 - 2011-08-18 13:38 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1001UA.job
2012-07-30 20:05 - 2012-02-22 06:50 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1004UA.job
2012-07-30 19:21 - 2012-07-17 19:16 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1001UA.job
2012-07-30 19:21 - 2012-07-17 19:16 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1001Core.job
2012-07-30 18:57 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 18:57 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-30 18:54 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-30 08:41 - 2011-08-18 13:38 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1001Core.job
2012-07-29 19:47 - 2012-02-22 06:50 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406800214-1754815171-3368183613-1004Core.job
2012-07-27 07:32 - 2012-07-27 07:32 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-26 18:00 - 2012-04-05 12:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-26 18:00 - 2011-05-17 12:51 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-23 08:40 - 2012-07-06 09:26 - 00000281 ____A C:\Windows\Lexstat.ini
2012-07-11 23:20 - 2009-07-13 20:45 - 00335160 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 23:03 - 2012-07-11 23:03 - 00000127 ____A C:\Windows\System32\MRT.INI
2012-07-11 23:01 - 2011-02-16 15:43 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 18:33 - 2012-07-11 18:33 - 00367104 ____A C:\Users\archana\AppData\Roaming\qdvcf.dll
2012-07-06 09:33 - 2012-07-06 09:33 - 00001146 ____A C:\Users\Public\Desktop\Lexmark 640 Series Solution Center.lnk
2012-07-06 09:26 - 2012-07-06 09:25 - 00004349 ____A C:\Windows\System32\LexFiles.ulf
2012-06-27 16:35 - 2012-06-27 16:35 - 00151552 ____A (DT Soft Ltd) C:\Users\archana\AppData\Roaming\ckerod.dll
2012-06-13 17:26 - 2009-07-13 21:08 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 19:04 - 2012-07-11 23:04 - 03151360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-11 18:36 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-11 18:36 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 10:19 - 2010-11-29 01:27 - 00000528 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-05 21:50 - 2012-07-11 18:36 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-11 18:36 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-11 18:36 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-11 18:36 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-04 05:40 - 2012-06-04 05:40 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-06-04 05:39 - 2012-01-02 16:35 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-06-04 05:39 - 2012-01-02 16:35 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-06-04 05:39 - 2012-01-02 16:35 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-06-04 05:39 - 2012-01-02 16:35 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-06-04 05:39 - 2009-10-21 23:09 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-06-04 05:39 - 2009-10-21 23:09 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-02 14:19 - 2012-06-18 18:03 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 18:03 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 18:03 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 18:02 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 18:02 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 18:03 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 18:02 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-18 18:02 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-18 18:02 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:38 - 2012-07-11 18:33 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-11 18:33 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-11 18:33 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-11 18:33 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-11 18:33 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-11 18:33 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-11 18:33 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-11 18:33 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-11 18:33 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 07:27 - 2012-06-01 07:27 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-31 08:25 - 2011-05-26 20:39 - 00279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-20 08:52 - 2012-05-20 08:52 - 00000938 ____A C:\Users\Public\Desktop\Zune.lnk
2012-05-20 08:46 - 2012-05-20 08:46 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2012-05-20 08:46 - 2012-05-20 08:46 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-05-14 19:56 - 2012-06-12 14:36 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:52 - 2012-06-12 14:36 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:08 - 2012-06-12 14:36 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:06 - 2012-06-12 14:36 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3892.55 MB
Available physical RAM: 3263.18 MB
Total Pagefile: 3890.7 MB
Available Pagefile: 3252.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:369.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.2 GB) NTFS
4 Drive g: () (Removable) (Total:7.45 GB) (Free:7.22 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7628 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1200 MB 1024 KB
Partition 2 Primary 454 GB 1201 MB
Partition 3 Primary 9 GB 455 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM_DRV NTFS Partition 1200 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows7_OS NTFS Partition 454 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Lenovo_Reco NTFS Partition 9 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7624 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G NTFS Removable 7624 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-30 08:32

======================= End Of Log ==========================


Please find the attached MBRDUMP.txt file.

