Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 failed to start; startup repair not fix [Solved]


  • This topic is locked This topic is locked

#1
panther74

panther74

    Member

  • Member
  • PipPip
  • 58 posts
The computer is an Acer AOD255 netbook. It failed to startup 3 or 4 days ago and gave me this message:
"Root cause: Boot critical file d:\windows\system32\drivers\fvevol.sys is corrupt. Error code:0x45d"

After trying to fix with Startup Repair, I did a System Restore. It worked fine but today it gave me the same Windows failed to start (except Error Code was 0x490). Startup Repair would not fix and this time I could not get System Restore to complete restoring "unspecified error occurred during System Restore".

Any help will be most appreciated.

I did an OTL scan which is:

OTL logfile created on: 12/10/2013 2:38:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = f:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.09 Mb Total Physical Memory | 608.45 Mb Available Physical Memory | 60.06% Memory free
1013.09 Mb Paging File | 601.65 Mb Available in Paging File | 59.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = X: | %SystemRoot% = X:\windows | %ProgramFiles% = X:\Program Files
Drive C: | 100.00 Mb Total Space | 71.87 Mb Free Space | 71.87% Space Free | Partition Type: NTFS
Drive D: | 219.79 Gb Total Space | 189.38 Gb Free Space | 86.16% Space Free | Partition Type: NTFS
Drive E: | 13.00 Gb Total Space | 3.46 Gb Free Space | 26.65% Space Free | Partition Type: NTFS
Drive F: | 1.92 Gb Total Space | 0.85 Gb Free Space | 44.36% Space Free | Partition Type: FAT
Drive X: | 33.51 Mb Total Space | 31.08 Mb Free Space | 92.75% Space Free | Partition Type: NTFS

Computer Name: MININT-JNEOBBR | User Name: SYSTEM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/10 14:20:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- f:\OTL.exe
PRC - [2009/07/13 18:51:47 | 000,602,112 | ---- | M] (Microsoft Corporation) -- X:\sources\recovery\RecEnv.exe
PRC - [2009/07/13 17:14:45 | 000,565,760 | ---- | M] (Microsoft Corporation) -- X:\Windows\System32\winpeshl.exe
PRC - [2009/07/13 17:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- X:\Windows\System32\cmd.exe
PRC - [2009/07/13 17:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- X:\Windows\System32\conhost.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2009/07/13 17:16:13 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- X:\Windows\System32\sacsvr.dll -- (sacsvr)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock)
DRV - [2009/07/13 18:38:07 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:38:07 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- X:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:38:07 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- X:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:38:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:19:03 | 000,080,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- X:\Windows\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2009/07/13 15:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- X:\Windows\System32\drivers\ramdisk.sys -- (Ramdisk)
DRV - [2009/07/13 15:18:10 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- X:\Windows\System32\drivers\fbwf.sys -- (FBWF)
DRV - [2009/07/13 15:17:59 | 000,053,248 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- X:\windows\System32\drivers\wimfsf.sys -- (WimFsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========






O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - X:\Windows\System32\drivers\etc\hosts
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableMIC = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIPI = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O20 - HKLM Winlogon: Shell - (cmd.exe) - X:\windows\System32\cmd.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (/k start cmd.exe) - File not found
O20 - HKLM Winlogon: UserInit - (X:\windows\system32\userinit.exe) - X:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/09/14 17:42:50 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ FAT ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/10 14:19:38 | 000,000,000 | ---D | C] -- X:\windows\debug
[2013/12/10 14:19:36 | 000,000,000 | ---D | C] -- X:\windows\ServiceProfiles
[2013/12/10 14:19:35 | 000,000,000 | --SD | C] -- X:\windows\System32\Microsoft
[2013/11/27 01:45:55 | 000,000,000 | ---D | C] -- \Pictures

========== Files - Modified Within 30 Days ==========

[2013/12/10 14:40:27 | 000,083,128 | ---- | M] () -- X:\windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/12/10 14:24:23 | 000,602,112 | ---- | C] () -- \OTL.exe
[2013/12/10 14:19:28 | 000,083,128 | ---- | C] () -- X:\windows\System32\FNTCACHE.DAT
[2013/12/10 13:54:49 | 001,061,325 | ---- | C] () -- \FRST.exe
[2013/12/10 13:05:51 | 000,360,587 | ---- | C] () -- \ListParts.exe
[2012/09/28 16:44:45 | 000,383,786 | --S- | C] () -- \BOOTMGR
[2011/03/20 16:49:36 | 004,585,264 | ---- | C] () -- \FixCleanerSetup.exe
[2011/03/20 16:47:02 | 000,691,528 | ---- | C] () -- \SpyHunter-Installer.exe
[2011/03/20 16:43:15 | 000,566,272 | ---- | C] () -- \aswMBR.exe
[2011/03/20 16:38:58 | 000,000,335 | ---- | C] () -- \FixExe.reg
[2011/03/20 16:37:31 | 007,734,240 | ---- | C] () -- \ugtset.bat
[2010/02/14 21:55:54 | 000,024,318 | ---- | C] () -- \csv_win_export.CSV
[2010/02/14 21:53:12 | 000,024,318 | ---- | C] () -- \contacts_export.CSV
[2010/02/14 21:29:28 | 000,525,312 | ---- | C] () -- \backup.pst
[2008/04/20 21:49:45 | 000,028,672 | ---- | C] () -- \setupSNK.exe
[2008/04/20 21:49:44 | 000,000,090 | ---- | C] () -- \AUTORUN.INF

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 17:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:52:43 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:52:43 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >

This is an OTL Extras txt file that I also found:

OTL Extras logfile created on: 12/10/2013 2:38:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = f:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.09 Mb Total Physical Memory | 608.45 Mb Available Physical Memory | 60.06% Memory free
1013.09 Mb Paging File | 601.65 Mb Available in Paging File | 59.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = X: | %SystemRoot% = X:\windows | %ProgramFiles% = X:\Program Files
Drive C: | 100.00 Mb Total Space | 71.87 Mb Free Space | 71.87% Space Free | Partition Type: NTFS
Drive D: | 219.79 Gb Total Space | 189.38 Gb Free Space | 86.16% Space Free | Partition Type: NTFS
Drive E: | 13.00 Gb Total Space | 3.46 Gb Free Space | 26.65% Space Free | Partition Type: NTFS
Drive F: | 1.92 Gb Total Space | 0.85 Gb Free Space | 44.36% Space Free | Partition Type: FAT
Drive X: | 33.51 Mb Total Space | 31.08 Mb Free Space | 92.75% Space Free | Partition Type: NTFS

Computer Name: MININT-JNEOBBR | User Name: SYSTEM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- %SystemRoot%\System32\control.exe "%1",%*
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1"
InternetShortcut [open] -- Reg Error: Key error.
InternetShortcut [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

Error encountered while reading event logs.

< End of report >
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts
Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#3
panther74

panther74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Thank you for your help. I had run FRST just before I ran the OTL scan. If I need to run it again let me know.
This is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2013
Ran by SYSTEM on MININT-NV2JV42 on 10-12-2013 14:01:09
Running from F:\
Windows 7 Starter (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-07] (COMODO)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
HKU\Charlie\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2011-11-11] (Google Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-01-14] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-01-14] ()
HKU\WWB\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2011-11-11] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\guard32.dll [ 2012-11-07] (COMODO)
Startup: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

========================== Services (Whitelisted) =================

S2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-07] (COMODO)
S2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-06-11] (Acer Incorporated)
S2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S3 MWLService; C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S2 SecureUpdateSvc; C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe [2473296 2013-10-30] ()
S2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)

==================== Drivers (Whitelisted) ====================

S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [19632 2012-11-07] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-07] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-07] (COMODO)
S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-06-16] (ENE Technology Inc.)
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82952 2012-11-07] (COMODO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-12-01] (Malwarebytes Corporation)
S1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-02] (Egis Technology Inc.)
S1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-02] (Egis Technology Inc.)
S1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-02] (Egis Technology Inc.)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [31752 2013-03-26] (IObit.com)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-03-26] (IObit.com)
S0 fsrjb; System32\drivers\mqln.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\System32\DRIVERS\Apfiltr.sys 10B2C784163208693248AF6241C011FF
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athr.sys C35AF075C15827D74B5C9702CBCB175B
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys A1A240C4BC6ABAAB75E0D25F51B09591
C:\Windows\System32\DRIVERS\cmdguard.sys A1865742BBCF4C5F38FEE1258F8048FD
C:\Windows\System32\DRIVERS\cmdhlp.sys 221D000474F01B1606FFC3FF362D9333
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\EUCR6SK.SYS 4FAB8DFAF156E048AD514EABD268AB3A
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys F5DBCF84176C62B4BEDF22DB56444CBD
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys D80AA0907748D7CC8EFAB3773F32629B
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igdkmd32.sys BA41E1BBA410212CE6D30E0DAC47972B
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\inspect.sys 3B6BE2DA5993B1E38613976FAF4AC83E
C:\Windows\System32\drivers\RTKVHDA.sys 8C92829CCAE93139B90C46389FBEF4CF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1
C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51
C:\Windows\System32\DRIVERS\L1C62x86.sys 1A91EAAD2D73758140B3B7B6AD736573
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamswissarmy.sys 0DB7527DB188C7D967A37BB51BBF3963
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys CB47C414E083CA6E50E634B148F28F64
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 647B953019559BFF07536F5C6121F333
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys 5A236A36DB8687D1E64DC81C03EAABE1
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point32.sys 4B30EE7037EA1529F5FC80DE5DC42A30
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys B56C68DB46DF55A657C5C4A4DF16E082
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SmartDefragDriver.sys BF302072DC8374CF4E118FD88AA817A2
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys 9CE253214ACAA5A7D323327D2055EFAA
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys 795BE722AACDDAE782F495C7FDAE6BA0
C:\Windows\System32\DRIVERS\usbccgp.sys 71D97F1A3CC47A56728F7A400A3F8295
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\system32\drivers\usbehci.sys C4FB8E7ADEA9B5CEEA885A1B504B7E40
C:\Windows\System32\DRIVERS\usbhub.sys 86AA95ACB611001E26CD2C0145F2225A
C:\Windows\system32\drivers\usbohci.sys DCDF9855145A14DFCA0AB32308871961
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 8E51D04175BAA14C4F79AA5F6D248770
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 13:59 - 2013-12-10 13:59 - 00000000 ____D C:\FRST
2013-12-10 10:47 - 2013-12-10 12:36 - 00000000 _____ C:\Recovery.txt
2013-12-07 10:12 - 2013-12-07 10:25 - 00008813 _____ C:\Windows\IE11_main.log
2013-12-01 15:52 - 2013-12-07 09:26 - 00000112 _____ C:\Windows\setupact.log
2013-12-01 15:52 - 2013-12-01 15:52 - 00000000 _____ C:\Windows\setuperr.log
2013-12-01 15:51 - 2013-12-01 15:51 - 00000554 _____ C:\Windows\PFRO.log
2013-12-01 13:46 - 2013-12-01 13:46 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-11-19 20:24 - 2013-11-19 20:25 - 95025368 ____T C:\ProgramData\dlfdrao.bxx
2013-11-19 20:24 - 2013-11-19 20:24 - 00000000 _____ C:\ProgramData\dlfdrao.fvv
2013-11-19 19:08 - 2013-12-07 10:35 - 00183659 _____ C:\Windows\WindowsUpdate.log
2013-11-14 18:48 - 2013-10-11 23:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-14 18:48 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-14 18:48 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-14 18:48 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-14 18:48 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-14 18:48 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-14 18:48 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-14 18:48 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-14 18:48 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-14 18:48 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-14 18:48 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-14 18:48 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-14 18:48 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-14 18:48 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-14 18:48 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-14 18:48 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-14 16:54 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-14 16:54 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-14 16:54 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-14 16:53 - 2013-09-24 18:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-14 16:53 - 2013-09-24 18:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-14 16:53 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-14 16:53 - 2013-09-24 17:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-14 16:53 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-14 16:53 - 2013-09-24 17:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-14 16:53 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-14 16:53 - 2013-09-24 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-14 16:53 - 2013-09-24 16:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-14 16:53 - 2013-07-04 04:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-14 16:52 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-14 16:52 - 2013-10-11 18:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-14 16:52 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-14 16:52 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-14 16:52 - 2013-10-02 17:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll

==================== One Month Modified Files and Folders =======

2013-12-10 13:59 - 2013-12-10 13:59 - 00000000 ____D C:\FRST
2013-12-10 12:36 - 2013-12-10 10:47 - 00000000 _____ C:\Recovery.txt
2013-12-10 12:28 - 2011-02-03 12:10 - 00000000 ____D C:\users\WWB
2013-12-10 12:27 - 2013-08-26 04:13 - 00000000 ____D C:\Program Files\Secure Speed Dial
2013-12-10 12:27 - 2011-08-14 17:41 - 00000000 ____D C:\ProgramData\IObit
2013-12-10 12:27 - 2011-05-18 08:46 - 00000000 ____D C:\ProgramData\Comodo
2013-12-10 12:27 - 2011-05-04 04:43 - 00000000 ____D C:\Users\WWB\Desktop\Computer Care
2013-12-10 12:27 - 2010-12-11 20:01 - 00000000 ____D C:\users\Charlie
2013-12-10 12:27 - 2010-09-02 23:53 - 00000000 ____D C:\Windows\System32\Macromed
2013-12-10 12:27 - 2010-09-02 23:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-10 12:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-12-10 12:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-12-10 12:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-10 12:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat
2013-12-10 12:27 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-10 12:26 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2013-12-10 12:23 - 2011-08-11 06:11 - 00000000 ____D C:\Users\WWB\AppData\Roaming\IObit
2013-12-10 12:22 - 2012-03-22 03:55 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2013-12-10 12:22 - 2012-03-22 03:55 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2013-12-10 12:22 - 2012-01-26 17:18 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\IObit
2013-12-10 12:22 - 2011-08-11 06:11 - 00000000 ____D C:\Program Files\IObit
2013-12-10 10:47 - 2010-12-11 20:01 - 00000000 __SHD C:\Recovery
2013-12-07 10:35 - 2013-11-19 19:08 - 00183659 _____ C:\Windows\WindowsUpdate.log
2013-12-07 10:25 - 2013-12-07 10:12 - 00008813 _____ C:\Windows\IE11_main.log
2013-12-07 10:25 - 2011-05-18 08:49 - 01474832 _____ C:\Windows\System32\Drivers\sfi.dat
2013-12-07 09:38 - 2009-07-13 20:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-07 09:38 - 2009-07-13 20:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-07 09:26 - 2013-12-01 15:52 - 00000112 _____ C:\Windows\setupact.log
2013-12-03 17:21 - 2013-09-08 15:14 - 00007605 _____ C:\Users\WWB\AppData\Local\Resmon.ResmonCfg
2013-12-02 20:09 - 2013-10-05 16:02 - 40546304 _____ C:\Windows\System32\config\software.iobit
2013-12-02 20:09 - 2013-10-05 16:02 - 00282624 _____ C:\Windows\System32\config\default.iobit
2013-12-02 20:09 - 2013-10-05 16:02 - 00061440 _____ C:\Windows\System32\config\sam.iobit
2013-12-02 20:09 - 2013-10-05 16:02 - 00024576 _____ C:\Windows\System32\config\security.iobit
2013-12-02 19:40 - 2011-05-05 10:05 - 00000000 ____D C:\Users\WWB\AppData\Roaming\Media Player Classic
2013-12-01 21:13 - 2013-10-29 04:54 - 27488256 _____ C:\Windows\System32\config\components.iobit
2013-12-01 15:52 - 2013-12-01 15:52 - 00000000 _____ C:\Windows\setuperr.log
2013-12-01 15:51 - 2013-12-01 15:51 - 00000554 _____ C:\Windows\PFRO.log
2013-12-01 15:51 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system
2013-12-01 13:46 - 2013-12-01 13:46 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-11-19 20:25 - 2013-11-19 20:24 - 95025368 ____T C:\ProgramData\dlfdrao.bxx
2013-11-19 20:24 - 2013-11-19 20:24 - 00000000 _____ C:\ProgramData\dlfdrao.fvv
2013-11-19 20:08 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2013-11-16 12:55 - 2011-05-03 20:19 - 00002093 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-15 17:21 - 2012-04-02 17:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-11-15 17:21 - 2011-05-18 08:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-11-14 18:40 - 2013-08-25 21:49 - 00000000 ____D C:\Windows\System32\MRT
2013-11-14 18:40 - 2011-02-03 12:36 - 80340640 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\dlfdrao.bxx
C:\ProgramData\dlfdrao.fvv


Some content of TEMP:
====================
C:\Users\Charlie\AppData\Local\Temp\MSN5C36.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {d50e856c-db56-11df-a409-fe824ff49208}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {d50e856c-db56-11df-a409-fe824ff49208}
nx OptIn

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[C:]\Recovery\d50e856e-db56-11df-a409-fe824ff49208\Winre.wim,{d50e856f-db56-11df-a409-fe824ff49208}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\d50e856e-db56-11df-a409-fe824ff49208\Winre.wim,{d50e856f-db56-11df-a409-fe824ff49208}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {d50e856c-db56-11df-a409-fe824ff49208}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {d50e856f-db56-11df-a409-fe824ff49208}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\d50e856e-db56-11df-a409-fe824ff49208\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 1013.09 MB
Available physical RAM: 529.06 MB
Total Pagefile: 1013.09 MB
Available Pagefile: 533.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.2 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:189.38 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:3.46 GB) NTFS
Drive f: () (Removable) (Total:1.92 GB) (Free:0.85 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: A6668B37)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=2 GB) - (Type=0E)


LastRegBack: 2013-12-01 16:21

==================== End Of Log ============================
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts
Download the enclosed file. Attached File  fixlist.txt   272bytes   321 downloads

Save it in the location FRST is.

Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Boot in Normal Mode. If unable, try Safe Mode. If still unable, please describe the boot process. Any error messages? BSOD?
  • 0

#5
panther74

panther74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I ran FRST fix. I restarted the computer but it did not start up. Startup Repair could not resolve. I did not try System Restore. I am trying to shut down and then start. If it doesn't start, I will copy and include the report details, if that will help?

This is the fixlist report:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-12-2013
Ran by SYSTEM at 2013-12-11 18:51:34 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Start
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
C:\ProgramData\dlfdrao.bxx
C:\ProgramData\dlfdrao.fvv
C:\Users\Charlie\AppData\Local\Temp\MSN5C36.exe
S0 fsrjb; System32\drivers\mqln.sys [x]
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => Value deleted successfully.
C:\ProgramData\dlfdrao.bxx => Moved successfully.
C:\ProgramData\dlfdrao.fvv => Moved successfully.
C:\Users\Charlie\AppData\Local\Temp\MSN5C36.exe => Moved successfully.
fsrjb => Service deleted successfully.

==== End of Fixlog ====
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts
I must assume it didn't start in Safe Mode neither. Lets restore the registry to December 1.

Download the enclosed file. Attached File  fixlist.txt   41bytes   169 downloads

Save it in the location FRST is.

Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Boot in Normal Mode. If unable, try Safe Mode. If still unable, please describe the boot process.
  • 0

#7
panther74

panther74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
It did not start up. Did the same as it did when it failed to startup 3 or 4 days ago and gave me this message:
"Root cause: Boot critical file d:\windows\system32\drivers\fvevol.sys is corrupt.


Here is the Startup Repair log:


Startup Repair diagnosis and repair log
---------------------------
Last successful boot time: ‎12/‎7/‎2013 5:26:06 PM (GMT)
Number of repair attempts: 18

Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = D:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code = 0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code = 0x0
Time taken = 15 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 141 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code = 0x0
Time taken = 31 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code = 0x0
Time taken = 109 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code = 0x0
Time taken = 375 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 202 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code = 0x0
Time taken = 94 ms

Root cause found:
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.

---------------------------
---------------------------
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = D:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code = 0x0
Time taken = 32 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code = 0x0
Time taken = 15 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 141 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code = 0x0
Time taken = 46 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code = 0x0
Time taken = 125 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code = 0x0
Time taken = 375 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 202 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code = 0x0
Time taken = 110 ms

Root cause found:
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.

---------------------------
---------------------------
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = D:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code = 0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code = 0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 140 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code = 0x0
Time taken = 31 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code = 0x0
Time taken = 109 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code = 0x0
Time taken = 390 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 219 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code = 0x0
Time taken = 109 ms

Root cause found:
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.

---------------------------
---------------------------
  • 0

#8
panther74

panther74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I had not read your post, befor I sent my last one. Using the fixlist you sent I ran FRST. The fixlist report is:

ix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-12-2013
Ran by SYSTEM at 2013-12-11 19:56:36 Run:2
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Start
LastRegBack: 2013-12-01 16:21
End
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
  • 0

#9
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts
Download the enclosed file. Attached File  fixlist.txt   58bytes   163 downloads

Save it in the location FRST is.

Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.


It will also produce two reports, MBRDUMP.txt and PFRO.log. These last two reports must be attached to your reply. In the case of the PFRO.log, please have it zipped before uploading.
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts
Also:

Please run the following command at the Recovery's Command prompt:

sfc /scannow /offbootdir=y:\ /offwindir=c:\windows

Let me know the outcome.
  • 0

Advertisements


#11
panther74

panther74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Also:

Please run the following command at the Recovery's Command prompt:

sfc /scannow /offbootdir=y:\ /offwindir=c:\windows

Let me know the outcome.


The MBRDUMP.txt is attached, but I did not find a PFRO.log on the flashdrive, which was drive f: on the computer? I started the scan before I realized that the PFRO.log was not on the flashdrive. Do I need to run the FRST fix again using the Fixlog.txt?

The fixlog.txt results are below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-12-2013
Ran by SYSTEM at 2013-12-11 22:07:29 Run:3
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Start
Copy C:\Windows\PFRO.log F:\
SaveMbr: drive=0
End
*****************

MBRDUMP.txt is made successfully.

==== End of Fixlog ====
  • 0

#12
panther74

panther74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I forgot to attach the MBRDUMP.txt.Attached File  MBRDUMP.txt   512bytes   262 downloads

What is your schedule? I don't want to make you wait for me to respond. I can get on geekstogo at most anytime.
  • 0

#13
panther74

panther74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I ran: sfc /scannow /offbootdir=y:\ /offwindir=c:\windows. After about 30 minutes there was the following message:


Windows Resource Protection could not perform the requested operation.
  • 0

#14
panther74

panther74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I ran the FRST fix again using the Fixlist.txt. The Fixlog.txt report was the same. I am attaching the MBRDUMP.txt(as MBRDUMP2.txt to avoid confusion) since I do not know whether it was the same as previously sent to you.

Again no PFRO.log was on the flash drive. Using the command box I manually copied it from the computer's C:\Windows directory to the flashdrive and a zipped copy is also attached.

Attached Files


  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts
The MBR seems clear, and the PFRO.log seems to be related to files deleted by another user, WWB. When you run the SFC /Scannow, the system should create a log file, C:\Windows\Logs\CBS\CBS.log.

Lets see if available.

Download the enclosed file. Attached File  fixlist.txt   97bytes   152 downloads

Save it in the location FRST is.

Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

If too large, try uploading the file here.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP