[RubenAmaro]

I'm Ruben, i'm going to explain as the best i can, i'm not english but i understand and i can answer the questions.

I decided to boot my computer for windows 7 ultimate, because my pc was getting slower.
Well, all was going good until, one day, i started my pc and i was stuck at the "Starting Windows", not showing the windows icon.
I waited... But still not succeed..

I booted again with same version, and
It worked perfectly, but somehow when i restart my computer, it stucks again.

I'm a student from Portugal, and i need your help, i need a computer for my works and stuff.
If you need me to give a log, reply..

I wait for any answer..
Thank you.

Note: i may have a delay, because i'm a student ok?

[Advertisements]

Hello RubenAmaro,

 

Welcome to Geekstogo.

 

Can you boot into Safe Mode?

 

How to boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) If you are asked what mode to bootup in press Esc to boot in the default settings
4) Instead of Windows loading as normal, a menu should appear
5) Select the option to run Windows in Safe Mode.

 

If you are able to boot into Safe Mode or, if you are able to restart your computer and it starts normally, then please follow the instructions below. If you are unable to do either of those actions then tell me.

 

Important - If you can start in Safe or Normal mode we ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

For Internet Explorer (excluding IE8):

• Please press both Ctrl + J on your keyboard.
• Press Options in the lower left corner.
• Click Browse and in the shown window highlight your Desktop.
• When done, click Select Folder.
• Click OK and close the View Downloads screen.

Please note that Internet Explorer 8 doesn't support changing the downloads location. In this case, upon completion you need to navigate to the Downloads folder and transfer the tool to your Desktop.

For Mozilla Firefox:

• Click the button (upper-right corner) and select Options.
• In the General tab find the Downloads section and check Save files to.
• Click Browse, Navigate to the Desktop and click Select Folder.
• Click OK and the Window will close.

For Google Chrome:

• Click the button (upper-right corner) and select Settings.
• Scroll down and at the bottom press Show advanced settings.
• Scroll down to the Downloads section and click the Change button.
• Navigate to your Desktop and click OK.

Next

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 

[emeraldnzl]

Hello RubenAmaro,

 

Welcome to Geekstogo.

 

Can you boot into Safe Mode?

 

How to boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) If you are asked what mode to bootup in press Esc to boot in the default settings
4) Instead of Windows loading as normal, a menu should appear
5) Select the option to run Windows in Safe Mode.

 

If you are able to boot into Safe Mode or, if you are able to restart your computer and it starts normally, then please follow the instructions below. If you are unable to do either of those actions then tell me.

 

Important - If you can start in Safe or Normal mode we ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

For Internet Explorer (excluding IE8):

• Please press both Ctrl + J on your keyboard.
• Press Options in the lower left corner.
• Click Browse and in the shown window highlight your Desktop.
• When done, click Select Folder.
• Click OK and close the View Downloads screen.

Please note that Internet Explorer 8 doesn't support changing the downloads location. In this case, upon completion you need to navigate to the Downloads folder and transfer the tool to your Desktop.

For Mozilla Firefox:

• Click the button (upper-right corner) and select Options.
• In the General tab find the Downloads section and check Save files to.
• Click Browse, Navigate to the Desktop and click Select Folder.
• Click OK and the Window will close.

For Google Chrome:

• Click the button (upper-right corner) and select Settings.
• Scroll down and at the bottom press Show advanced settings.
• Scroll down to the Downloads section and click the Change button.
• Navigate to your Desktop and click OK.

Next

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 

[RubenAmaro]

(i had an extra time befre going) Edit: i can't start any on f8, i took screenshots so you can see what i see

Ok, thank you for helping.. When i get back from school i edit this post.

Attached Thumbnails

• 
• 

Edited by RubenAmaro, 17 April 2015 - 01:13 AM.

[emeraldnzl]

[RubenAmaro]

Still not in my pc but i was thinking, it might be the iso is broken, can you send me a good iso, no errors of Windows7 home premium or the best one

[RubenAmaro]

Double post sry

Edited by RubenAmaro, 17 April 2015 - 06:23 AM.

[emeraldnzl]

Hello RubenAmaro,

 

I see from your post at post #3 that you should be able to enter System Recovery Options.

 

Here are some instructions to help you access the Recovery Environment to run a scan.

Now

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select English as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

[RubenAmaro]

Ok, i have booted my computer, and i'm completely perfect, but i'm still afraid when i restart my computer.. I will follow your instructions if the thing happens again..
Thank You   

[emeraldnzl]

Thanks for letting us know.

[RubenAmaro]

Ok, its stuck as usual, gonna make what you say and post the log 

 

Edit: Running the FRST.. 

 

2º Edit: It might be the partitions or something, because normally my local disk must be in C:/ ,and i have System Reserved in C:/ , and boot X:/
 

If i restart my computer they switch places.  

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-04-2015 01

Ran by SYSTEM on MININT-KLHQQI7 on 18-04-2015 15:11:04

Running from J:\

Platform: Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)

S2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [221976 2015-04-13] (SlimWare Utilities, Inc.)

S2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)

S3 D-Vitec; C:\Windows\System32\DRIVERS\dvitdcnt.sys [281344 2012-07-25] (D-vitec)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)

S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)

S0 pwdrvio; C:\Windows\System32\pwdrvio.sys [15688 2013-09-30] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2015-04-17] (SlimWare Utilities, Inc.)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-04-18 15:03 - 2010-11-20 13:29 - 00383786 __RSH () C:\bootmgr

2015-04-18 09:35 - 2015-04-18 15:11 - 00000000 ____D () C:\FRST

2015-04-17 18:40 - 2015-04-17 09:53 - 00000000 ____D () C:\Windows\Panther

2015-04-17 11:47 - 2015-04-17 11:54 - 00013809 _____ () C:\Windows\IE11_main.log

2015-04-17 11:15 - 2015-04-17 11:15 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\NVIDIA

2015-04-17 10:57 - 2010-05-26 02:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll

2015-04-17 10:57 - 2010-05-26 02:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll

2015-04-17 10:57 - 2010-05-26 02:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll

2015-04-17 10:56 - 2015-04-17 16:03 - 00000000 ____D () C:\Users\Ruben\AppData\Local\NVIDIA

2015-04-17 10:56 - 2015-04-17 16:02 - 00000000 ____D () C:\Users\Ruben\AppData\Local\NVIDIA Corporation

2015-04-17 10:56 - 2014-07-25 06:01 - 01291280 _____ (NVIDIA Corporation) C:\Windows\System32\nvspbridge.dll

2015-04-17 10:56 - 2014-07-25 06:01 - 01126480 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap.dll

2015-04-17 10:54 - 2015-04-17 10:54 - 00000000 ____D () C:\Program Files\AGEIA Technologies

2015-04-17 10:52 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll

2015-04-17 10:52 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll

2015-04-17 10:52 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll

2015-04-17 10:52 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll

2015-04-17 10:52 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe

2015-04-17 10:51 - 2015-04-17 10:51 - 03378106 _____ (Elex do Brasil Participa??es Ltda) C:\Users\Ruben\Downloads\winzipper.exe

2015-04-17 10:50 - 2014-07-02 09:39 - 00609240 _____ (NVIDIA Corporation) C:\Windows\System32\nvStreaming.exe

2015-04-17 10:48 - 2015-04-17 10:50 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-04-17 10:47 - 2014-07-02 11:42 - 04389848 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll

2015-04-17 10:47 - 2014-07-02 11:42 - 03063256 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc.dll

2015-04-17 10:47 - 2014-07-02 11:42 - 00670552 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

2015-04-17 10:47 - 2014-07-02 11:42 - 00377288 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll

2015-04-17 10:47 - 2014-07-02 11:42 - 00062936 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll

2015-04-17 10:47 - 2014-07-01 21:14 - 03826628 _____ () C:\Windows\System32\nvcoproc.bin

2015-04-17 10:46 - 2015-04-17 10:46 - 00155615 _____ () C:\Users\Ruben\Downloads\Mapa do Concurso de Construção.rar

2015-04-17 10:44 - 2014-07-02 12:54 - 00061728 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll

2015-04-17 10:43 - 2015-04-17 11:05 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2015-04-17 10:37 - 2015-02-23 19:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2015-04-17 10:32 - 2015-04-17 10:32 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\java

2015-04-17 10:31 - 2015-04-17 14:58 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\.minecraft

2015-04-17 10:31 - 2015-04-17 10:31 - 00000000 ____D () C:\Users\Ruben\runtime

2015-04-17 10:30 - 2015-04-17 10:31 - 00000000 ____D () C:\Users\Ruben\game

2015-04-17 10:30 - 2015-04-17 10:30 - 01294088 _____ (Mojang) C:\Users\Ruben\Minecraft.exe

2015-04-17 10:20 - 2014-07-02 12:54 - 24198088 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll

2015-04-17 10:20 - 2014-07-02 12:54 - 15296456 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2015-04-17 10:20 - 2014-07-02 12:54 - 11283344 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll

2015-04-17 10:20 - 2014-07-02 12:54 - 11222048 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2015-04-17 10:20 - 2014-07-02 12:54 - 10681176 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2015-04-17 10:20 - 2014-07-02 12:54 - 03988952 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2015-04-17 10:20 - 2014-07-02 12:54 - 02814656 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi.dll

2015-04-17 10:20 - 2014-07-02 12:54 - 01054552 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco3234052.dll

2015-04-17 10:20 - 2014-07-02 12:54 - 00907552 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco3234052.dll

2015-04-17 10:20 - 2014-07-02 12:54 - 00907096 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR.dll

2015-04-17 10:20 - 2014-07-02 12:54 - 00869152 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC.dll

2015-04-17 10:20 - 2014-07-02 12:54 - 00021215 _____ () C:\Windows\System32\nvinfo.pb

2015-04-17 10:20 - 2014-03-31 08:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap32v.dll

2015-04-17 10:20 - 2014-03-31 08:42 - 00034080 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad32v.sys

2015-04-17 10:16 - 2015-04-17 10:56 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2015-04-17 10:16 - 2015-04-17 10:16 - 00000000 ____D () C:\NVIDIA

2015-04-17 10:14 - 2015-04-17 10:14 - 00096680 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll

2015-04-17 10:14 - 2015-04-17 10:14 - 00000000 ____D () C:\ProgramData\Sun

2015-04-17 10:14 - 2015-04-17 10:14 - 00000000 ____D () C:\ProgramData\SlimWare Utilities, Inc

2015-04-17 10:14 - 2015-04-17 10:14 - 00000000 ____D () C:\ProgramData\Oracle

2015-04-17 10:14 - 2015-04-17 10:14 - 00000000 ____D () C:\Program Files\Java

2015-04-17 10:14 - 2015-04-17 10:14 - 00000000 ____D () C:\Program Files\Common Files\Java

2015-04-17 10:14 - 2014-05-14 08:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2015-04-17 10:14 - 2014-05-14 08:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2015-04-17 10:14 - 2014-05-14 08:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll

2015-04-17 10:14 - 2014-05-14 08:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2015-04-17 10:14 - 2014-05-14 00:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2015-04-17 10:14 - 2014-05-14 00:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2015-04-17 10:13 - 2015-04-17 10:13 - 00981592 _____ (SlimWare Utilities, Inc.) C:\Users\Ruben\Downloads\SlimDrivers-setup.exe

2015-04-17 10:13 - 2015-04-17 10:13 - 00561576 _____ (Oracle Corporation) C:\Users\Ruben\Downloads\jxpiinstall.exe

2015-04-17 10:13 - 2015-04-17 10:13 - 00013368 _____ (SlimWare Utilities, Inc.) C:\Windows\System32\Drivers\SWDUMon.sys

2015-04-17 10:13 - 2015-04-17 10:13 - 00002465 _____ () C:\Users\Public\Desktop\SlimCleaner Plus.lnk

2015-04-17 10:13 - 2015-04-17 10:13 - 00002455 _____ () C:\Users\Public\Desktop\SlimDrivers.lnk