Attached Files


  • 0

Advertisements

#11
JSntgRvr
Posted 07 August 2012 - 10:42 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
There is a 0 byte partition in the MBR.

For x64 bit systems please download Listparts64
and save it to a flash drive.

Download also the enclosed file:

Save it also in the USB drive

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\ListParts.exe (for x64 bit version type e:\ListParts64.exe) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
    • Press the Fix button.
    • When it is done close the notification pop up.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Once this process is completed, put check mark on List BCD.
  • Press Scan button.
  • It will make a log (Result.txt) in the flash drive. Please copy and paste it to your reply. Attempt to boot in Normal Mode.

  • 0

#12
arliday
Posted 07 August 2012 - 11:51 AM

arliday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks for detail reply and next steps.

I have one question before executing this steps, I will not loss any data while executing those steps...right? I know, it won't but just wanted to confirm.

regards,
Lirin.
  • 0

#13
JSntgRvr
Posted 07 August 2012 - 01:59 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Despite there is always a posibiblity that something may go wrong when modifying the MBR, in my experience it hasn't happen. In your position I would go for it. All I am doing is making the right partition active (bootable).
  • 0

#14
arliday
Posted 07 August 2012 - 10:28 PM

arliday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks for clearing out this. I will send you the logs once it get finished. currently it is running Starup Repair and it look like, will take some time to get finish.

Sorry for delay turnaround from my side on this. but to clear you out on this, I donot get time during day because of my office work so, I am only able to work on this after midnight.
  • 0

#15
arliday
Posted 07 August 2012 - 10:42 PM

arliday

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi JSntgRvr,

Hey after week I am seeing again my computre booted successfully :thumbsup: :lol: you are master. see below Result.log for your reference.

ListParts by Farbar Version: 25-07-2012
Ran by SYSTEM (administrator) on 08-08-2012 at 00:36:17
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3892.55 MB
Available physical RAM: 3267.81 MB
Total Pagefile: 3890.7 MB
Available Pagefile: 3313.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.92 MB

======================= Partitions =========================

1 Drive c: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:368.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.2 GB) NTFS
5 Drive g: () (Removable) (Total:7.45 GB) (Free:7.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7628 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1200 MB 1024 KB
Partition 2 Primary 454 GB 1201 MB
Partition 3 Primary 9 GB 455 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SYSTEM_DRV NTFS Partition 1200 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Windows7_OS NTFS Partition 454 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Lenovo_Reco NTFS Partition 9 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7624 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G NTFS Removable 7624 MB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
extendedinput Yes
default {ae1669d5-fb97-11df-aab0-60eb6996d801}
resumeobject {ae1669d4-fb97-11df-aab0-60eb6996d801}
displayorder {ae1669d5-fb97-11df-aab0-60eb6996d801}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 0
customactions 0x1000085000001
0x5400000f
custom:5400000f {ce258a57-ff1b-11df-b5fd-60eb6996d801}

Windows Boot Loader
-------------------
identifier {ae1669d5-fb97-11df-aab0-60eb6996d801}
device partition=D:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {ce258a57-ff1b-11df-b5fd-60eb6996d801}
recoveryenabled Yes
osdevice partition=D:
systemroot \Windows
resumeobject {ae1669d4-fb97-11df-aab0-60eb6996d801}
nx OptIn

Windows Boot Loader
-------------------
identifier {ce258a57-ff1b-11df-b5fd-60eb6996d801}
device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{ce258a58-ff1b-11df-b5fd-60eb6996d801}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{ce258a58-ff1b-11df-b5fd-60eb6996d801}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {ae1669d4-fb97-11df-aab0-60eb6996d801}
device partition=D:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=D:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Setup Ramdisk Options
---------------------
identifier {ae5534e0-a924-466c-b836-758539a3ee3a}
description Ramdisk options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi

Device options
--------------
identifier {ce258a58-ff1b-11df-b5fd-60eb6996d801}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi


****** End Of Log ******

I did see one more file created, thought to attached for your reference.

Attached Files


  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP