[VSpec04]

Hello everyone.
I'm from Poland and my English is a little bit lame so...
I've got a problem with my laptop (MSI CX620). After I used a pendrive once OS (Windows 7 64bit) just won't start... it's freezing on a "Starting Windows" screen when I choose the normal boot option. Safe Mode is working, but it's unable to find any problem.
I've tried with fixboot, fixmbr and stuff like that in command prompt and nothing helped. Good thing is that CHKDSK didn't find anything wrong.
I've also created a bootable USB drive with FRST64.

Here is log from it :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2013 01
Ran by SYSTEM on 14-07-2013 00:42:16
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.[/b]

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11465832 2010-09-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems 

Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] 

(Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., 

Ltd.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [337432 2013-04-15] (Power Software Ltd)
HKU\pio\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_Plugin.exe -update plugin [x]
HKU\Tomek\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1561968 2013-05-23] (Samsung)
HKU\Tomek\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rejestracja Need for Speed™ Undercover.lnk
ShortcutTarget: Rejestracja Need for Speed™ Undercover.lnk -> C:\Program Files (x86)\EA Games\Need for Speed 

Undercover\Support\EAregister.exe (Leader Technologies)

==================== Services (Whitelisted) =================

S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2013-06-23] ()

==================== Drivers (Whitelisted) ====================

S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [88912 2010-08-09] (ENE Technology Inc.)
S3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [50176 2011-02-18] (ZOOM)
S3 ZMHHPAudioSrv; C:\Windows\System32\drivers\zmhhpau.sys [43520 2011-03-08] (ZOOM)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [x]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-14 00:15 - 2013-07-14 00:15 - 00000000 ____D C:\FRST
2013-06-25 14:02 - 2013-06-25 16:51 - 00000043 _____ C:\Users\Tomek\Documents\Nowy dokument tekstowy.txt
2013-06-23 15:14 - 2013-06-23 15:14 - 00792704 _____ (AMD) C:\Users\Tomek\Downloads\amddriverdownloader.exe
2013-06-23 15:13 - 2013-06-23 15:13 - 01189624 _____ (AMD Inc.) C:\Users\Tomek\Downloads\catalyst_mobility_64-bit_util.exe
2013-06-23 15:13 - 2013-06-23 15:13 - 00000000 ____D C:\AMD
2013-06-23 14:46 - 2013-06-24 14:23 - 00183112 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-23 14:46 - 2013-06-23 14:46 - 00066872 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-23 14:46 - 2013-06-23 14:46 - 00000000 ____D C:\Users\Tomek\Documents\NFS Undercover
2013-06-23 14:45 - 2013-06-23 14:45 - 00000000 ____D C:\Users\Tomek\AppData\Local\PunkBuster
2013-06-23 14:43 - 2013-06-23 14:43 - 00002050 _____ C:\Users\Public\Desktop\Need for Speed™ Undercover.lnk
2013-06-23 14:43 - 2013-06-23 14:43 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\Leadertech
2013-06-23 14:36 - 2013-06-23 14:36 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-06-23 14:31 - 2013-06-23 14:31 - 00000971 _____ C:\Users\Public\Desktop\PowerISO.lnk
2013-06-23 14:31 - 2013-06-23 14:31 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\PowerISO
2013-06-23 14:31 - 2013-06-23 14:31 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-06-23 14:31 - 2013-04-15 01:50 - 00127384 _____ (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2013-06-23 14:30 - 2013-06-23 14:30 - 05609832 _____ (Power Software Ltd) C:\Users\Tomek\Downloads\PowerISO5.exe
2013-06-15 05:51 - 2013-06-15 05:51 - 00001966 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-15 05:51 - 2013-06-15 05:51 - 00001956 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2013-06-15 05:51 - 2013-06-15 05:51 - 00000000 ____D C:\Users\Tomek\Documents\samsung
2013-06-15 05:51 - 2013-06-15 05:51 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\Samsung
2013-06-15 05:51 - 2013-06-15 05:51 - 00000000 ____D C:\Users\Tomek\AppData\Local\Samsung
2013-06-15 05:51 - 2013-06-15 05:51 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-15 05:51 - 2013-06-15 05:51 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-15 05:50 - 2013-05-01 20:23 - 00203672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2013-06-15 05:50 - 2013-05-01 20:23 - 00103064 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2013-06-15 05:49 - 2013-06-15 05:49 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-06-15 05:48 - 2013-05-22 10:43 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2013-06-15 05:48 - 2013-05-22 10:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2013-06-15 05:47 - 2013-06-15 05:50 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-15 05:47 - 2013-06-15 05:49 - 00000000 ____D C:\ProgramData\Samsung
2013-06-15 05:46 - 2013-06-15 05:46 - 00000000 ____D C:\Users\Tomek\AppData\Local\Downloaded Installations
2013-06-15 05:44 - 2013-06-15 05:45 - 69438144 _____ (Samsung Electronics Co., Ltd.                                ) 

C:\Users\Tomek\Downloads\KiesSetup.exe

==================== One Month Modified Files and Folders =======

2013-07-14 00:15 - 2013-07-14 00:15 - 00000000 ____D C:\FRST
2013-07-13 05:39 - 2013-06-05 09:26 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 05:39 - 2013-04-08 14:23 - 01161571 _____ C:\Windows\WindowsUpdate.log
2013-07-01 06:43 - 2011-02-04 09:20 - 00687828 _____ C:\Windows\System32\perfh015.dat
2013-07-01 06:43 - 2011-02-04 09:20 - 00131382 _____ C:\Windows\System32\perfc015.dat
2013-07-01 06:43 - 2009-07-13 21:13 - 01523412 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-01 06:39 - 2009-07-13 20:45 - 00021840 ____H 

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-01 06:39 - 2009-07-13 20:45 - 00021840 ____H 

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-01 06:37 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-01 06:36 - 2009-07-13 21:08 - 00021694 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-01 06:28 - 2009-07-13 20:51 - 00009583 _____ C:\Windows\setupact.log
2013-06-25 16:51 - 2013-06-25 14:02 - 00000043 _____ C:\Users\Tomek\Documents\Nowy dokument tekstowy.txt
2013-06-25 13:48 - 2013-06-09 03:37 - 00000000 ____D C:\Users\Tomek\AppData\Local\Microsoft Games
2013-06-24 14:23 - 2013-06-23 14:46 - 00183112 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-23 15:14 - 2013-06-23 15:14 - 00792704 _____ (AMD) C:\Users\Tomek\Downloads\amddriverdownloader.exe
2013-06-23 15:13 - 2013-06-23 15:13 - 01189624 _____ (AMD Inc.) C:\Users\Tomek\Downloads\catalyst_mobility_64-bit_util.exe
2013-06-23 15:13 - 2013-06-23 15:13 - 00000000 ____D C:\AMD
2013-06-23 14:46 - 2013-06-23 14:46 - 00066872 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-23 14:46 - 2013-06-23 14:46 - 00000000 ____D C:\Users\Tomek\Documents\NFS Undercover
2013-06-23 14:45 - 2013-06-23 14:45 - 00000000 ____D C:\Users\Tomek\AppData\Local\PunkBuster
2013-06-23 14:45 - 2013-05-27 12:21 - 00000000 ____D C:\Users\Tomek\AppData\Local\VirtualStore
2013-06-23 14:43 - 2013-06-23 14:43 - 00002050 _____ C:\Users\Public\Desktop\Need for Speed™ Undercover.lnk
2013-06-23 14:43 - 2013-06-23 14:43 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\Leadertech
2013-06-23 14:36 - 2013-06-23 14:36 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-06-23 14:36 - 2013-04-29 08:23 - 00254229 _____ C:\Windows\DirectX.log
2013-06-23 14:33 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-06-23 14:31 - 2013-06-23 14:31 - 00000971 _____ C:\Users\Public\Desktop\PowerISO.lnk
2013-06-23 14:31 - 2013-06-23 14:31 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\PowerISO
2013-06-23 14:31 - 2013-06-23 14:31 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-06-23 14:30 - 2013-06-23 14:30 - 05609832 _____ (Power Software Ltd) C:\Users\Tomek\Downloads\PowerISO5.exe
2013-06-23 02:15 - 2013-06-05 09:26 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-23 02:15 - 2013-04-08 22:54 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-23 02:15 - 2013-04-08 22:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-21 04:48 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-06-20 11:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-15 05:51 - 2013-06-15 05:51 - 00001966 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-15 05:51 - 2013-06-15 05:51 - 00001956 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2013-06-15 05:51 - 2013-06-15 05:51 - 00000000 ____D C:\Users\Tomek\Documents\samsung
2013-06-15 05:51 - 2013-06-15 05:51 - 00000000 ____D C:\Users\Tomek\AppData\Roaming\Samsung
2013-06-15 05:51 - 2013-06-15 05:51 - 00000000 ____D C:\Users\Tomek\AppData\Local\Samsung
2013-06-15 05:51 - 2013-06-15 05:51 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-06-15 05:51 - 2013-06-15 05:51 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-15 05:50 - 2013-06-15 05:47 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-15 05:49 - 2013-06-15 05:49 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-06-15 05:49 - 2013-06-15 05:47 - 00000000 ____D C:\ProgramData\Samsung
2013-06-15 05:48 - 2013-04-08 14:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-15 05:46 - 2013-06-15 05:46 - 00000000 ____D C:\Users\Tomek\AppData\Local\Downloaded Installations
2013-06-15 05:45 - 2013-06-15 05:44 - 69438144 _____ (Samsung Electronics Co., Ltd.                                ) 

C:\Users\Tomek\Downloads\KiesSetup.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3885.52 MB
Available physical RAM: 3290.29 MB
Total Pagefile: 3883.67 MB
Available Pagefile: 3280.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:182.79 GB) (Free:152.44 GB) NTFS (Disk=0 Partition=2)
Drive g: () (Removable) (Total:7.46 GB) (Free:7.23 GB) NTFS (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components 

(obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: C5562C52)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)


LastRegBack: 2013-06-22 15:53

==================== End Of Log ============================

Will FRST help if i would have fixlist.txt ?

Thanks in advance.

[Advertisements]

Hi VSpec

Let me start by asking if your problem is resolved?
Why did you post on the Computer Won't Boot - Malware Related? Any malware problem that we should be aware?

[SleepyDude]

Hi VSpec

Let me start by asking if your problem is resolved?
Why did you post on the Computer Won't Boot - Malware Related? Any malware problem that we should be aware?