2015-04-17 10:13 - 2015-04-17 10:13 - 00000000 ____D () C:\Users\Ruben\AppData\Local\SlimWare Utilities Inc

2015-04-17 10:13 - 2015-04-17 10:13 - 00000000 ____D () C:\Users\Ruben\AppData\Local\Downloaded Installers

2015-04-17 10:13 - 2015-04-17 10:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers

2015-04-17 10:13 - 2015-04-17 10:13 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc

2015-04-17 10:13 - 2015-04-17 10:13 - 00000000 ____D () C:\Program Files\SlimService

2015-04-17 10:13 - 2015-04-17 10:13 - 00000000 ____D () C:\Program Files\SlimCleaner Plus

2015-04-17 10:09 - 2015-04-17 10:09 - 00004270 _____ () C:\Windows\DPINST.LOG

2015-04-17 10:09 - 2015-04-17 10:09 - 00001137 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk

2015-04-17 10:09 - 2015-04-17 10:09 - 00000000 ____D () C:\Program Files\Western Digital

2015-04-17 10:09 - 2015-04-17 10:09 - 00000000 ____D () C:\Program Files\MiniTool Partition Wizard Free 9.0

2015-04-17 10:09 - 2015-04-17 10:09 - 00000000 ____D () C:\Program Files\Common Files\Western Digital

2015-04-17 10:09 - 2015-01-14 02:27 - 02894848 _____ () C:\Windows\System32\pwNative.exe

2015-04-17 10:09 - 2013-09-30 07:26 - 00015688 ____N () C:\Windows\System32\pwdrvio.sys

2015-04-17 10:09 - 2013-09-30 07:26 - 00010320 ____N () C:\Windows\System32\pwdspio.sys

2015-04-17 10:06 - 2015-04-17 10:06 - 31973976 _____ (MiniTool Solution Ltd. ) C:\Users\Ruben\Downloads\pwfree9.exe

2015-04-17 10:04 - 2015-04-17 10:04 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-04-17 10:04 - 2015-04-17 10:04 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\Mozilla

2015-04-17 10:04 - 2015-04-17 10:04 - 00000000 ____D () C:\Users\Ruben\AppData\Local\Mozilla

2015-04-17 10:04 - 2015-04-17 10:04 - 00000000 ____D () C:\ProgramData\Mozilla

2015-04-17 10:04 - 2015-04-17 10:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-04-17 10:04 - 2015-04-17 10:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-04-17 10:04 - 2015-04-17 10:04 - 00000000 ____D () C:\Program Files\Microsoft.NET

2015-04-17 10:02 - 2012-12-11 15:36 - 00014464 _____ (Western Digital Technologies) C:\Windows\wdcsam64.sys

2015-04-17 10:02 - 2012-12-11 15:36 - 00011520 _____ (Western Digital Technologies) C:\Windows\wdcsam.sys

2015-04-17 10:02 - 2012-12-11 15:36 - 00008497 _____ () C:\Windows\wdcsam.cat

2015-04-17 09:53 - 2015-04-17 09:53 - 00000020 ___SH () C:\Users\Ruben\ntuser.ini

2015-04-17 09:53 - 2015-04-17 09:53 - 00000000 __SHD () C:\Recovery

2015-04-17 09:53 - 2015-04-17 09:53 - 00000000 ____D () C:\Users\Ruben\AppData\Local\VirtualStore

2015-04-17 09:44 - 2015-04-17 16:26 - 01682532 _____ () C:\Windows\WindowsUpdate.log

2015-04-17 09:42 - 2015-04-17 09:42 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2015-04-17 09:41 - 2015-04-17 09:44 - 00001355 _____ () C:\Windows\TSSysprep.log

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-04-18 15:03 - 2009-07-13 20:57 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG

2015-04-18 15:03 - 2009-07-13 20:52 - 00028672 _____ () C:\Windows\System32\config\BCD-Template

2015-04-18 09:18 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\LogFiles

2015-04-17 16:35 - 2009-07-13 20:34 - 00020640 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-17 16:35 - 2009-07-13 20:34 - 00020640 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-17 12:57 - 2010-11-20 13:01 - 00783856 _____ () C:\Windows\System32\PerfStringBackup.INI

2015-04-17 12:25 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2015-04-17 10:56 - 2009-07-13 20:39 - 00025717 _____ () C:\Windows\setupact.log

2015-04-17 10:47 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Help

2015-04-17 10:03 - 2009-07-13 20:52 - 00000000 ____D () C:\Windows\System32\restore

2015-04-17 09:53 - 2009-07-13 18:37 - 00000000 __RHD () C:\Users\Public\Libraries

2015-04-17 09:53 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\Recovery

2015-04-17 09:47 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\rescache

2015-04-17 09:46 - 2009-07-13 20:33 - 00265944 _____ () C:\Windows\System32\FNTCACHE.DAT

2015-04-17 09:41 - 2011-04-11 18:24 - 00000000 ____D () C:\Windows\CSC

2015-04-17 09:41 - 2009-07-13 20:34 - 00002790 _____ () C:\Windows\DtcInstall.log

 

Files to move or delete:

====================

C:\Users\Ruben\Minecraft.exe

 

 

Some content of TEMP:

====================

C:\Users\Ruben\AppData\Local\Temp\scpF0A6.tmp.exe

 

 

==================== Known DLLs (Whitelisted) ============

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== Restore Points  =========================

 

Restore point made on: 2015-04-17 10:03:43

Restore point made on: 2015-04-17 10:09:33

Restore point made on: 2015-04-17 10:14:03

Restore point made on: 2015-04-17 10:56:55

Restore point made on: 2015-04-17 11:32:36

 

==================== Memory info =========================== 

 

Percentage of memory in use: 19%

Total physical RAM: 2047.24 MB

Available physical RAM: 1649.34 MB

Total Pagefile: 2047.24 MB

Available Pagefile: 1648.55 MB

Total Virtual: 2047.88 MB

Available Virtual: 1956.14 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:232.79 GB) (Free:212.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive j: () (Removable) (Total:1.85 GB) (Free:1.82 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3F563F55)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

 

========================================================

Disk: 5 (Size: 1.9 GB) (Disk ID: A266AB4A)

Partition 1: (Not Active) - (Size=1.9 GB) - (Type=07 NTFS)

 

 

LastRegBack: 2015-04-17 09:41

 

==================== End Of Log ============================

Edited by RubenAmaro, 18 April 2015 - 09:45 AM.

[emeraldnzl]

Hello RubenAmaro,
 

2º Edit: It might be the partitions or something, because normally my local disk must be in C:/ ,and i have System Reserved in C:/ , and boot X:/
 

If i restart my computer they switch places.  

I deal with malware, not a techie lol so can't help you with that.  

We can try last reg back to see if it is registry corruption but otherwise I think you might need technical help. You can open a topic here and describe what is happening.

Now

Open notepad.

Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

Save it on the flashdrive as fixlist.txt
 

C:\Users\Ruben\AppData\Local\Temp\scpF0A6.tmp.exe
LastRegBack: 2015-04-17 09:41

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

[RubenAmaro]

Ok, sorry for posting here.. i'm kinda new at this and i will do it

[RubenAmaro]

Log:

 

aFix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-04-2015 01
Ran by SYSTEM at 2015-04-18 21:50:23 Run:1
Running from f:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
C:\Users\Ruben\AppData\Local\Temp/scpF0A6.tmp.exe
LastRegBack: 2015-04-17 09:41
*****************

C:\Users\Ruben\AppData\Local\Temp/scpF0A6.tmp.exe => Moved successfully.
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog 21:50:24 ====

[emeraldnzl]

Can you boot up normally now?

[RubenAmaro]

I started my windows and it showed me an error on a file from window, i was talking now with a person and he was touching in my pc and he fixed.

By the way thank you so much. I learn a lot of stuff with you..
It was not a malware like you say.

Thank you.
Ruben.

Edited by RubenAmaro, 18 April 2015 - 05:27 PM.