Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FRST Log uploaded [Closed]

Started by mayursant , Jun 12 2014 08:30 AM

  • This topic is locked This topic is locked

#1
mayursant
Posted 12 June 2014 - 08:30 AM

mayursant

    New Member

  • Member
  • Pip
  • 9 posts
Hi
 
Need help. Computer is facing black screen up on start up. Did lot of reading online and founf this FRST 64X tool which I ran thorugh Recover Option cmd and came up with a FRST.txt file.
 
Now i don't know what it means? What is next step? Would someone help me decoding the attached log and give me solution?
 
I am not able to boot comp even in safe mode....tried absolutely everything....dont want to fresh install....
 
 
Please help!!!
 
Mayur

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by SYSTEM on MININT-AM77Q0R on 12-06-2014 16:09:22
Running from H:\
Platform: Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-17] (Realtek Semiconductor)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [194984 2013-07-20] (Quick Heal Technologies (P) Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-11] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-18] (APN)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe, [X]
HKU\admim\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [149040 2007-03-19] (Nero AG)
HKU\admim\...\Run: [KingTranslate] => "C:\Program Files (x86)\KingTranslate\KingTranslate.exe" /NotShowMainWindow
HKU\admim\...\Run: [SpeedUpMyComputer] => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe [2054776 2013-07-22] ()
HKU\admim\...\Run: [FixMyRegistry] => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
HKU\admim\...\Run: [uTorrent] => C:\Users\admim\AppData\Roaming\uTorrent\uTorrent.exe [1272912 2014-06-03] (BitTorrent Inc.)
AppInit_DLLs: Scdetour.dll => C:\Windows\system32\Scdetour.dll [391648 2013-09-12] (Quick Heal Technologies (P) Ltd.)
AppInit_DLLs-x32: scdetour.dll => C:\Windows\SysWOW64\scdetour.dll [326048 2013-09-12] (Quick Heal Technologies (P) Ltd.)
Lsa: [Notification Packages] scecli ScSecAuth
Startup: C:\Users\admim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
BootExecute: autocheck autochk * bootdelete

==================== Services (Whitelisted) =================

S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-18] (APN LLC.)
S2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [27560 2013-08-12] (Quick Heal Technologies (P) Ltd.)
S2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [44136 2014-06-04] (Quick Heal Technologies (P) Ltd.)
S2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [262568 2013-08-12] (Quick Heal Technologies (P) Ltd.)
S2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [262568 2013-08-12] (Quick Heal Technologies (P) Ltd.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-12] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-11] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-11] (Intel Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [267824 2007-03-19] (Nero AG)
S2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [34728 2013-08-12] (Quick Heal Technologies (P) Ltd.)
S2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [128104 2014-06-04] (Quick Heal Technologies (P) Ltd.)
S2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [319152 2014-03-12] (Quick Heal Technologies (P) Ltd.)
S2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [497576 2013-09-12] (Quick Heal Technologies (P) Ltd.)

