Inactive Computer freezes right after booting

[Akshay17]

Recently my PC usage was very high, almost 100% so I downloaded malwarebytes and it detected many pups and trojans etc, and deleted them. Today when I was casually using my laptop, malwarebytes showed a notification that it has detected a virus and to completely delete it I need to restart my laptop, so I did. But after doing that, it started to freeze, it would run for a couple minutes and then it would freeze. I could move my mouse but couldn't click on anything. After a while even the mouse was unable to move. Also the hdd light that would blink normally, now doesn't light up after freezing.

I tried running windows in safe mode, it booted once, so I restarted, but after that, even the safe mode is not running. Please help.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

NOTE 1. Use another working computer to download Farbar Recovery Scan Tool and save it to USB flash drive.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: http://betanews.com/2015/07/29/how-...your-own-installation-usb-flash-drive-or-dvd/ and boot from it.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[Akshay17]

Do I need to install frst on the other computer? I can't find the flash drive letter..

 

[Broni]

It's all in my instructions.
You have to have FRST on your flash drive.

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[Akshay17]

No, I mean do I just copy frst in flash drive or do I also need to install it?

 

[Broni]

Just copy. Nothing to install.

 

[Akshay17]

Uploaded frst.txt

 

[Akshay17]

Awaiting for further instructions

 

[Broni]

Please observe forum rules. All logs have to be pasted not attached....

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2016
Ran by SYSTEM on MININT-KP8GOBO (27-12-2016 09:00:22)
Running from H:\
Platform: Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool:

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Guardian AntiVirus\strtupap.exe [163424 2013-11-25] (Quick Heal Technologies (P) Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-23] (Synaptics Incorporated)
HKLM\...\Run: [kbdsprt] => [X]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-13] (Malwarebytes)
BootExecute: autocheck autochk * C:\PROGRA~1\QUICKH~1\GUARDI~1\nativscn.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 arwsrvc; C:\Program Files\Quick Heal\Guardian AntiVirus\arwsrvc.exe [269928 2015-10-19] (Quick Heal Technologies (P) Ltd.)
S2 Behavior Detection System; C:\Program Files\Quick Heal\Guardian AntiVirus\bdssvc.exe [24000 2013-08-26] (Quick Heal Technologies (P) Ltd.)
S2 Cleaning Service; C:\Program Files\Quick Heal\Guardian AntiVirus\ntclnsrv.exe [108136 2015-06-27] ()
S2 Core Mail Protection; C:\Program Files\Quick Heal\Guardian AntiVirus\EMLPROXY.EXE [34408 2015-01-09] (Quick Heal Technologies (P) Ltd.)
S2 Core Scanning Server; C:\Program Files\Quick Heal\Guardian AntiVirus\SAPISSVC.EXE [214632 2015-06-27] (Quick Heal Technologies (P) Ltd.)
S2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Guardian AntiVirus\SAPISSVC.EXE [214632 2015-06-27] (Quick Heal Technologies (P) Ltd.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-08-24] (Intel Corporation)
S2 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [391656 2016-08-24] (Digital Wave Ltd.)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-13] (Malwarebytes)
S2 Online Protection System; C:\Program Files\Quick Heal\Guardian AntiVirus\opssvc.exe [28584 2013-08-12] (Quick Heal Technologies (P) Ltd.)
S2 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [45692456 2016-03-27] (PACE Anti-Piracy, Inc.)
S2 Quick Update Service; C:\Program Files\Quick Heal\Guardian AntiVirus\quhlpsvc.exe [105576 2015-01-09] (Quick Heal Technologies (P) Ltd.)
S2 ScanWscS; C:\Program Files\Quick Heal\Guardian AntiVirus\SCANWSCS.EXE [259424 2015-01-09] (Quick Heal Technologies (P) Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 apmwinsrv; "C:\Program Files\Paragon Software\HFS+ for Windows\apmwinsrv.exe" [X]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 XperiaCompanionService; "C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [43096 2015-10-19] (Quick Heal Technologies (P) Ltd.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [174552 2013-10-22] (Broadcom Corporation.)
S1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [229992 2015-05-31] (Quick Heal Technologies (P) Ltd.)
S1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [21096 2014-11-28] (Quick Heal Technologies (P) Ltd.)
S2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [46496 2013-07-20] (Quick Heal Technologies (P) Ltd.)
S2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [29856 2013-07-20] (Quick Heal Technologies (P) Ltd.)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59968 2016-12-13] ()
S1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [59608 2013-09-06] (Quick Heal Technologies (P) Ltd.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2016-12-18] (Sony Mobile Communications)
S0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
S3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [352752 2013-02-22] (Intel Corporation)
S3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [58728 2014-10-27] (Quick Heal Technologies (P) Ltd.)
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [153024 2016-12-25] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [87496 2016-12-25] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2016-12-25] (Malwarebytes)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219072 2016-12-26] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [63264 2016-12-25] (Malwarebytes)
S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [33056 2013-08-23] (Quick Heal Technologies (P) Ltd.)
S3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [63256 2015-12-15] ()
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [233104 2012-06-14] (Realtek Semiconductor Corp.)
S0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [94416 2013-04-11] (PACE Anti-Piracy, Inc.)
S2 webssx; C:\Windows\System32\DRIVERS\webssx.sys [51600 2013-08-16] (Quick Heal Technologies (P) Ltd.)
S1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [59280 2013-08-16] (Quick Heal Technologies (P) Ltd.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 Generalusbserialser20679; system32\DRIVERS\CT_U_USBSER.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-27 09:00 - 2016-12-27 09:00 - 00000000 ___DC C:\FRST
2016-12-26 01:02 - 2016-12-26 01:02 - 00006464 ____N C:\bootsqm.dat
2016-12-25 20:55 - 2016-12-26 00:22 - 00000000 ____D C:\Windows\System32\Native
2016-12-25 15:58 - 2016-12-25 15:58 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-25 12:56 - 2016-12-25 21:53 - 00063264 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2016-12-25 12:56 - 2016-12-25 21:46 - 00087496 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2016-12-25 12:56 - 2016-12-25 21:45 - 00039360 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2016-12-25 12:56 - 2016-12-25 12:56 - 00153024 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2016-12-25 12:55 - 2016-12-26 13:50 - 00219072 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-12-25 12:54 - 2016-12-25 12:54 - 00001984 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-25 12:54 - 2016-12-13 23:25 - 00059968 _____ C:\Windows\System32\Drivers\mbae.sys
2016-12-25 12:53 - 2016-12-25 12:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-25 12:53 - 2016-12-25 12:53 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-25 12:30 - 2016-12-25 12:50 - 54199488 _____ (Malwarebytes ) C:\Users\admin\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-24 13:03 - 2016-12-24 13:12 - 47196384 _____ (Microsoft Corporation) C:\Users\admin\Downloads\Windows-KB890830-V5.43.exe
2016-12-24 12:40 - 2016-12-24 20:45 - 00000000 ____D C:\Windows\System32\MpEngineStore
2016-12-24 02:35 - 2016-12-24 02:35 - 00007603 _____ C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2016-12-22 21:14 - 2016-12-22 21:14 - 00000000 __HDC C:\ProgramData\{74EA5672-8925-4E7F-9E71-71DBC56A48B1}
2016-12-22 18:10 - 2016-12-22 18:10 - 00175616 _____ (.NET Foundation) C:\Users\admin\Documents\wixstdba.dll
2016-12-20 14:11 - 2016-12-20 14:12 - 00000000 ____D C:\Users\admin\Desktop\Tor Browser
2016-12-20 13:34 - 2016-12-20 13:35 - 00536520 _____ (Hola Networks Ltd.) C:\Users\admin\Downloads\Hola-Setup.exe
2016-12-20 11:38 - 2016-12-20 11:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\Native Instruments
2016-12-20 11:38 - 2016-12-20 11:38 - 00000000 ____D C:\Users\admin\AppData\Local\cache
2016-12-19 22:27 - 2016-12-19 22:27 - 00000000 __HDC C:\ProgramData\{559CC4E6-942D-4376-BA28-E4E187F2F399}
2016-12-19 22:26 - 2016-12-19 22:26 - 00001014 _____ C:\Users\Public\Desktop\Native Access.lnk
2016-12-19 22:08 - 2016-12-24 12:56 - 60632900 _____ C:\Users\admin\Downloads\Native_Access_Installer.zip
2016-12-19 17:45 - 2016-12-19 17:45 - 00000000 ____D C:\Users\admin\Documents\EA Games
2016-12-19 17:43 - 2016-12-19 17:43 - 00000795 _____ C:\Users\Public\Desktop\Mirror's Edge.lnk
2016-12-19 09:54 - 2016-12-19 09:54 - 00002212 _____ C:\Users\Public\Desktop\Free Video to MP3 Converter.lnk
2016-12-19 09:54 - 2016-12-19 09:54 - 00000000 ____D C:\Program Files\DVDVideoSoft
2016-12-19 09:54 - 2016-12-19 09:54 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2016-12-18 19:16 - 2016-12-18 19:16 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2016-12-18 19:16 - 2016-12-18 19:16 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2016-12-18 17:59 - 2016-12-18 17:59 - 00026328 _____ (Sony Mobile Communications) C:\Windows\System32\Drivers\ggsomc.sys
2016-12-18 17:59 - 2016-12-18 17:59 - 00013528 _____ (Sony Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
2016-12-18 17:59 - 2016-12-18 17:59 - 00000000 ____D C:\Users\admin\.oracle_jre_usage
2016-12-18 17:53 - 2016-12-22 18:09 - 00000000 ____D C:\ProgramData\Sony Mobile
2016-12-18 17:53 - 2016-12-22 18:09 - 00000000 ____D C:\Program Files\Sony Mobile
2016-12-18 15:21 - 2016-12-18 15:21 - 00000000 ____D C:\Users\admin\Documents\Sony
2016-12-18 15:20 - 2016-12-25 02:23 - 00000000 ____D C:\Program Files\Sony
2016-12-18 12:17 - 2016-12-18 12:17 - 00000000 ____D C:\Users\admin\AppData\Local\SKIDROW
2016-12-18 11:59 - 2016-12-18 11:59 - 00000733 _____ C:\Users\Public\Desktop\Sleeping Dogs.lnk
2016-12-18 07:39 - 2016-12-18 08:09 - 32110960 _____ (Digital Wave Ltd ) C:\Users\admin\Downloads\FreeVideoToMP3Converter_5.0.99.823_r.exe
2016-12-17 14:27 - 2016-12-17 14:27 - 00000949 _____ C:\Users\Public\Desktop\Rocket League.lnk
2016-12-16 21:15 - 2016-12-16 21:15 - 00000785 _____ C:\Users\admin\Desktop\AssassinsCreedII-MCE.lnk
2016-12-16 20:50 - 2016-12-16 20:50 - 00000000 ____D C:\ProgramData\Ubisoft
2016-12-16 12:22 - 2016-12-16 12:22 - 476494160 _____ C:\Windows\MEMORY.DMP
2016-12-16 12:22 - 2016-12-16 12:22 - 00150184 _____ C:\Windows\Minidump\121716-31637-01.dmp
2016-12-12 00:50 - 2016-12-12 00:50 - 00000000 ____D C:\ProgramData\Passmark
2016-12-12 00:17 - 2016-12-12 00:17 - 00231760 _____ C:\Users\admin\Downloads\CrucialScan.exe
2016-12-12 00:07 - 2016-12-12 00:22 - 27056496 _____ (Passmark Software ) C:\Users\admin\Downloads\petst8.exe
2016-12-11 13:24 - 2016-12-11 13:25 - 01219128 _____ (Meteor Development Group ) C:\Users\admin\Downloads\InstallMeteor.exe
2016-12-11 12:21 - 2016-12-24 12:56 - 00031834 _____ C:\Users\admin\Downloads\langorhythm-master.zip
2016-12-10 12:12 - 2016-12-10 12:12 - 00000000 ____D C:\Users\admin\Documents\Ubisoft
2016-12-10 12:12 - 2016-12-10 12:12 - 00000000 ____D C:\Program Files\Ubisoft
2016-12-10 11:55 - 2016-12-10 11:55 - 00000000 ____D C:\Users\admin\New folder
2016-12-09 14:10 - 2016-12-09 14:10 - 00140198 _____ C:\Users\admin\Desktop\FMarch.pdf
2016-12-09 08:58 - 2016-12-09 08:59 - 00833554 _____ C:\Users\admin\Downloads\444C542E3328D32BEF3AB8D87130F374B4CC80A2.torrent
2016-12-01 10:42 - 2016-12-01 10:43 - 00000000 ____D C:\Users\admin\Desktop\ImageInspiration

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 13:55 - 2014-07-07 07:44 - 02088010 _____ C:\Windows\ntbtlog.txt
2016-12-26 13:47 - 2015-05-09 07:28 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2016-12-26 13:47 - 2014-12-29 21:28 - 00000000 ____D C:\ProgramData\PACE
2016-12-26 13:44 - 2014-05-24 05:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeraCopy
2016-12-26 00:13 - 2014-05-26 08:11 - 00000000 ____D C:\temp
2016-12-26 00:12 - 2009-07-13 20:34 - 00017056 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-26 00:12 - 2009-07-13 20:34 - 00017056 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-26 00:11 - 2014-05-26 04:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2016-12-25 23:15 - 2014-05-24 05:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2016-12-25 20:52 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\tracing
2016-12-25 16:52 - 2015-11-30 00:23 - 00000000 ____D C:\Users\admin\AppData\LocalLow\uTorrent
2016-12-25 15:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2016-12-25 14:13 - 2009-07-13 18:04 - 00000024 ____C C:\AUTOEXEC.BAT
2016-12-25 13:15 - 2016-03-02 12:20 - 00000000 ____D C:\Windows\pss
2016-12-24 13:16 - 2014-12-29 12:00 - 133430776 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-12-24 12:57 - 2016-07-26 06:22 - 65695104 _____ C:\Users\admin\Downloads\The_Swelly_Express-(DatPiff.com).zip
2016-12-24 12:57 - 2016-07-15 04:51 - 53441178 _____ C:\Users\admin\Downloads\We_Got_A_Buzz_Now-(DatPiff.com).zip
2016-12-24 12:57 - 2016-07-05 08:27 - 35878863 _____ C:\Users\admin\Downloads\Who_The_****_Is_BOB-(DatPiff.com).zip
2016-12-24 12:57 - 2016-06-26 08:53 - 92481603 _____ C:\Users\admin\Downloads\TeknoMW3_2.7.3.11_Client FULL.rar
2016-12-24 12:57 - 2016-03-11 23:47 - 00048910 _____ C:\Users\admin\Downloads\Updated Patch v 1.0.zip
2016-12-24 12:57 - 2015-08-06 09:29 - 14531101 _____ C:\Users\admin\Downloads\Technicolor Remake.zip
2016-12-24 12:57 - 2015-05-01 09:54 - 00006453 _____ C:\Users\admin\Downloads\win7.rar
2016-12-24 12:57 - 2014-11-22 10:31 - 01223600 _____ C:\Users\admin\Downloads\Sylenth1 Black Pearl.rar
2016-12-24 12:57 - 2014-09-27 06:30 - 03425508 _____ C:\Users\admin\Downloads\tc3.zip
2016-12-24 12:57 - 2014-06-02 03:23 - 00433774 _____ C:\Users\admin\Downloads\wxbase28u_vc_custom.zip
2016-12-24 12:56 - 2016-09-12 09:57 - 96631649 _____ C:\Users\admin\Downloads\Room_For_Improvement-(DatPiff.com).zip
2016-12-24 12:56 - 2016-08-20 10:56 - 00727105 _____ C:\Users\admin\Downloads\Sonogram_SG1.zip
2016-12-24 12:56 - 2016-08-18 09:56 - 41455325 _____ C:\Users\admin\Downloads\Poindexter-(DatPiff.com).zip
2016-12-24 12:56 - 2016-07-05 06:10 - 79942340 _____ C:\Users\admin\Downloads\EPIC_Every_Play_Is_Crucial-(DatPiff.com).zip
2016-12-24 12:56 - 2016-06-19 11:03 - 00320607 _____ C:\Users\admin\Downloads\msvcr90.zip
2016-12-24 12:56 - 2016-05-21 08:32 - 00252593 _____ C:\Users\admin\Downloads\magical8bitPlug_for_win.zip
2016-12-24 12:56 - 2016-05-09 08:01 - 00854091 _____ C:\Users\admin\Downloads\mda ePiano.zip
2016-12-24 12:56 - 2016-05-08 16:10 - 06589036 _____ C:\Users\admin\Downloads\Persian.Santur.v.2.zip
2016-12-24 12:56 - 2016-03-30 22:04 - 00001169 _____ C:\Users\admin\Downloads\String Ens Staccato 3.mid
2016-12-24 12:56 - 2016-03-30 21:59 - 00000621 _____ C:\Users\admin\Downloads\Midi Notes.mid
2016-12-24 12:56 - 2016-03-11 23:51 - 10449577 _____ C:\Users\admin\Downloads\Nagado_Taiko_16_Slice.zip
2016-12-24 12:56 - 2015-12-16 09:05 - 19000426 _____ C:\Users\admin\Downloads\soundcloud-cover.psd
2016-12-24 12:56 - 2015-10-21 20:54 - 01242021 _____ C:\Users\admin\Downloads\mda_vst_fx_win.zip
2016-12-24 12:56 - 2015-09-08 00:01 - 01251683 _____ C:\Users\admin\Downloads\illformed_old_vst_plugins.zip
2016-12-24 12:56 - 2015-08-06 09:53 - 14371261 _____ C:\Users\admin\Downloads\Forbidden Voices Remake.zip
2016-12-24 12:56 - 2015-05-11 00:21 - 34194944 _____ C:\Users\admin\Downloads\MaleHouseVocals_Freebie_SP.zip
2016-12-24 12:56 - 2015-04-29 07:27 - 351063989 _____ C:\Users\admin\Downloads\ElectroEDM.rar
2016-12-24 12:56 - 2014-11-23 07:07 - 00196517 _____ C:\Users\admin\Downloads\GSnapWin32.zip
2016-12-24 12:56 - 2014-11-22 13:05 - 03777855 _____ C:\Users\admin\Downloads\funkybot_90_claps.zip
2016-12-24 12:55 - 2016-10-15 05:06 - 00101120 _____ C:\Users\admin\Downloads\D minor (1).flp
2016-12-24 12:55 - 2016-07-05 00:21 - 482743229 _____ C:\Users\admin\Downloads\CymaticsTelescopeProject.zip
2016-12-24 12:55 - 2016-07-05 00:21 - 119180545 _____ C:\Users\admin\Downloads\Cymatics-FutureBassAbletonProject.zip
2016-12-24 12:55 - 2015-04-22 07:52 - 36470013 _____ C:\Users\admin\Downloads\ELECTRIC_SPACE_GUITARS_DEMOS.zip
2016-12-24 12:55 - 2014-11-27 10:18 - 01165740 _____ C:\Users\admin\Downloads\CySnaps.zip
2016-12-24 12:54 - 2016-09-07 11:46 - 97242547 _____ C:\Users\admin\Downloads\AIR_Art_Imitates_Reality-(DatPiff.com).zip
2016-12-24 12:54 - 2016-07-09 05:56 - 00363930 _____ C:\Users\admin\Downloads\AQZNetPlayPlugin.zip
2016-12-24 12:54 - 2016-06-08 09:37 - 00313944 _____ C:\Users\admin\Downloads\Akshay Vijay Lakkundi.pdf
2016-12-24 12:54 - 2016-05-17 04:27 - 06036692 _____ C:\Users\admin\Downloads\arp2600_v.pdf
2016-12-24 12:54 - 2016-03-30 22:02 - 00000819 _____ C:\Users\admin\Downloads\Brass Low.mid
2016-12-24 12:54 - 2015-04-22 07:47 - 113905728 _____ C:\Users\admin\Downloads\513TubeDrumHits_Wav_SP.zip
2016-12-24 12:54 - 2014-08-19 04:31 - 00053687 _____ C:\Users\admin\Downloads\AP1201-DE-C-001-DataSheet_F04_Pressure_Safety_Valves-Rev01.pdf
2016-12-23 12:10 - 2010-11-20 13:01 - 00786558 _____ C:\Windows\System32\PerfStringBackup.INI
2016-12-23 12:10 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2016-12-22 21:14 - 2014-11-15 06:44 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2016-12-22 18:34 - 2015-05-26 08:55 - 00000278 _____ C:\Users\admin\Documents\midi.txt
2016-12-20 11:38 - 2014-12-04 19:49 - 00000000 ____D C:\Users\admin\AppData\Local\Native Instruments
2016-12-19 22:26 - 2015-01-20 21:46 - 00000000 ____D C:\Program Files\Native Instruments
2016-12-19 09:55 - 2014-08-18 03:20 - 00000000 ____D C:\Users\admin\AppData\Roaming\DVDVideoSoft
2016-12-19 05:27 - 2015-08-13 12:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\VOCALOID3
2016-12-18 17:59 - 2014-05-24 04:17 - 00000000 ____D C:\users\admin
2016-12-18 15:20 - 2015-01-20 21:46 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-17 15:54 - 2016-03-31 07:37 - 00000000 ____D C:\Users\admin\Documents\My Games
2016-12-16 21:22 - 2015-10-23 07:05 - 00000000 ____D C:\Users\admin\AppData\Local\Ubisoft Game Launcher
2016-12-16 21:16 - 2014-05-24 04:25 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-12-16 20:50 - 2016-06-16 06:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\Ubisoft
2016-12-16 12:22 - 2014-05-28 08:16 - 00000000 ____D C:\Windows\Minidump
2016-12-15 13:04 - 2015-08-26 02:15 - 00002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-06 22:59 - 2015-06-30 10:21 - 00000000 ____D C:\Users\admin\Documents\FabFilter
2016-12-06 22:59 - 2015-02-14 03:05 - 00000000 ____D C:\Users\admin\AppData\Roaming\FabFilter
2016-12-01 12:00 - 2016-10-18 08:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2016-11-27 12:42 - 2016-11-13 10:24 - 00000000 ____D C:\Users\admin\AppData\Roaming\JAM Software

Files to move or delete:
====================
C:\ProgramData\sysid100.dat


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-09-13 12:04] - [2016-08-15 18:48] - 0811520 ____A (Microsoft Corporation) CC157E3445C86456494ED940E1250247

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 3971.36 MB
Available physical RAM: 3457.29 MB
Total Virtual: 3969.64 MB
Available Virtual: 3465.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:2.43 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:130.06 GB) (Free:2.65 GB) NTFS
Drive e: () (Fixed) (Total:91.55 GB) (Free:11.59 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:97.66 GB) (Free:6.13 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:97.66 GB) (Free:4.82 GB) NTFS
Drive h: (FLUIDTECH) (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 571D6F03)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=221.6 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)

LastRegBack: 2016-12-25 23:36

==================== End of FRST.txt ============================

 

[Broni]

I don't see anything very obvious but let's try couple of things....

Re-run FRST again.
Type the following in the edit box after "Search:".

User32.dll

Click Search files button and post the log (Search.txt) it makes in your reply.

 

[Akshay17]

I'm sorry for uploading the file directly and not pasting it , I should have read the forum rules before and I apologise for not doing so..

I was able to boot my laptop into safe mode this time, I then ran frst and searched for user32.dll and this is the text I got:

Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by admin (28-12-2016 20:41:26)
Running from H:\
Boot Mode: Safe Mode (minimal)

================== Search Files: "user32.dll" =============

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23528_none_cfc274bde4c0ef6f\user32.dll
[2016-09-14 01:34][2016-08-16 08:18] 0811520 ____A (Microsoft Corporation) CC157E3445C86456494ED940E1250247 [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_cf942e7de4e41bb9\user32.dll
[2015-12-09 12:24][2015-11-11 00:06] 0811520 ____A (Microsoft Corporation) E175DD0A22EC01BA2E2EFCF0B14B8426 [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_cf068ea4cbca196c\user32.dll
[2015-12-09 12:24][2015-11-11 00:09] 0811520 ____A (Microsoft Corporation) 4C5A23AE4F5157F579C89736EA5D42CE [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[2010-11-21 02:59][2010-11-21 02:59] 0811520 ____A (Microsoft Corporation) F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 [File is digitally signed]

C:\Windows\System32\user32.dll
[2016-09-14 01:34][2016-08-16 08:18] 0811520 ____A (Microsoft Corporation) CC157E3445C86456494ED940E1250247 [File is digitally signed]

====== End of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8/10: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.

 

[Akshay17]

Fixlog.txt :


Fix result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by admin (29-12-2016 21:01:40) Run:1
Running from H:\
Loaded Profiles: admin (Available Profiles: admin & Administrator)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
HKLM\...\Run: [kbdsprt] => [X]
HKLM\...\Run: [] => [X]
S2 apmwinsrv; "C:\Program Files\Paragon Software\HFS+ for Windows\apmwinsrv.exe" [X]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 XperiaCompanionService; "C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe" [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 Generalusbserialser20679; system32\DRIVERS\CT_U_USBSER.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
C:\ProgramData\sysid100.dat
Replace: C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_cf942e7de4e41bb9\user32.dll C:\Windows\System32\user32.dll
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\kbdsprt => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
apmwinsrv => service removed successfully.
NMIndexingService => service removed successfully.
XperiaCompanionService => service removed successfully.
BAPIDRV => service removed successfully.
ewusbmbb => service removed successfully.
ew_hwusbdev => service removed successfully.
Generalusbserialser20679 => service removed successfully.
huawei_enumerator => service removed successfully.
hwdatacard => service removed successfully.
RSUSBSTOR => service removed successfully.
C:\ProgramData\sysid100.dat => moved successfully
C:\Windows\System32\user32.dll => moved successfully
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_cf942e7de4e41bb9\user32.dll copied successfully to C:\Windows\System32\user32.dll

==== End of Fixlog 21:01:41 ====



I tried booting normally, the computer freezes after a couple seconds.

 

[Broni]

Let's try one more thing.
We'll attempt to return your computer to the date when it booted successfully for the last time.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8/10: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.

 

[Akshay17]

In the system recovery options, I opened FRST and clicked fix.

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by SYSTEM (30-12-2016 12:19:12) Run:2
Running from H:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
LastRegBack: 2016-12-25 23:36
*****************

DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up

==== End of Fixlog 12:19:18 ====



Tried restarting, it is stuck on 'Welcome'

 

[Broni]

Can you still boot to safe mode?
BTW, we're not dealing with any infection issue at this point.

 

[Akshay17]

Yes I am able to boot into safe mode, but with a temporary account..

 

[Broni]

Click Start button and in "Start search" type:
cmd
Hold CTRL and SHIFT buttons and press Enter.
Command prompt window will open.
Paste this in:
chkdsk /r (<------watch for "space")
Press Enter.
Chkdsk will run.
Reboot.
Download ListChkdskResult.exe (by SleepyDude) from the link below:
https://dl.dropboxusercontent.com/u/12354842/My Tools/ListChkdskResult.exe
Double click on it to run it. It will take a few seconds to scan, then it will open a Notepad window with the log. Copy and paste the contents of this into your next post

 

[Akshay17]

Showed this message:
"Chkdsk cannot run because the volume is in use by another process . Do you want to scan in the next reboot? "
I typed 'y' and then it started normally.. but again it keeps freezing at this point..

 

[Akshay17]

I don't know if this would help in detecting the problem, but before this problem occurred, there was a ransomware in Microsoft's crypto folder, called sysgop.exe , I deleted it. In the configuration startup, I found sysgop.exe from 'Unknown' so I disabled it too..

 

[Broni]

At this point there is nothing malicious on your computer.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7, 8 and 10 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

Go to Step 5 and under "System Restore" click on Create button:

Go to Repairs tab and click Open Repairs button.

In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

[Akshay17]

Chkdsk log:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Program Files\Tweaking.com\Windows Repair (All in One)>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
9 percent complete. (503194 of 559104 file records processed)
559104 file records processed.

File verification completed.
776 large file records processed.

0 bad file records processed.

2 EA records processed.

60 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
54 percent complete. (955064 of 1351108 index entries processed)
1351108 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
81 percent complete. (514991 of 559104 file SDs/SIDs processed)
559104 file SDs/SIDs processed.

Security descriptor verification completed.
396003 data files processed.

CHKDSK is verifying Usn Journal...
100 percent complete. (13090816 of 13094048 USN bytes processed)
13094048 USN bytes processed.

Usn Journal verification completed.
The master file table's (MFT) BITMAP attribute is incorrect.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

51199999 KB total disk space.
47700252 KB in 159457 files.
240116 KB in 396004 indexes.
0 KB in bad sectors.
644159 KB in use by the system.
65536 KB occupied by the log file.
2615472 KB available on disk.

4096 bytes in each allocation unit.
12799999 total allocation units on disk.
653868 allocation units available on disk.

C:\>




Chkdsk full log:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Program Files\Tweaking.com\Windows Repair (All in One)>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
0 percent complete. (0 of 559104 file records processed)
0 percent complete. (10405 of 559104 file records processed)
0 percent complete. (15640 of 559104 file records processed)
0 percent complete. (31004 of 559104 file records processed)
0 percent complete. (50826 of 559104 file records processed)
1 percent complete. (55911 of 559104 file records processed)
1 percent complete. (88490 of 559104 file records processed)
2 percent complete. (111821 of 559104 file records processed)
2 percent complete. (162495 of 559104 file records processed)
3 percent complete. (167732 of 559104 file records processed)
4 percent complete. (223642 of 559104 file records processed)
5 percent complete. (279552 of 559104 file records processed)
6 percent complete. (335463 of 559104 file records processed)
7 percent complete. (391373 of 559104 file records processed)
8 percent complete. (447284 of 559104 file records processed)
9 percent complete. (503194 of 559104 file records processed)
559104 file records processed.

File verification completed.
776 large file records processed.

0 bad file records processed.

2 EA records processed.

60 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
11 percent complete. (21173 of 1351108 index entries processed)
12 percent complete. (42624 of 1351108 index entries processed)
13 percent complete. (64075 of 1351108 index entries processed)
14 percent complete. (85527 of 1351108 index entries processed)
15 percent complete. (106978 of 1351108 index entries processed)
16 percent complete. (128430 of 1351108 index entries processed)
17 percent complete. (149881 of 1351108 index entries processed)
18 percent complete. (171333 of 1351108 index entries processed)
19 percent complete. (192784 of 1351108 index entries processed)
20 percent complete. (214235 of 1351108 index entries processed)
21 percent complete. (235687 of 1351108 index entries processed)
22 percent complete. (257138 of 1351108 index entries processed)
23 percent complete. (278590 of 1351108 index entries processed)
24 percent complete. (300041 of 1351108 index entries processed)
25 percent complete. (321492 of 1351108 index entries processed)
26 percent complete. (342944 of 1351108 index entries processed)
27 percent complete. (364395 of 1351108 index entries processed)
28 percent complete. (385847 of 1351108 index entries processed)
29 percent complete. (407298 of 1351108 index entries processed)
30 percent complete. (428750 of 1351108 index entries processed)
31 percent complete. (450201 of 1351108 index entries processed)
32 percent complete. (471652 of 1351108 index entries processed)
33 percent complete. (493104 of 1351108 index entries processed)
34 percent complete. (514555 of 1351108 index entries processed)
35 percent complete. (536007 of 1351108 index entries processed)
36 percent complete. (557458 of 1351108 index entries processed)
36 percent complete. (560185 of 1351108 index entries processed)
36 percent complete. (560630 of 1351108 index entries processed)
36 percent complete. (561419 of 1351108 index entries processed)
36 percent complete. (561685 of 1351108 index entries processed)
36 percent complete. (567316 of 1351108 index entries processed)
36 percent complete. (568714 of 1351108 index entries processed)
36 percent complete. (569773 of 1351108 index entries processed)
36 percent complete. (570505 of 1351108 index entries processed)
36 percent complete. (571258 of 1351108 index entries processed)
36 percent complete. (571881 of 1351108 index entries processed)
36 percent complete. (572565 of 1351108 index entries processed)
36 percent complete. (573028 of 1351108 index entries processed)
36 percent complete. (573565 of 1351108 index entries processed)
36 percent complete. (574136 of 1351108 index entries processed)
36 percent complete. (574899 of 1351108 index entries processed)
36 percent complete. (575731 of 1351108 index entries processed)
36 percent complete. (576350 of 1351108 index entries processed)
36 percent complete. (577360 of 1351108 index entries processed)
36 percent complete. (578647 of 1351108 index entries processed)
37 percent complete. (578909 of 1351108 index entries processed)
37 percent complete. (579266 of 1351108 index entries processed)
37 percent complete. (580158 of 1351108 index entries processed)
37 percent complete. (581024 of 1351108 index entries processed)
37 percent complete. (582143 of 1351108 index entries processed)
37 percent complete. (582806 of 1351108 index entries processed)
37 percent complete. (583113 of 1351108 index entries processed)
37 percent complete. (583675 of 1351108 index entries processed)
37 percent complete. (584394 of 1351108 index entries processed)
37 percent complete. (585148 of 1351108 index entries processed)
37 percent complete. (585476 of 1351108 index entries processed)
37 percent complete. (585874 of 1351108 index entries processed)
37 percent complete. (586168 of 1351108 index entries processed)
37 percent complete. (586996 of 1351108 index entries processed)
37 percent complete. (587400 of 1351108 index entries processed)
37 percent complete. (587935 of 1351108 index entries processed)
37 percent complete. (588683 of 1351108 index entries processed)
37 percent complete. (590235 of 1351108 index entries processed)
37 percent complete. (591226 of 1351108 index entries processed)
37 percent complete. (592594 of 1351108 index entries processed)
37 percent complete. (592929 of 1351108 index entries processed)
37 percent complete. (595213 of 1351108 index entries processed)
37 percent complete. (597126 of 1351108 index entries processed)
37 percent complete. (597150 of 1351108 index entries processed)
37 percent complete. (597175 of 1351108 index entries processed)
37 percent complete. (597195 of 1351108 index entries processed)
37 percent complete. (597216 of 1351108 index entries processed)
37 percent complete. (597274 of 1351108 index entries processed)
37 percent complete. (597327 of 1351108 index entries processed)
37 percent complete. (597345 of 1351108 index entries processed)
37 percent complete. (597364 of 1351108 index entries processed)
37 percent complete. (597383 of 1351108 index entries processed)
37 percent complete. (597446 of 1351108 index entries processed)
37 percent complete. (597518 of 1351108 index entries processed)
37 percent complete. (597542 of 1351108 index entries processed)
38 percent complete. (600361 of 1351108 index entries processed)
39 percent complete. (621812 of 1351108 index entries processed)
40 percent complete. (643264 of 1351108 index entries processed)
41 percent complete. (664715 of 1351108 index entries processed)
42 percent complete. (686167 of 1351108 index entries processed)
43 percent complete. (707618 of 1351108 index entries processed)
44 percent complete. (729069 of 1351108 index entries processed)
45 percent complete. (750521 of 1351108 index entries processed)
46 percent complete. (771972 of 1351108 index entries processed)
47 percent complete. (793424 of 1351108 index entries processed)
48 percent complete. (814875 of 1351108 index entries processed)
49 percent complete. (836326 of 1351108 index entries processed)
50 percent complete. (857778 of 1351108 index entries processed)
51 percent complete. (879229 of 1351108 index entries processed)
52 percent complete. (900681 of 1351108 index entries processed)
53 percent complete. (922132 of 1351108 index entries processed)
54 percent complete. (943584 of 1351108 index entries processed)
54 percent complete. (955064 of 1351108 index entries processed)
1351108 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
73 percent complete. (157 of 559104 file SDs/SIDs processed)
74 percent complete. (64511 of 559104 file SDs/SIDs processed)
75 percent complete. (128865 of 559104 file SDs/SIDs processed)
76 percent complete. (193219 of 559104 file SDs/SIDs processed)
77 percent complete. (257574 of 559104 file SDs/SIDs processed)
78 percent complete. (321928 of 559104 file SDs/SIDs processed)
79 percent complete. (386282 of 559104 file SDs/SIDs processed)
80 percent complete. (450636 of 559104 file SDs/SIDs processed)
81 percent complete. (514991 of 559104 file SDs/SIDs processed)
559104 file SDs/SIDs processed.

Security descriptor verification completed.
396003 data files processed.

CHKDSK is verifying Usn Journal...
99 percent complete. (0 of 13094048 USN bytes processed)
100 percent complete. (13090816 of 13094048 USN bytes processed)
13094048 USN bytes processed.

Usn Journal verification completed.
The master file table's (MFT) BITMAP attribute is incorrect.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

51199999 KB total disk space.
47700252 KB in 159457 files.
240116 KB in 396004 indexes.
0 KB in bad sectors.
644159 KB in use by the system.
65536 KB occupied by the log file.
2615472 KB available on disk.

4096 bytes in each allocation unit.
12799999 total allocation units on disk.
653868 allocation units available on disk.

C:\>



When I try to boot in normal mode, theres just a black screen with a working cursor..

 

[Broni]

Did you try Windows Repair (All in One)?

 

[Akshay17]

Yes, I downloaded the installer from the site that you linked..

 

[Broni]

The very last option before reinstalling Windows would be repair installation: http://www.sevenforums.com/tutorials/3413-repair-install.html