Need some advice/ opinions [Closed]
Started by
cbailey249
, May 18 2012 02:53 PM
#1
Posted 18 May 2012 - 02:53 PM
#2
Posted 18 May 2012 - 03:00 PM
Oh, and if it matters I have a HP Pavillion dv6000.
#3
Posted 21 May 2012 - 09:13 PM
Any ideas out there?
#4
Posted 22 May 2012 - 11:36 AM
Hi, cbailey249! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.
If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.
Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
You did not say if your Vista is 32-bit or 64-bit. Please pick the appropriate one for your computer to download. If you do not know, check the Microsoft sticker on your computer.
If you can get to the Advanced Boot Options using F8 please do, if not then use the recovery disk or Vista DVD.
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
To enter System Recovery Options by using Windows installation disc:
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.
Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
- Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
- Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
- If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
- These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
- Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
- Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
- You must reply within four days failure to reply will result in the topic being closed!
- Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
- Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.
You did not say if your Vista is 32-bit or 64-bit. Please pick the appropriate one for your computer to download. If you do not know, check the Microsoft sticker on your computer.
If you can get to the Advanced Boot Options using F8 please do, if not then use the recovery disk or Vista DVD.
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select English as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Select English as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
#5
Posted 22 May 2012 - 02:22 PM
I ran it and here is what it gave me. Hope you can read it better than I can.
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 20-05-2012
Ran by SYSTEM at 22-05-2012 15:07:04
Running from F:\
Windows Vista Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-11-06] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8534560 2007-11-06] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-11-06] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [634880 2007-01-17] (Motorola Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-10-24] (Intel Corporation)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2007-12-19] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" [218408 2007-08-16] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKLM\...\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [51048 2007-08-24] (Symantec Corporation)
HKLM\...\Run: [isCfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT [607624 2007-08-24] (Symantec Corporation)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x]
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [132496 2007-07-12] (Sun Microsystems, Inc.)
HKU\Administrator\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [x]
HKU\Administrator\...\Run: [Power2GoExpress] NA [x]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [x]
HKLM\...\RunOnce: [Regcledtkrn] C:\Windows\system32\Regsvr32.exe /s "C:\Program Files\CyberLink\PowerDirector\cledtkrn.dll" [460336 2007-06-15] (CyberLink Corp.)
HKLM\...\RunOnce: [!unattend001] C:\System.sav\Util\TDCTWKs\sleep.vbs [35 2007-11-07] ()
HKLM\...\RunOnce: [!unattend002] C:\System.sav\Util\TDCTWKs\hidecmd.vbs C:\System.Sav\Util\Pre-MINI.CMD [141 2008-02-17] ()
HKLM\...\RunOnce: [!unattend003] C:\System.Sav\Util\PININST.EXE C:\System.Sav\Util\PININST.INI [4205 2008-02-17] ()
HKLM\...\RunOnce: [!unattend004] C:\System.sav\Util\TDC\Lhidecmd.vbs C:\System.Sav\Util\POSTPIN\PostPININST.CMD [1044 2008-02-17] ()
HKLM\...\RunOnce: [!unattend005] c:\hp\bin\hputilck.exe c:\hp\bin\commands /c c:\hp\bin\cmdline.cmd [301 2008-06-03] ()
HKLM\...\RunOnce: [iessetup] C:\Windows\system32\rundll32.exe "C:\Program Files\Internet Explorer\iessetup.dll",LaunchProcessInputFiles [16384 2006-11-02] (Microsoft Corporation)
HKLM\...\Runonce: [wmssetup] C:\Windows\system32\rundll32.exe "C:\Program Files\Windows Media Player\wmssetup.dll",LaunchProcessInputFiles [x]
HKLM\...\RunOnce: [ehssetup] C:\Windows\system32\rundll32.exe "C:\Windows\ehome\ehssetup.dll",LaunchProcessInputFiles [16384 2006-11-02] (Microsoft Corporation)
HKLM\...\RunOnce: [bcdFIX] C:\SYSTEM.SAV\UTIL\TDC\HPRM-BCDFix.CMD [165 2007-07-05] ()
================================ Services (Whitelisted) ==================
3 Com4Qlb; "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
3 GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [181800 2007-07-23] (WildTangent, Inc.)
2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.)
2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [271760 2007-12-19] ()
2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [112016 2007-12-19] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] ()
3 Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [1245064 2008-02-17] ()
4 Automatic LiveUpdate Scheduler; "c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe" [x]
2 ccEvtMgr; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
2 ccSetMgr; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
3 comHost; "c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" [x]
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
3 LiveUpdate; "c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE" [x]
2 LiveUpdate Notice; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [x]
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [x]
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [x]
3 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [x]
========================== Drivers (Whitelisted) =============
3 BCM43XV; C:\Windows\System32\DRIVERS\bcmwl6.sys [464384 2006-11-01] (Broadcom Corporation)
3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
3 HSFHWAZL; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [200704 2008-01-20] (Conexant Systems, Inc.)
3 HSF_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [987648 2008-01-20] (Conexant Systems, Inc.)
3 IDSvix86; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20070823.002\IDSvix86.sys [180272 2007-08-15] (Symantec Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x32.sys [429056 2006-11-01] (NVIDIA Corporation)
3 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [446512 2007-08-17] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-02-17] (Symantec Corporation)
3 SymIM; C:\Windows\System32\DRIVERS\SymIM.sys [31280 2007-08-09] (Symantec Corporation)
3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [31280 2007-08-09] (Symantec Corporation)
3 winachsf; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [654336 2008-01-20] (Conexant Systems, Inc.)
2 CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [x]
1 eabfiltr; [x]
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071105.016\NAVENG.SYS [x]
3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071105.016\NAVEX15.SYS [x]
3 NETw4v32; C:\Windows\System32\DRIVERS\NETw4v32.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
2 rimmptsk; C:\Windows\System32\DRIVERS\rimmptsk.sys [x]
2 rimsptsk; C:\Windows\System32\DRIVERS\rimsptsk.sys [x]
2 rismxdp; C:\Windows\System32\DRIVERS\rixdptsk.sys [x]
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [x]
3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [x]
3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [x]
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [x]
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [x]
3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [x]
4 USBSTOR; C:\Windows\System32\drivers\usbstor.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-05-22 15:06 - 2012-05-22 15:06 - 0000000 ____D C:\FRST
2012-05-22 11:55 - 2012-05-22 11:55 - 0197032 ____A C:\Windows\ntbtlog.txt
2012-05-21 23:50 - 2012-05-22 11:55 - 124840051 ____A C:\Windows\DUMP27ca.tmp
2012-05-21 23:50 - 2012-05-22 00:16 - 128809075 ____A C:\Windows\DUMP2d85.tmp
============ 3 Months Modified Files and Folders ===============
2012-05-22 15:06 - 2012-05-22 15:06 - 0000000 ____D C:\FRST
2012-05-22 11:55 - 2012-05-22 11:55 - 0197032 ____A C:\Windows\ntbtlog.txt
2012-05-22 11:55 - 2012-05-21 23:50 - 124840051 ____A C:\Windows\DUMP27ca.tmp
2012-05-22 11:55 - 2008-01-20 18:47 - 0057592 ____A C:\Windows\PFRO.log
2012-05-22 11:55 - 2006-11-02 04:47 - 0289296 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-22 00:51 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\LogFiles
2012-05-22 00:48 - 2008-02-17 22:59 - 0000000 ____D C:\Windows\SMINST
2012-05-22 00:16 - 2012-05-21 23:50 - 128809075 ____A C:\Windows\DUMP2d85.tmp
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe
[2008-01-20 18:24] - [2008-01-20 18:24] - 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2008-01-20 18:24] - [2008-01-20 18:24] - 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2008-01-20 18:23] - [2008-01-20 18:23] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 3069.81 MB
Available physical RAM: 2592.32 MB
Total Pagefile: 2786.23 MB
Available Pagefile: 2631.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.55 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:221.06 GB) (Free:205.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.83 GB) (Free:5.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:3.74 GB) (Free:0.08 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 1528 KB
Disk 1 Online 3827 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 221 GB 32 KB
Partition 2 Primary 12 GB 221 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 221 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D HP_RECOVERY NTFS Partition 12 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 16 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F FAT32 Removable 3827 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2008-06-03 23:30
======================= End Of Log ==========================
Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 20-05-2012
Ran by SYSTEM at 22-05-2012 15:07:04
Running from F:\
Windows Vista Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-11-06] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8534560 2007-11-06] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-11-06] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [634880 2007-01-17] (Motorola Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-10-24] (Intel Corporation)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2007-12-19] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" [218408 2007-08-16] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKLM\...\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [51048 2007-08-24] (Symantec Corporation)
HKLM\...\Run: [isCfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT [607624 2007-08-24] (Symantec Corporation)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x]
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [132496 2007-07-12] (Sun Microsystems, Inc.)
HKU\Administrator\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [x]
HKU\Administrator\...\Run: [Power2GoExpress] NA [x]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [x]
HKLM\...\RunOnce: [Regcledtkrn] C:\Windows\system32\Regsvr32.exe /s "C:\Program Files\CyberLink\PowerDirector\cledtkrn.dll" [460336 2007-06-15] (CyberLink Corp.)
HKLM\...\RunOnce: [!unattend001] C:\System.sav\Util\TDCTWKs\sleep.vbs [35 2007-11-07] ()
HKLM\...\RunOnce: [!unattend002] C:\System.sav\Util\TDCTWKs\hidecmd.vbs C:\System.Sav\Util\Pre-MINI.CMD [141 2008-02-17] ()
HKLM\...\RunOnce: [!unattend003] C:\System.Sav\Util\PININST.EXE C:\System.Sav\Util\PININST.INI [4205 2008-02-17] ()
HKLM\...\RunOnce: [!unattend004] C:\System.sav\Util\TDC\Lhidecmd.vbs C:\System.Sav\Util\POSTPIN\PostPININST.CMD [1044 2008-02-17] ()
HKLM\...\RunOnce: [!unattend005] c:\hp\bin\hputilck.exe c:\hp\bin\commands /c c:\hp\bin\cmdline.cmd [301 2008-06-03] ()
HKLM\...\RunOnce: [iessetup] C:\Windows\system32\rundll32.exe "C:\Program Files\Internet Explorer\iessetup.dll",LaunchProcessInputFiles [16384 2006-11-02] (Microsoft Corporation)
HKLM\...\Runonce: [wmssetup] C:\Windows\system32\rundll32.exe "C:\Program Files\Windows Media Player\wmssetup.dll",LaunchProcessInputFiles [x]
HKLM\...\RunOnce: [ehssetup] C:\Windows\system32\rundll32.exe "C:\Windows\ehome\ehssetup.dll",LaunchProcessInputFiles [16384 2006-11-02] (Microsoft Corporation)
HKLM\...\RunOnce: [bcdFIX] C:\SYSTEM.SAV\UTIL\TDC\HPRM-BCDFix.CMD [165 2007-07-05] ()
================================ Services (Whitelisted) ==================
3 Com4Qlb; "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
3 GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [181800 2007-07-23] (WildTangent, Inc.)
2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.)
2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [271760 2007-12-19] ()
2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [112016 2007-12-19] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] ()
3 Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [1245064 2008-02-17] ()
4 Automatic LiveUpdate Scheduler; "c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe" [x]
2 ccEvtMgr; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
2 ccSetMgr; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
3 comHost; "c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" [x]
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
3 LiveUpdate; "c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE" [x]
2 LiveUpdate Notice; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [x]
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [x]
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [x]
3 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [x]
========================== Drivers (Whitelisted) =============
3 BCM43XV; C:\Windows\System32\DRIVERS\bcmwl6.sys [464384 2006-11-01] (Broadcom Corporation)
3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
3 HSFHWAZL; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [200704 2008-01-20] (Conexant Systems, Inc.)
3 HSF_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [987648 2008-01-20] (Conexant Systems, Inc.)
3 IDSvix86; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20070823.002\IDSvix86.sys [180272 2007-08-15] (Symantec Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x32.sys [429056 2006-11-01] (NVIDIA Corporation)
3 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [446512 2007-08-17] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-02-17] (Symantec Corporation)
3 SymIM; C:\Windows\System32\DRIVERS\SymIM.sys [31280 2007-08-09] (Symantec Corporation)
3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [31280 2007-08-09] (Symantec Corporation)
3 winachsf; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [654336 2008-01-20] (Conexant Systems, Inc.)
2 CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [x]
1 eabfiltr; [x]
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071105.016\NAVENG.SYS [x]
3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071105.016\NAVEX15.SYS [x]
3 NETw4v32; C:\Windows\System32\DRIVERS\NETw4v32.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
2 rimmptsk; C:\Windows\System32\DRIVERS\rimmptsk.sys [x]
2 rimsptsk; C:\Windows\System32\DRIVERS\rimsptsk.sys [x]
2 rismxdp; C:\Windows\System32\DRIVERS\rixdptsk.sys [x]
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [x]
3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [x]
3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [x]
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [x]
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [x]
3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [x]
4 USBSTOR; C:\Windows\System32\drivers\usbstor.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-05-22 15:06 - 2012-05-22 15:06 - 0000000 ____D C:\FRST
2012-05-22 11:55 - 2012-05-22 11:55 - 0197032 ____A C:\Windows\ntbtlog.txt
2012-05-21 23:50 - 2012-05-22 11:55 - 124840051 ____A C:\Windows\DUMP27ca.tmp
2012-05-21 23:50 - 2012-05-22 00:16 - 128809075 ____A C:\Windows\DUMP2d85.tmp
============ 3 Months Modified Files and Folders ===============
2012-05-22 15:06 - 2012-05-22 15:06 - 0000000 ____D C:\FRST
2012-05-22 11:55 - 2012-05-22 11:55 - 0197032 ____A C:\Windows\ntbtlog.txt
2012-05-22 11:55 - 2012-05-21 23:50 - 124840051 ____A C:\Windows\DUMP27ca.tmp
2012-05-22 11:55 - 2008-01-20 18:47 - 0057592 ____A C:\Windows\PFRO.log
2012-05-22 11:55 - 2006-11-02 04:47 - 0289296 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-22 00:51 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\LogFiles
2012-05-22 00:48 - 2008-02-17 22:59 - 0000000 ____D C:\Windows\SMINST
2012-05-22 00:16 - 2012-05-21 23:50 - 128809075 ____A C:\Windows\DUMP2d85.tmp
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe
[2008-01-20 18:24] - [2008-01-20 18:24] - 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2008-01-20 18:24] - [2008-01-20 18:24] - 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2008-01-20 18:23] - [2008-01-20 18:23] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 3069.81 MB
Available physical RAM: 2592.32 MB
Total Pagefile: 2786.23 MB
Available Pagefile: 2631.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.55 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:221.06 GB) (Free:205.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.83 GB) (Free:5.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:3.74 GB) (Free:0.08 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 1528 KB
Disk 1 Online 3827 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 221 GB 32 KB
Partition 2 Primary 12 GB 221 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 221 GB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D HP_RECOVERY NTFS Partition 12 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 16 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F FAT32 Removable 3827 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2008-06-03 23:30
======================= End Of Log ==========================
#6
Posted 22 May 2012 - 03:13 PM
We need to search for two files:
explorer.exe*;user32.dll*;volsnap.sys*
Sometimes the search can be finicky so just type each one in individually
Like
explorer.exe*
Then do the search, retrieve the file and copy paste each one individually.
Regards,
Compcav
- Restart your computer like you did before to start FRST and get to this screen:
- Type the following into the search box:
explorer.exe*;user32.dll*;volsnap.sys*
- Press the Search button.
- Once it completes, a message will pop up indicating that the search is completed.
- It will make a log (Search.txt) on the flash drive. Please copy and paste it to your reply.
Sometimes the search can be finicky so just type each one in individually
Like
explorer.exe*
Then do the search, retrieve the file and copy paste each one individually.
Regards,
Compcav
#7
Posted 22 May 2012 - 08:18 PM
Farbar Recovery Scan Tool Version: 20-05-2012
Ran by SYSTEM at 2012-05-22 20:17:32
Running from F:\
================== Search: "explorer.exe*" ===================
C:\WINDOWS\explorer.exe
[2008-01-20 18:24] - [2008-01-20 18:24] - 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F
C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008-01-20 18:24] - [2008-01-20 18:24] - 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F
C:\WINDOWS\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui
[2006-11-02 04:41] - [2006-11-02 04:41] - 0036864 ____A (Microsoft Corporation) 192DD053B43250E264383CDC3D564A18
C:\WINDOWS\en-US\explorer.exe.mui
[2006-11-02 04:41] - [2006-11-02 04:41] - 0036864 ____A (Microsoft Corporation) 192DD053B43250E264383CDC3D564A18
=== End Of Search ===
Farbar Recovery Scan Tool Version: 20-05-2012
Ran by SYSTEM at 2012-05-22 20:59:38
Running from F:\
================== Search: "user32.dll*" ===================
C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2008-01-20 18:24] - [2008-01-20 18:24] - 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269
C:\WINDOWS\System32\user32.dll
[2008-01-20 18:24] - [2008-01-20 18:24] - 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269
=== End Of Search ===
Farbar Recovery Scan Tool Version: 20-05-2012
Ran by SYSTEM at 2012-05-22 20:39:46
Running from F:\
================== Search: "volsnap.sys*" ===================
C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys
[2008-01-20 18:23] - [2008-01-20 18:23] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9
C:\WINDOWS\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui
[2008-01-20 18:25] - [2008-01-20 18:25] - 0032768 ____A (Microsoft Corporation) 2A3DEAD70397152006B4E3CED20B41C4
C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008-01-20 18:23] - [2008-01-20 18:23] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9
C:\WINDOWS\System32\drivers\volsnap.sys
[2008-01-20 18:23] - [2008-01-20 18:23] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9
C:\WINDOWS\System32\drivers\en-US\volsnap.sys.mui
[2008-01-20 18:25] - [2008-01-20 18:25] - 0032768 ____A (Microsoft Corporation) 2A3DEAD70397152006B4E3CED20B41C4
=== End Of Search ===
Ran by SYSTEM at 2012-05-22 20:17:32
Running from F:\
================== Search: "explorer.exe*" ===================
C:\WINDOWS\explorer.exe
[2008-01-20 18:24] - [2008-01-20 18:24] - 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F
C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008-01-20 18:24] - [2008-01-20 18:24] - 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F
C:\WINDOWS\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui
[2006-11-02 04:41] - [2006-11-02 04:41] - 0036864 ____A (Microsoft Corporation) 192DD053B43250E264383CDC3D564A18
C:\WINDOWS\en-US\explorer.exe.mui
[2006-11-02 04:41] - [2006-11-02 04:41] - 0036864 ____A (Microsoft Corporation) 192DD053B43250E264383CDC3D564A18
=== End Of Search ===
Farbar Recovery Scan Tool Version: 20-05-2012
Ran by SYSTEM at 2012-05-22 20:59:38
Running from F:\
================== Search: "user32.dll*" ===================
C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2008-01-20 18:24] - [2008-01-20 18:24] - 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269
C:\WINDOWS\System32\user32.dll
[2008-01-20 18:24] - [2008-01-20 18:24] - 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269
=== End Of Search ===
Farbar Recovery Scan Tool Version: 20-05-2012
Ran by SYSTEM at 2012-05-22 20:39:46
Running from F:\
================== Search: "volsnap.sys*" ===================
C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys
[2008-01-20 18:23] - [2008-01-20 18:23] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9
C:\WINDOWS\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_en-us_7b264a38bff55d35\volsnap.sys.mui
[2008-01-20 18:25] - [2008-01-20 18:25] - 0032768 ____A (Microsoft Corporation) 2A3DEAD70397152006B4E3CED20B41C4
C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008-01-20 18:23] - [2008-01-20 18:23] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9
C:\WINDOWS\System32\drivers\volsnap.sys
[2008-01-20 18:23] - [2008-01-20 18:23] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9
C:\WINDOWS\System32\drivers\en-US\volsnap.sys.mui
[2008-01-20 18:25] - [2008-01-20 18:25] - 0032768 ____A (Microsoft Corporation) 2A3DEAD70397152006B4E3CED20B41C4
=== End Of Search ===
#8
Posted 22 May 2012 - 08:31 PM
Download the enclosed file.
fixlist.txt 27bytes 493 downloads
Save it in the USB drive.
Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.
The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.
Attempt to boot in Normal Mode. If successful, run Combofix as follows:
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
fixlist.txt 27bytes 493 downloads
Save it in the USB drive.
Insert the USB drive into the ailing computer. Run FRST as you did before, except that this time around click on the Fix button.
The tool will make a log on the flashdrive (Fixlog.txt) please post it it your reply.
Attempt to boot in Normal Mode. If successful, run Combofix as follows:
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
#9
Posted 23 May 2012 - 01:40 PM
Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 20-05-2012
Ran by SYSTEM at 2012-05-23 14:35:46 Run:1
Running from F:\
==============================================
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====
Ran by SYSTEM at 2012-05-23 14:35:46 Run:1
Running from F:\
==============================================
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====
#10
Posted 23 May 2012 - 01:41 PM
Were you able to reboot into normal mode?
#11
Posted 23 May 2012 - 01:45 PM
After getting the fixlog.txt, I have tried restarting it but with the same results. I re-ran the startup repair and still can't get it to boot up normally.
#12
Posted 23 May 2012 - 01:59 PM
I checked with some of my expert friends and it looks like it did not complete the factory reset correctly or completely.
So please hit F11 on boot up and try the factory reset again. If you get any errors during the process please make a note of them and post them in a reply.
Regards,
CompCav
So please hit F11 on boot up and try the factory reset again. If you get any errors during the process please make a note of them and post them in a reply.
Regards,
CompCav
#13
Posted 23 May 2012 - 04:02 PM
After running the System Recovery it just did the same thing it has been doing. After that initial windows screen where it has the little loading bar at the bottom, it goes to a blue screen that quickly counts up to 100% at the bottom and says something like "dumping physical memory to disk" or something along those lines. At the top it says something along the lines of a problem has been detected and windows is shutting down to prevent further damage to your computer. The blue screen is only up for 2 or 3 seconds before restarting itself again. And then after restarting it will go to the screen giving me the option to either start windows normally (which takes me to the blue screen) or to run startup repair (which always ends in saying it couldn't fix anything).
#14
Posted 23 May 2012 - 04:38 PM
Did you do the factory reset where it formats the hard drive?
#15
Posted 23 May 2012 - 06:26 PM
Please watch this video starting at the 4:00 minute mark and make sure you follow the steps they outline.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users