==================== Drivers (Whitelisted) ====================

S1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [257112 2013-09-13] (Quick Heal Technologies (P) Ltd.)
S1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [25688 2013-09-13] (Quick Heal Technologies (P) Ltd.)
S2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [56920 2013-07-20] (Quick Heal Technologies (P) Ltd.)
S3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [490256 2013-01-22] (Intel Corporation)
S2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [19032 2013-07-20] (Quick Heal Technologies (P) Ltd.)
S1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [73816 2013-09-06] (Quick Heal Technologies (P) Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-11-09] ()
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [68328 2014-03-27] (Quick Heal Technologies (P) Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [40536 2013-08-23] (Quick Heal Technologies (P) Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S2 webssx; C:\Windows\System32\DRIVERS\webssx.sys [60648 2013-12-30] (Quick Heal Technologies (P) Ltd.)
S1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [72936 2013-12-27] (Quick Heal Technologies (P) Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-12 16:09 - 2014-06-12 16:09 - 00000000 ____D () C:\FRST
2014-06-11 13:40 - 2014-06-11 13:40 - 00000000 __SHD () C:\found.000
2014-06-11 03:23 - 2014-06-11 03:23 - 00003544 ____N () C:\bootsqm.dat
2014-06-11 01:19 - 2014-06-11 01:19 - 00000000 __SHD () C:\found.001
2014-06-10 19:38 - 2014-06-10 19:38 - 00000000 ___HD () C:\Users\admim\ScStore
2014-06-10 02:04 - 2014-06-10 02:09 - 03239391 _____ () C:\Users\admim\Downloads\MP-PHE.rar
2014-06-10 02:03 - 2014-06-10 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 00:58 - 2014-06-10 20:50 - 00001159 _____ () C:\Users\admim\Documents\plot.log
2014-06-06 00:11 - 2014-06-06 00:11 - 00000188 ____H () C:\Users\admim\Documents\Drawing1.dwl2
2014-06-06 00:11 - 2014-06-06 00:11 - 00000038 ____H () C:\Users\admim\Documents\Drawing1.dwl
2014-06-04 22:12 - 2014-06-07 03:04 - 1713874944 _____ () C:\Users\admim\Downloads\keiso_isac3d32014tv.iso
2014-06-04 22:06 - 2014-06-07 02:24 - 00000000 ____D () C:\Users\admim\Downloads\InfiniteSkills.Learning.AutoDesk.Revit.MEP.2013.Training.Video
2014-06-03 20:58 - 2014-06-08 19:40 - 00000000 ____D () C:\Users\admim\Desktop\Aj_Ref files
2014-06-03 01:58 - 2014-06-03 02:03 - 00000000 ____D () C:\Users\admim\Downloads\Nitro PDF Professional Enterprise 8 (32-bit+64-bit) v8.1.1.3 + Key - {Cyclonoid}
2014-06-03 01:57 - 2014-06-03 01:57 - 00000848 _____ () C:\Users\admim\Desktop\µTorrent.lnk
2014-06-03 01:56 - 2014-06-10 23:29 - 00000000 ____D () C:\Users\admim\AppData\Roaming\uTorrent
2014-06-03 01:55 - 2014-06-03 01:56 - 01272912 _____ (BitTorrent Inc.) C:\Users\admim\Downloads\uTorrent.exe
2014-06-03 00:43 - 2014-06-03 00:43 - 00000000 ____D () C:\Users\admim\AppData\Local\CutePDF Writer
2014-06-03 00:42 - 2014-06-03 00:42 - 00003120 _____ () C:\Windows\System32\Tasks\{E8899465-8959-46B9-8BDA-A23B2DD0A993}
2014-06-03 00:42 - 2014-06-03 00:42 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-06-03 00:36 - 2014-06-03 00:41 - 05254656 _____ () C:\Users\admim\Downloads\converter.exe
2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\ProgramData\APN
2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-06-03 00:34 - 2014-03-05 15:31 - 00489392 _____ (Ask Partner Network) C:\Users\admim\Documents\APNSetup1.exe
2014-06-03 00:34 - 2013-10-23 00:54 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-06-03 00:32 - 2014-06-03 00:33 - 02003352 _____ (Acro Software Inc. ) C:\Users\admim\Downloads\CuteWriter.exe
2014-05-21 00:22 - 2014-06-10 23:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 00:22 - 2014-05-21 00:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 19:40 - 2014-05-05 20:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-14 19:40 - 2014-05-05 20:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-14 19:40 - 2014-05-05 19:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 19:40 - 2014-05-05 19:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 19:40 - 2014-05-05 19:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-14 19:40 - 2014-05-05 18:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-13 21:10 - 2014-04-11 18:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-05-13 21:10 - 2014-04-11 18:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2014-05-13 21:10 - 2014-04-11 18:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-05-13 21:10 - 2014-04-11 18:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2014-05-13 21:10 - 2014-04-11 18:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2014-05-13 21:10 - 2014-04-11 18:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2014-05-13 21:10 - 2014-04-11 18:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2014-05-13 21:10 - 2014-04-11 18:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-13 21:10 - 2014-04-11 18:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-13 21:10 - 2014-03-24 18:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-05-13 21:10 - 2014-03-24 18:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 21:10 - 2014-03-04 01:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-05-13 21:10 - 2014-03-04 01:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-05-13 21:10 - 2014-03-04 01:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\System32\objsel.dll
2014-05-13 21:10 - 2014-03-04 01:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2014-05-13 21:10 - 2014-03-04 01:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-05-13 21:10 - 2014-03-04 01:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-05-13 21:10 - 2014-03-04 01:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-05-13 21:10 - 2014-03-04 01:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-05-13 21:10 - 2014-03-04 01:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\wincredprovider.dll
2014-05-13 21:10 - 2014-03-04 01:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-05-13 21:10 - 2014-03-04 01:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\cngprovider.dll
2014-05-13 21:10 - 2014-03-04 01:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\adprovider.dll
2014-05-13 21:10 - 2014-03-04 01:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\capiprovider.dll
2014-05-13 21:10 - 2014-03-04 01:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\dpapiprovider.dll
2014-05-13 21:10 - 2014-03-04 01:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\dimsroam.dll
2014-05-13 21:10 - 2014-03-04 01:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-05-13 21:10 - 2014-03-04 01:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-13 21:10 - 2014-03-04 01:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-13 21:10 - 2014-03-04 01:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-13 21:10 - 2014-03-04 01:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-13 21:10 - 2014-03-04 01:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-13 21:10 - 2014-03-04 01:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-13 21:10 - 2014-03-04 01:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-13 21:10 - 2014-03-04 01:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-13 21:10 - 2014-03-04 01:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-13 21:10 - 2014-03-04 01:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-13 21:10 - 2014-03-04 01:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-13 21:10 - 2014-03-04 01:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-13 21:10 - 2014-03-04 01:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-13 21:10 - 2014-03-04 01:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-13 21:10 - 2014-03-04 01:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-13 21:10 - 2014-03-04 01:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

==================== One Month Modified Files and Folders =======

2014-06-12 16:09 - 2014-06-12 16:09 - 00000000 ____D () C:\FRST
2014-06-12 02:16 - 2013-09-22 01:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-11 13:40 - 2014-06-11 13:40 - 00000000 __SHD () C:\found.000
2014-06-11 03:23 - 2014-06-11 03:23 - 00003544 ____N () C:\bootsqm.dat
2014-06-11 01:19 - 2014-06-11 01:19 - 00000000 __SHD () C:\found.001
2014-06-10 23:30 - 2014-01-21 04:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-06-10 23:30 - 2014-01-21 04:17 - 00000000 ____D () C:\Windows\System32\MRT
2014-06-10 23:30 - 2013-09-21 07:14 - 01977697 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 23:29 - 2014-06-03 01:56 - 00000000 ____D () C:\Users\admim\AppData\Roaming\uTorrent
2014-06-10 23:29 - 2014-03-05 19:36 - 00000000 ____D () C:\Users\admim\AppData\Local\Temp
2014-06-10 23:28 - 2013-12-19 07:01 - 00000000 ____D () C:\Users\admim\Desktop\TIMESHEET
2014-06-10 23:27 - 2013-09-22 20:37 - 00000000 ____D () C:\Users\admim\AppData\Roaming\Dropbox
2014-06-10 23:17 - 2014-05-21 00:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 23:00 - 2013-09-22 19:33 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 22:38 - 2009-07-13 20:45 - 00009792 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 22:38 - 2009-07-13 20:45 - 00009792 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 22:37 - 2014-02-06 02:37 - 00000466 _____ () C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2014-06-10 22:37 - 2014-02-06 02:37 - 00000442 _____ () C:\Windows\Tasks\Resume Quickup Download.job
2014-06-10 22:20 - 2013-10-02 19:18 - 00000000 ____D () C:\Civil 3D Projects
2014-06-10 22:06 - 2013-09-21 07:43 - 00000000 ____D () C:\Users\admim\AppData\Local\Microsoft Help
2014-06-10 20:50 - 2014-06-09 00:58 - 00001159 _____ () C:\Users\admim\Documents\plot.log
2014-06-10 19:39 - 2014-01-21 08:07 - 00000000 ____D () C:\Users\admim\AppData\Roaming\DropboxMaster
2014-06-10 19:38 - 2014-06-10 19:38 - 00000000 ___HD () C:\Users\admim\ScStore
2014-06-10 19:38 - 2014-02-01 03:43 - 00000516 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-06-10 19:38 - 2013-11-08 21:10 - 00027586 _____ () C:\Windows\setupact.log
2014-06-10 19:38 - 2013-09-22 19:33 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 19:38 - 2013-09-21 07:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-10 19:38 - 2013-09-21 07:12 - 00000000 ____D () C:\users\admim
2014-06-10 19:38 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 02:09 - 2014-06-10 02:04 - 03239391 _____ () C:\Users\admim\Downloads\MP-PHE.rar
2014-06-10 02:03 - 2014-06-10 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 04:17 - 2014-01-21 02:29 - 00003004 _____ () C:\Users\admim\Documents\acad.err
2014-06-09 03:30 - 2009-07-13 21:13 - 00713888 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-06-09 00:11 - 2014-01-18 00:50 - 00000185 _____ () C:\Users\admim\AppData\default.pls
2014-06-09 00:11 - 2013-09-21 07:44 - 00000000 ____D () C:\Users\admim\AppData\Roaming\vlc
2014-06-08 19:40 - 2014-06-03 20:58 - 00000000 ____D () C:\Users\admim\Desktop\Aj_Ref files
2014-06-08 19:29 - 2014-02-06 02:36 - 00000000 ____D () C:\Windows\System32\gprodat
2014-06-08 19:29 - 2013-11-08 22:05 - 00089376 _____ () C:\Windows\PFRO.log
2014-06-07 04:30 - 2014-02-01 03:43 - 00000492 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job
2014-06-07 03:04 - 2014-06-04 22:12 - 1713874944 _____ () C:\Users\admim\Downloads\keiso_isac3d32014tv.iso
2014-06-07 02:24 - 2014-06-04 22:06 - 00000000 ____D () C:\Users\admim\Downloads\InfiniteSkills.Learning.AutoDesk.Revit.MEP.2013.Training.Video
2014-06-06 21:11 - 2013-12-21 00:48 - 00000530 _____ () C:\Windows\System32\nvscnrpt.log
2014-06-06 00:11 - 2014-06-06 00:11 - 00000188 ____H () C:\Users\admim\Documents\Drawing1.dwl2
2014-06-06 00:11 - 2014-06-06 00:11 - 00000038 ____H () C:\Users\admim\Documents\Drawing1.dwl
2014-06-05 08:00 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-06-03 02:03 - 2014-06-03 01:58 - 00000000 ____D () C:\Users\admim\Downloads\Nitro PDF Professional Enterprise 8 (32-bit+64-bit) v8.1.1.3 + Key - {Cyclonoid}
2014-06-03 01:57 - 2014-06-03 01:57 - 00000848 _____ () C:\Users\admim\Desktop\µTorrent.lnk
2014-06-03 01:56 - 2014-06-03 01:55 - 01272912 _____ (BitTorrent Inc.) C:\Users\admim\Downloads\uTorrent.exe
2014-06-03 00:43 - 2014-06-03 00:43 - 00000000 ____D () C:\Users\admim\AppData\Local\CutePDF Writer
2014-06-03 00:42 - 2014-06-03 00:42 - 00003120 _____ () C:\Windows\System32\Tasks\{E8899465-8959-46B9-8BDA-A23B2DD0A993}
2014-06-03 00:42 - 2014-06-03 00:42 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-06-03 00:41 - 2014-06-03 00:36 - 05254656 _____ () C:\Users\admim\Downloads\converter.exe
2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\ProgramData\APN
2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-06-03 00:34 - 2014-06-03 00:34 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-06-03 00:33 - 2014-06-03 00:32 - 02003352 _____ (Acro Software Inc. ) C:\Users\admim\Downloads\CuteWriter.exe
2014-05-21 22:39 - 2013-09-21 07:45 - 00000000 ____D () C:\Users\admim\AppData\Local\Google
2014-05-21 00:23 - 2014-05-21 00:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-21 00:22 - 2013-09-23 07:08 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-21 00:22 - 2013-09-23 07:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 19:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\admim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0cvpqu.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 7977.29 MB
Available physical RAM: 7163.64 MB
Total Pagefile: 7975.44 MB
Available Pagefile: 7154.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:145.95 GB) NTFS
Drive d: (Aum) (Fixed) (Total:638.54 GB) (Free:584.35 GB) NTFS
Drive f: (Personal) (Fixed) (Total:97.66 GB) (Free:97.56 GB) NTFS
Drive h: (AUM TECH) (Removable) (Total:7.28 GB) (Free:7.15 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C2D4C849)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=639 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: 28A1EEF3)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)


LastRegBack: 2014-05-11 21:49

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   23.14KB   302 downloads

  • 0

Advertisements

#2
emeraldnzl
Posted 12 June 2014 - 06:01 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello mayursant,

Welcome to G2G.

Looks like you have used Hitman Pro on something. Maybe a rootkit infection?

In any event let's see if this will get your machine booting up so that we can clear away the residual infection.

Please download the attached fixlist.txt file to your flashdrive .

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 


  • 0

#3
mayursant
Posted 12 June 2014 - 08:31 PM

mayursant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thanks a bunch emeraldnzl for quick reply!

 

As suggested carried out the fix. The fixlog.txt is attached for your review. Looks like Dropbox's lingering file is the culprit. I could be wrong though.

 

I am really looking forward to getting this fixed and your assistance is greatly appreciated.

 

Regards, Mayur

 

 


  • 0

#4
emeraldnzl
Posted 12 June 2014 - 09:09 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Are you able to boot to your desktop or if not that to Safe Mode now?


  • 0

#5
mayursant
Posted 12 June 2014 - 10:56 PM

mayursant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Nope...it gets stuck after "ClassPNP.sys" and goes to black screen.

 

In all modes (normal/safe) booting gets stuck and goes to black screen.

 

Hope there is a solution for me.


  • 0

#6
emeraldnzl
Posted 12 June 2014 - 11:10 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

it gets stuck after "ClassPNP.sys" and goes to black screen

 

I have seen that caused by a number of different things.

 

Let's try this one although it's an outside chance:

 

Download the attached fixlist.txt file and save it to the flashdrive.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt). Please post it to your reply.

 

If that doesn't work then do this:

 

Download ListParts64 to a USB flash drive.
    Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  •     Select Repair your computer.
  •     Select Language and click Next
  •     Enter password (if necessary) and click OK, you should now see the screen below ...

66b9e3c2-bb67-47bf-802c-b753b54bcc19_48.

   

  • Select the Command Prompt option.
  •     A command window will open.
  •     Type notepad then hit Enter.
  •     Notepad will open.
  •     Click File > Open then select Computer.
  •     Note down the drive letter for your USB Drive.
  •     Close Notepad.
  • Back in the command window ....
    •    
    • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
         
    • ListParts will start to run.
         
    • Press the Scan button.
         
    • When finished scanning it will make a log Result.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the Result.txt log please.

