[Tazdrh]

Hi Naat,

I have not got backed up yet..... been working a lot of hours I am trying  to get it backed up as soon as i get time to do it. Thank you for being patient.

 

 

David

[Advertisements]

Keep me updated

Cheers,
Naat

[Naathim]

Keep me updated

Cheers,
Naat

[Tazdrh]

Hi Naat,

I been trying to get windows to load so i can back this up I have not been able to get to the desk top yet  i am going to keep trying

 

Thank you

David

[Naathim]

Hello.

You won't be able to boot into Windows. That's why I have provided instructions how to backup your data using Puppy Linux.

Cheers,
Naat

[Tazdrh]

Hi naat,
I am sorry I misunderstood I will try again as soon as i can.
Thank you
David

[Naathim]

OK, still awaiting

 

Naat

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Naathim]

User returned

[Tazdrh]

Naat,

I have back up done.

 

Thanks

David

[Naathim]

Very good. Please describe the current state of your machine. Is it bootable at all?

[Tazdrh]

Naat,

When it starts it sits on starting windows for hours and hours even in safe mode. once in a while it does go past that and does scan and then back to starting windows.

 

Thanks

David

[Naathim]

OK, please provide me a fresh logfile made from FRST from the recovery environment.



_ Scan with Farbar Recovery Scan Tool from the Recovery Environment

We will be working outside of Windows, so I think it would be prudent to save it or print down for further reference.
This instruction is a quite complicated one as it contains multiple steps. We will need a clean machine and a USB stick (thumbdrive).

DOWNLOADS

There will be three things to download on your clean machine:

• RUFUS by Akeo Consulting
• Windows 7 x64 Recovery Environment
• Farbar Recovery Scan Tool x64 by Farbar

Save them preferably to the desktop, as it would make the rest of instructions easier.
Recovery .iso file will be downloaded from my GoogleDrive. You will be notified that the file is too big for Google to scan it with built-in virus scanners - I assure you that it's perfectly safe.

PREPARATIONS

Prepare the tool on your clean machine.

Create bootable USB drive with RUFUS

• Right-click on icon and select Run as Administrator to start the tool.
• Configure it with the settings listed below:
  • Device - make sure that your pendrive is listed;
  • File System - set to NTFS;
  • Make sure that Quick format option is checked;
  • Create a bootable disk using - select ISO Image;
  • Click on the small CD icon next to ISO Image - select the downloaded Recovery Environment .iso file.
• Press Start ant the process should run.

You will be notified on the lower bar when it will be completed.

After that please copy FRST to the root of your pendrive.
Now unplug your pendrive and move it into your corrupted machine.

ACTION

Insert your USB drive to the corrupted machine and start the computer.
Make sure that booting from USB is set. If you don't know how to do it, instructions HERE.

Getting form one step to another during this part will take some time. Please be patient.

Run Recovery Environment

• When the machine boots-up, you will see the Install now window. Instead choose the Repair my computer option.
• You will be presented with the list of operating systems (usually there will be only one). Highlight it by clicking on it and select Next.
• In the Choose Recovery Tool menu select Command Prompt.

You will see a big black window with a blinking cursor (command prompt).

Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

• When the notepad opens, go to File menu.
• Select Open.
• Go to Computer and search there for your USB drive letter.

Note down the letter and close the notepad.

Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

• Type in e:\frst.exe and press Enter.
  You need to replace e with the letter of your USB drive taken from notepad!
• FRST will start to run. Give him a minute or so to load itself.
• Click Yes to Disclaimer.
• In the main console, please click Scan and wait.

When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.

Edited by Naathim, 02 September 2014 - 12:11 AM.
Removed RE download link

[Tazdrh]

I have the log it is not allowing me to paste it   I am selecting all and copy and come here to paste and paste is not highlighted to allow me to click it  I figured it out and will post next post sorry

Edited by Tazdrh, 01 September 2014 - 05:50 PM.

[Tazdrh]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by SYSTEM on MININT-J9CQCO9 on 01-09-2014 18:53:51
Running from g:\
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
HKU\Dad\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\Dad\...\Run: [Akamai NetSession Interface] => "C:\Users\Dad\AppData\Local\Akamai\netsession_win.exe"
HKU\Dad\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Jawbone Updater.lnk
ShortcutTarget: Launch Jawbone Updater.lnk -> C:\Program Files (x86)\Jawbone\LaunchJU.exe ()
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk ->  (No File)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
S2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [137208 2012-01-27] (Symantec Corporation)
S3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe [2601544 2012-04-19] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [325040 2012-04-18] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1600064 2012-07-22] (Ralink Technology Corp.)
S0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
S1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140612.012\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20140718.001\IDSvia64.sys [525016 2014-05-12] (Symantec Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-09-26] (http://libusb-win32.sourceforge.net)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140718.009\ENG64.SYS [126040 2014-07-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140718.009\EX64.SYS [2099288 2014-07-16] (Symantec Corporation)
S1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] ()
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-18] (Corel Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSP64.SYS [678008 2012-03-06] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSPX64.SYS [39032 2012-03-06] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2011-11-15] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-02-26] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-07-22] (Symantec Corporation)
S1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS [171128 2011-11-15] (Symantec Corporation)
S1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-03-18] (Symantec Corporation)
S3 EraserUtilDrv11313; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [X]
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 18:53 - 2014-07-28 19:20 - 00000000 ____D () C:\FRST
2014-08-03 10:39 - 2012-07-22 09:23 - 00000000 _____ () C:\Windows\System32\Drivers\lvuvc.hs

Some content of TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\Quarantine.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8153.36 MB
Available physical RAM: 7367.38 MB
Total Pagefile: 8151.51 MB
Available Pagefile: 7365.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:840.28 GB) NTFS
Drive g: (Repair disc Windows 7 64-bit) (Removable) (Total:3.76 GB) (Free:3.55 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 513A7AA7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 010B677E)
Partition 1: (Active) - (Size=3.8 GB) - (Type=07 NTFS)

LastRegBack: 2014-07-07 20:22

==================== End Of Log ============================

[Naathim]

Hi Dave,

 

The only one thing that comes to me after having a fresh lookup is that Symantec Endpoint Protection is the thing that may be conflicting here. Probably We'll have to remove it some of its components in order to bring your system to its functionality.

 

Is this a corporate machine? Will you be able to reinstall it on your own?