 


  • 0

#7
mayursant
Posted 13 June 2014 - 09:43 AM

mayursant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Please see attached "Fixlog" as per first suggestion. Tried reboot after that couple of time but no luck. Still Black screen with cursor.

 

After that attempt did scan with Listpart64. Again tried reboot but same result.

 

I really appreciate this forum for quick turn around. I am quite pleased with forum's promptness in attempting to resolve my issue.

 

cheers!

Mayur

Attached Files


  • 0

#8
emeraldnzl
Posted 13 June 2014 - 04:10 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Nope...it gets stuck after "ClassPNP.sys"


Maybe some corruption.

Let's try this:
 

  • Boot into System Recovery Options
  • Choose the Command Prompt option
  • Type the following and hit enter:

    sfc /SCANNOW /OFFBOOTDIR=C:\  /OFFWINDIR=C:\Windows

    Note the spaces... they should be there.

Let it run through it's check.

Try a reboot when it's finished.

Come back and tell me how you got on.
 


  • 0

#9
mayursant
Posted 13 June 2014 - 08:39 PM

mayursant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Tried CMD through System Recovery Option....

 

The CMD directory is by default set to "X:\Windows\System32...anyway I typed sfc scan command as suugested by you but I get error " Windoes Resource Protection could not start the repair service"

 

Thought may be this is due to X: so I chaged directroty to C: and tyed sfc comman once again but got same error...


  • 0

#10
emeraldnzl
Posted 13 June 2014 - 09:08 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Yes, something broken.

 

Tell me, have you tried a System Restore through the Recovery Option?


  • 0

Advertisements

#11
mayursant
Posted 13 June 2014 - 09:34 PM

mayursant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Yes tried that but it says there is no Restore Point available.....


  • 0

#12
emeraldnzl
Posted 13 June 2014 - 10:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

It seems to me that there is corruption going on, either as a result of some serious infection not properly fixed or maybe a hardware problem.

 

I am going to do some research and see what I can come up with.

 

In the meantime here are a couple of things you can try, if you haven't already done so.

 

First:

 

Have you tried a Start Up Repair?

 

If not go to Win 7 Startup Repair for instructions on how to carry out a Startup Repair.

 

If that works, well and good. If it doesn't, although I don't believe it will get you up and running chkdsk might tell us something.

 

So second

 

On the System Recovery Options menu you will get the following options:

        Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt

  

  • Select Command Prompt
  •     In the command window type in notepad and press Enter.
  •     The notepad opens. Under File menu select Open.
  •     Select "Computer" and find your hard drive letter and close the notepad.
  •     In the command window type C: and press Enter
  •     Note: Replace letter C with the drive letter of your hard drive.
  •     Type in chkdsk /b and press Enter (notice the gap... it should be there.)
  •     When prompted, type in Y and press Enter.
  •     Allow chkdsk to perform all 5 stages. This may take some time, so please be patient.
  •     When complete, close the Command Prompt window, and click on the Restart button to restart your computer.

    Please let me know whether there is any change with starting up your computer.
 

 


  • 0

#13
mayursant
Posted 13 June 2014 - 11:36 PM

mayursant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Nope No luck with chkdsk....

 

I presuem you asked me to check hard drive which is local drive correct?

 

I had C: (System Resereved), E: (local disk) D: (which is my project folder) and F: for DVD and X: for boot...so basically I did chkdsk for E: and not others....

 

Problem persists....

 

Startup Repair i have tried neumerous time with absoutely no luck


  • 0

#14
mayursant
Posted 13 June 2014 - 11:38 PM

mayursant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

After chkdsk was complete i got following message in the end

 

"Failed to transfer logged message to the event log with status 50"


  • 0

#15
emeraldnzl
Posted 14 June 2014 - 12:46 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello mayursant,

Let's try this:

Download the attached fixlist.txt file and save it to the flashdrive.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt). Please post it to your reply.


  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP