TechSpot

Notebook stuck on aswrvrt.sys

Inactive
By metaathron
Aug 18, 2014
  1. Hello, could you please help my friend? He has similar problem to other people, that his notebook is stuck on windows vista (32) booting screen. When trying safe mode, it stays stuck on aswrvrt.sys.

    FRST says:
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
    Ran by SYSTEM on MINWINPC on 18-08-2014 20:24:06
    Running from f:\
    Platform: Windows Vista (TM) Home Premium (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [217088 2009-04-10] (Microsoft Corporation)
    Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
    HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default\...\RunOnce: [AcerScrSav] => C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
    HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default User\...\RunOnce: [AcerScrSav] => C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
    HKU\Guest\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Guest\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    HKU\Guest\...\Run: [Google Update] => C:\Users\NOTEBOOK\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-10-11] (Google Inc.)
    HKU\Guest\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-05-16] (Macrovision Corporation)
    HKU\Guest\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\daemon.exe [490952 2008-07-24] (DT Soft Ltd)
    HKU\Guest\...\Run: [Namedate] => C:\nezmeskej\nezmeskej.exe s s
    HKU\Guest\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-02] (Skype Technologies S.A.)
    HKU\Guest\...\Policies\system: [LogonHoursAction] 2
    HKU\Guest\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Guest\...\Policies\Explorer: [RegWinBackUp] 0
    HKU\NOTEBOOK\...\Run: [Google Update] => C:\Users\NOTEBOOK\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2008-10-11] (Google Inc.)
    HKU\NOTEBOOK\...\Policies\system: [LogonHoursAction] 2
    HKU\NOTEBOOK\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\NOTEBOOK\...\Policies\Explorer: [RegWinBackUp] 0
    Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
    Startup: C:\Users\NOTEBOOK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gaia Wallpaper Desktop.lnk
    ShortcutTarget: Gaia Wallpaper Desktop.lnk -> C:\Program Files\Gaia Dream Creation\Gaia Wallpaper Desktop\GaiaWallpaperDesktop.exe (Gaia Dream Creation Inc.)
    BootExecute: autocheck autochk *

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
    S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
    S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
    S2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3474432 2008-10-03] ()
    S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
    S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
    S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-10-23] ()
    S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-03] (Alfa Corporation)
    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)
    S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-06] ()
    S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-01-28] ()
    S0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-21] (Glarysoft Ltd)
    S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
    S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [65896 2013-07-25] (FTDI Ltd.)
    S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-09] (LogMeIn, Inc.)
    S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
    S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-04] (Atheros Communications, Inc.)
    S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-01-28] ()
    S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
    S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-10-26] (Duplex Secure Ltd.)
    S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-18 20:22 - 2014-08-18 20:22 - 00000000 ____D () C:\FRST
    2014-08-12 21:08 - 2014-08-12 21:08 - 00000000 __SHD () C:\found.001
    2014-08-11 20:27 - 2014-08-11 20:27 - 00000000 __SHD () C:\found.000
    2014-08-11 11:55 - 2014-08-12 11:24 - 249359867 _____ () C:\Windows\MEMORY.DMP
    2014-08-11 11:55 - 2014-08-11 11:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
    2014-08-10 22:35 - 2014-08-10 22:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
    2014-08-08 09:44 - 2014-08-08 11:35 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
    2014-08-06 21:31 - 2014-08-06 21:31 - 00000194 _____ () C:\Windows\wininit.ini
    2014-08-06 21:31 - 2014-08-06 21:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
    2014-08-06 21:30 - 2014-08-06 21:30 - 00000000 ____D () C:\Program Files\Dropbox
    2014-08-06 21:29 - 2014-08-06 21:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
    2014-08-06 06:24 - 2014-08-06 06:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-08-06 06:24 - 2014-08-06 06:24 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
    2014-07-23 08:04 - 2014-07-23 08:04 - 00050688 _____ () C:\Users\NOTEBOOK\Downloads\dochazkovy_list_mesicni_-_nový.xls

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-18 20:22 - 2014-08-18 20:22 - 00000000 ____D () C:\FRST
    2014-08-18 09:26 - 2014-06-25 10:45 - 00226414 _____ () C:\Windows\PFRO.log
    2014-08-12 21:08 - 2014-08-12 21:08 - 00000000 __SHD () C:\found.001
    2014-08-12 11:24 - 2014-08-11 11:55 - 249359867 _____ () C:\Windows\MEMORY.DMP
    2014-08-11 20:56 - 2014-04-19 23:09 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\SoftDMA
    2014-08-11 20:56 - 2014-04-12 10:42 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\PowerCinema
    2014-08-11 20:56 - 2009-01-07 03:48 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\PlayMovie
    2014-08-11 20:56 - 2008-10-12 02:42 - 00000000 ____D () C:\users\Guest
    2014-08-11 20:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\spool
    2014-08-11 20:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\Msdtc
    2014-08-11 20:56 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
    2014-08-11 20:56 - 2006-11-02 02:22 - 48496640 _____ () C:\Windows\System32\config\software_previous
    2014-08-11 20:56 - 2006-11-02 02:22 - 39583744 _____ () C:\Windows\System32\config\system_previous
    2014-08-11 20:42 - 2006-11-02 02:22 - 45875200 _____ () C:\Windows\System32\config\components_previous
    2014-08-11 20:42 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous
    2014-08-11 20:27 - 2014-08-11 20:27 - 00000000 __SHD () C:\found.000
    2014-08-11 12:06 - 2008-10-03 10:33 - 00646048 _____ () C:\ProgramData\nvModes.001
    2014-08-11 11:55 - 2014-08-11 11:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
    2014-08-11 11:55 - 2008-10-05 07:19 - 00000000 ____D () C:\Windows\Minidump
    2014-08-11 11:02 - 2008-10-03 10:32 - 00646048 _____ () C:\ProgramData\nvModes.dat
    2014-08-11 11:02 - 2008-10-03 10:05 - 01839533 _____ () C:\Windows\WindowsUpdate.log
    2014-08-11 11:01 - 2008-10-03 10:31 - 00000000 ____D () C:\users\NOTEBOOK
    2014-08-11 11:00 - 2014-01-24 08:59 - 00001837 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-08-11 10:57 - 2008-10-03 10:42 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
    2014-08-11 10:57 - 2008-04-24 22:16 - 00000147 _____ () C:\Windows\System32\agent.log
    2014-08-11 10:57 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-11 10:57 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-11 05:46 - 2006-11-02 02:22 - 00524288 _____ () C:\Windows\System32\config\default_previous
    2014-08-11 05:46 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\security_previous
    2014-08-10 23:52 - 2009-02-18 10:38 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Skype
    2014-08-10 22:35 - 2014-08-10 22:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
    2014-08-09 23:41 - 2014-07-08 13:56 - 03148854 _____ () C:\Windows\Gaia Wallpaper Desktop.bmp
    2014-08-09 15:41 - 2008-10-04 05:53 - 00000012 _____ () C:\Windows\bthservsdp.dat
    2014-08-08 21:33 - 2008-01-20 22:47 - 01421554 _____ () C:\Windows\System32\PerfStringBackup.INI
    2014-08-08 11:41 - 2010-03-31 23:50 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
    2014-08-08 11:35 - 2014-08-08 09:44 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
    2014-08-08 11:32 - 2008-10-19 11:22 - 00247296 _____ () C:\Users\NOTEBOOK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-08-08 11:26 - 2010-03-31 23:59 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\Pinnacle
    2014-08-08 08:59 - 2008-10-29 15:08 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\vlc
    2014-08-06 21:31 - 2014-08-06 21:31 - 00000194 _____ () C:\Windows\wininit.ini
    2014-08-06 21:31 - 2014-08-06 21:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
    2014-08-06 21:31 - 2014-08-06 21:29 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
    2014-08-06 21:30 - 2014-08-06 21:30 - 00000000 ____D () C:\Program Files\Dropbox
    2014-08-06 06:24 - 2014-08-06 06:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-08-06 06:24 - 2014-08-06 06:24 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
    2014-08-06 06:24 - 2014-01-24 08:35 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2014-08-06 06:24 - 2014-01-24 08:35 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
    2014-08-06 06:24 - 2014-01-24 08:35 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
    2014-08-06 06:24 - 2014-01-24 08:35 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
    2014-08-06 06:24 - 2014-01-24 08:35 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2014-08-06 06:24 - 2014-01-24 08:35 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2014-08-06 06:24 - 2014-01-24 08:35 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2014-08-06 06:24 - 2014-01-24 08:35 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
    2014-07-30 21:26 - 2014-06-25 10:50 - 00000789 _____ () C:\Windows\setupact.log
    2014-07-26 00:26 - 2010-03-17 09:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-07-23 08:04 - 2014-07-23 08:04 - 00050688 _____ () C:\Users\NOTEBOOK\Downloads\dochazkovy_list_mesicni_-_nový.xls
    2014-07-20 04:17 - 2014-01-22 09:29 - 00000000 ____D () C:\Program Files\Glary Utilities 4

    Some content of TEMP:
    ====================
    C:\Users\Guest\AppData\Local\Temp\RtkBtMnt.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd6b_xt.dll
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1100.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1738.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1A24.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1F.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2BE.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2CF8.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU34D5.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU37C2.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU4DB2.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU5002.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6279.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6B6E.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU703F.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU76F.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU7A2E.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU98E4.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU9C5D.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA275.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA6AA.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUAC26.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB71E.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB72E.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC023.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC5DD.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCACD.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCEB.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD087.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD799.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD7B8.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE159.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE281.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUEB29.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\RtkBtMnt.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\SkypeSetup.exe


    ==================== Known DLLs (Whitelisted) ============


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 4093.63 MB
    Available physical RAM: 3706.61 MB
    Total Pagefile: 3959.36 MB
    Available Pagefile: 3795.05 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1980.23 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:53.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (DATA) (Fixed) (Total:104.9 GB) (Free:102.82 GB) NTFS
    Drive e: (Disc) (CDROM) (Total:3.6 GB) (Free:0 GB) UDF
    Drive f: (USB DISK) (Removable) (Total:57.58 GB) (Free:57.5 GB) FAT32
    Drive x: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4.18 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 8854C7A8)
    Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
    Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 57.6 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=57.6 GB) - (Type=0C)


    LastRegBack: 2014-08-10 22:10

    ==================== End Of Log ============================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,660   +267

    Welcome aboard [​IMG]


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    Let's see if this will work...

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     

    Attached Files:

  3. metaathron

    metaathron TS Rookie Topic Starter

    Didn't help. Situation is the same.

    Fixlog:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-08-2014 01
    Ran by SYSTEM at 2014-08-19 21:30:59 Run:1
    Running from F:\
    Boot Mode: Recovery

    ==============================================

    Content of fixlist:
    *****************
    LastRegBack: 2014-08-10 22:10
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    C:\Users\Guest\AppData\Local\Temp\RtkBtMnt.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd6b_xt.dll
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1100.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1738.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1A24.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1F.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2BE.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2CF8.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU34D5.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU37C2.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU4DB2.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU5002.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6279.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6B6E.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU703F.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU76F.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU7A2E.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU98E4.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU9C5D.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA275.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA6AA.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUAC26.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB71E.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB72E.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC023.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC5DD.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCACD.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCEB.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD087.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD799.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD7B8.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE159.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE281.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUEB29.tmp.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\RtkBtMnt.exe
    C:\Users\NOTEBOOK\AppData\Local\Temp\SkypeSetup.exe

    *****************

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.
    IpInIp => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    C:\Users\Guest\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd6b_xt.dll => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1100.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1738.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1A24.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU1F.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2BE.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU2CF8.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU34D5.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU37C2.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU4DB2.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU5002.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6279.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU6B6E.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU703F.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU76F.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU7A2E.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU98E4.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHU9C5D.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA275.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUA6AA.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUAC26.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB71E.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUB72E.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC023.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUC5DD.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCACD.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUCEB.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD087.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD799.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUD7B8.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE159.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUE281.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\IHUEB29.tmp.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\RtkBtMnt.exe => Moved successfully.
    C:\Users\NOTEBOOK\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.

    ==== End of Fixlog ====
     
  4. Broni

    Broni Malware Annihilator Posts: 47,660   +267

    That's fine.
    Give me fresh FRST log.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,660   +267

    Reopened.
     
  6. metaathron

    metaathron TS Rookie Topic Starter

    Thank you so much. Here is the new FRST log:
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
    Ran by SYSTEM on MINWINPC on 26-08-2014 21:30:41
    Running from G:\
    Platform: WIN_VISTA Service Pack 2 (X86) OS Language: Čeština (Česká republika)
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    ATTENTION: Software hive is not loaded.
    BootExecute: autocheck autochk *

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
    S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
    S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
    S2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3474432 2008-10-03] ()
    S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
    S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
    S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-10-24] ()
    S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-03] (Alfa Corporation)
    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)
    S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-06] ()
    S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-01-28] ()
    S0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-22] (Glarysoft Ltd)
    S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
    S0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
    S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [65896 2013-07-25] (FTDI Ltd.)
    S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-09] (LogMeIn, Inc.)
    S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
    S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
    S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-01-28] ()
    S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
    S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-10-26] (Duplex Secure Ltd.)
    S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-20 06:31 - 2014-08-20 06:31 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
    2014-08-19 05:22 - 2014-08-20 06:39 - 00000000 ____D () C:\FRST
    2014-08-13 06:08 - 2014-08-13 06:08 - 00000000 __SHD () C:\found.001
    2014-08-12 05:27 - 2014-08-12 05:27 - 00000000 __SHD () C:\found.000
    2014-08-11 20:55 - 2014-08-12 20:24 - 249359867 _____ () C:\Windows\MEMORY.DMP
    2014-08-11 20:55 - 2014-08-11 20:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
    2014-08-11 07:35 - 2014-08-11 07:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
    2014-08-08 18:44 - 2014-08-08 20:35 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
    2014-08-07 06:31 - 2014-08-07 06:31 - 00000194 _____ () C:\Windows\wininit.ini
    2014-08-07 06:31 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
    2014-08-07 06:30 - 2014-08-07 06:30 - 00000000 ____D () C:\Program Files\Dropbox
    2014-08-07 06:29 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
    2014-08-06 15:24 - 2014-08-06 15:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-08-06 15:24 - 2014-08-06 15:24 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-20 06:39 - 2014-08-19 05:22 - 00000000 ____D () C:\FRST
    2014-08-20 06:31 - 2014-08-20 06:31 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
    2014-08-13 06:08 - 2014-08-13 06:08 - 00000000 __SHD () C:\found.001
    2014-08-12 20:24 - 2014-08-11 20:55 - 249359867 _____ () C:\Windows\MEMORY.DMP
    2014-08-12 05:56 - 2014-04-20 08:09 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\SoftDMA
    2014-08-12 05:56 - 2014-04-12 19:42 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\PowerCinema
    2014-08-12 05:56 - 2009-01-07 12:48 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\PlayMovie
    2014-08-12 05:56 - 2008-10-12 11:42 - 00000000 ____D () C:\users\Guest
    2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\spool
    2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\Msdtc
    2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
    2014-08-12 05:56 - 2006-11-02 11:22 - 48496640 _____ () C:\Windows\System32\config\software_previous
    2014-08-12 05:56 - 2006-11-02 11:22 - 39583744 _____ () C:\Windows\System32\config\system_previous
    2014-08-12 05:42 - 2006-11-02 11:22 - 45875200 _____ () C:\Windows\System32\config\components_previous
    2014-08-12 05:42 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous
    2014-08-12 05:27 - 2014-08-12 05:27 - 00000000 __SHD () C:\found.000
    2014-08-11 21:06 - 2008-10-03 19:33 - 00646048 _____ () C:\ProgramData\nvModes.001
    2014-08-11 20:55 - 2014-08-11 20:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
    2014-08-11 20:55 - 2014-06-25 19:45 - 00226414 _____ () C:\Windows\PFRO.log
    2014-08-11 20:55 - 2008-10-05 16:19 - 00000000 ____D () C:\Windows\Minidump
    2014-08-11 20:02 - 2008-10-03 19:32 - 00646048 _____ () C:\ProgramData\nvModes.dat
    2014-08-11 20:02 - 2008-10-03 19:05 - 01839533 _____ () C:\Windows\WindowsUpdate.log
    2014-08-11 20:01 - 2008-10-03 19:31 - 00000000 ____D () C:\users\NOTEBOOK
    2014-08-11 20:00 - 2014-01-24 17:59 - 00001837 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-08-11 19:57 - 2008-10-03 19:42 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
    2014-08-11 19:57 - 2008-04-25 07:16 - 00000147 _____ () C:\Windows\System32\agent.log
    2014-08-11 19:57 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-11 19:57 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-11 14:46 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\System32\config\default_previous
    2014-08-11 14:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\System32\config\security_previous
    2014-08-11 08:52 - 2009-02-18 19:38 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Skype
    2014-08-11 07:35 - 2014-08-11 07:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
    2014-08-10 08:41 - 2014-07-08 22:56 - 03148854 _____ () C:\Windows\Gaia Wallpaper Desktop.bmp
    2014-08-10 00:41 - 2008-10-04 14:53 - 00000012 _____ () C:\Windows\bthservsdp.dat
    2014-08-09 06:33 - 2008-01-21 07:47 - 01421554 _____ () C:\Windows\System32\PerfStringBackup.INI
    2014-08-08 20:41 - 2010-04-01 08:50 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
    2014-08-08 20:35 - 2014-08-08 18:44 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
    2014-08-08 20:32 - 2008-10-19 20:22 - 00247296 _____ () C:\Users\NOTEBOOK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-08-08 20:26 - 2010-04-01 08:59 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\Pinnacle
    2014-08-08 17:59 - 2008-10-30 00:08 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\vlc
    2014-08-07 06:31 - 2014-08-07 06:31 - 00000194 _____ () C:\Windows\wininit.ini
    2014-08-07 06:31 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
    2014-08-07 06:31 - 2014-08-07 06:29 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
    2014-08-07 06:30 - 2014-08-07 06:30 - 00000000 ____D () C:\Program Files\Dropbox
    2014-08-06 15:24 - 2014-08-06 15:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-08-06 15:24 - 2014-08-06 15:24 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
    2014-08-06 15:24 - 2014-01-24 17:35 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2014-08-06 15:24 - 2014-01-24 17:35 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
    2014-08-06 15:24 - 2014-01-24 17:35 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
    2014-08-06 15:24 - 2014-01-24 17:35 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
    2014-08-06 15:24 - 2014-01-24 17:35 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2014-08-06 15:24 - 2014-01-24 17:35 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2014-08-06 15:24 - 2014-01-24 17:35 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2014-08-06 15:24 - 2014-01-24 17:35 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
    2014-07-31 06:26 - 2014-06-25 19:50 - 00000789 _____ () C:\Windows\setupact.log

    ==================== Known DLLs (Whitelisted) ============


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 11%
    Total physical RAM: 4093.5 MB
    Available physical RAM: 3635.38 MB
    Total Pagefile: 3830.88 MB
    Available Pagefile: 3667.99 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1978.45 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:53.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (DATA) (Fixed) (Total:104.9 GB) (Free:102.82 GB) NTFS
    Drive e: (FRTMCFRE_CS_DVD) (CDROM) (Total:2.91 GB) (Free:0 GB) UDF
    Drive f: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4.18 GB) NTFS
    Drive g: (USB DISK) (Removable) (Total:57.58 GB) (Free:57.5 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 8854C7A8)
    Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
    Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 57.6 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=57.6 GB) - (Type=0C)


    LastRegBack: 2014-08-11 07:10

    ==================== End Of Log ============================
     
  7. metaathron

    metaathron TS Rookie Topic Starter

    Now I don't get it. The log seems to be like from another computer, but it isn't :-/
     
  8. Broni

    Broni Malware Annihilator Posts: 47,660   +267

    I'm not sure what you mean.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot into any mode.
     

    Attached Files:

  9. metaathron

    metaathron TS Rookie Topic Starter

    Once the OS was recognized as english Vista HP and once as czech Vista SP2. I will try Your fix after work (cca 15 UTC)
     
  10. metaathron

    metaathron TS Rookie Topic Starter

    No change yet :(
    FIXLOG:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-08-2014 01
    Ran by SYSTEM at 2014-08-28 17:23:04 Run:2
    Running from G:\
    Boot Mode: Recovery

    ==============================================

    Content of fixlist:
    *****************
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
    C:\Program Files\AVAST Software
    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-06] (AVAST Software)
    S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-06] ()
    C:\Windows\System32\Drivers\aswVmm.sys
    C:\Windows\system32\drivers\aswTdi.sys
    C:\Windows\system32\drivers\aswSP.sys
    C:\Windows\system32\drivers\aswSnx.sys
    C:\Windows\System32\Drivers\aswRvrt.sys
    C:\Windows\system32\drivers\aswRdr.sys
    C:\Windows\system32\drivers\aswMonFlt.sys
    C:\Windows\system32\drivers\aswHwid.sys
    2014-08-06 15:24 - 2014-08-06 15:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-08-11 20:00 - 2014-01-24 17:59 - 00001837 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-08-06 15:24 - 2014-08-06 15:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-08-06 15:24 - 2014-01-24 17:35 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2014-08-06 15:24 - 2014-01-24 17:35 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
    2014-08-06 15:24 - 2014-01-24 17:35 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
    2014-08-06 15:24 - 2014-01-24 17:35 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2014-08-06 15:24 - 2014-01-24 17:35 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2014-08-06 15:24 - 2014-01-24 17:35 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys

    *****************

    avast! Antivirus => Service deleted successfully.
    C:\Program Files\AVAST Software => Moved successfully.
    aswHwid => Service deleted successfully.
    aswMonFlt => Service deleted successfully.
    aswRdr => Service deleted successfully.
    aswRvrt => Service deleted successfully.
    aswSnx => Service deleted successfully.
    aswSP => Service deleted successfully.
    aswTdi => Service deleted successfully.
    aswVmm => Service deleted successfully.
    C:\Windows\System32\Drivers\aswVmm.sys => Moved successfully.
    C:\Windows\system32\drivers\aswTdi.sys => Moved successfully.
    C:\Windows\system32\drivers\aswSP.sys => Moved successfully.
    C:\Windows\system32\drivers\aswSnx.sys => Moved successfully.
    C:\Windows\System32\Drivers\aswRvrt.sys => Moved successfully.
    C:\Windows\system32\drivers\aswRdr.sys => Moved successfully.
    C:\Windows\system32\drivers\aswMonFlt.sys => Moved successfully.
    C:\Windows\system32\drivers\aswHwid.sys => Moved successfully.
    C:\Windows\avastSS.scr => Moved successfully.
    C:\Users\Public\Desktop\avast! Free Antivirus.lnk => Moved successfully.
    "C:\Windows\avastSS.scr" => File/Directory not found.
    "C:\Windows\System32\Drivers\aswSnx.sys" => File/Directory not found.
    "C:\Windows\System32\Drivers\aswsp.sys" => File/Directory not found.
    C:\Windows\System32\aswBoot.exe => Moved successfully.
    "C:\Windows\System32\Drivers\aswMonFlt.sys" => File/Directory not found.
    "C:\Windows\System32\Drivers\aswTdi.sys" => File/Directory not found.
    "C:\Windows\System32\Drivers\aswRdr.sys" => File/Directory not found.

    ==== End of Fixlog ====
     
  11. metaathron

    metaathron TS Rookie Topic Starter

    Nexr FRST:
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
    Ran by SYSTEM on MINWINPC on 28-08-2014 17:29:32
    Running from G:\
    Platform: WIN_VISTA Service Pack 2 (X86) OS Language: Čeština (Česká republika)
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    ATTENTION: Software hive is not loaded.
    BootExecute: autocheck autochk *

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)
    S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
    S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
    S2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3474432 2008-10-03] ()
    S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
    S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
    S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-10-24] ()
    S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-03] (Alfa Corporation)
    S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-01-28] ()
    S0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-22] (Glarysoft Ltd)
    S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
    S0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
    S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [65896 2013-07-25] (FTDI Ltd.)
    S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-09] (LogMeIn, Inc.)
    S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
    S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
    S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-01-28] ()
    S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
    S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-10-26] (Duplex Secure Ltd.)
    S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-20 06:31 - 2014-08-20 06:31 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
    2014-08-19 05:22 - 2014-08-28 17:23 - 00000000 ____D () C:\FRST
    2014-08-13 06:08 - 2014-08-13 06:08 - 00000000 __SHD () C:\found.001
    2014-08-12 05:27 - 2014-08-12 05:27 - 00000000 __SHD () C:\found.000
    2014-08-11 20:55 - 2014-08-12 20:24 - 249359867 _____ () C:\Windows\MEMORY.DMP
    2014-08-11 20:55 - 2014-08-11 20:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
    2014-08-11 07:35 - 2014-08-11 07:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
    2014-08-08 18:44 - 2014-08-08 20:35 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
    2014-08-07 06:31 - 2014-08-07 06:31 - 00000194 _____ () C:\Windows\wininit.ini
    2014-08-07 06:31 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
    2014-08-07 06:30 - 2014-08-07 06:30 - 00000000 ____D () C:\Program Files\Dropbox
    2014-08-07 06:29 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-28 17:23 - 2014-08-19 05:22 - 00000000 ____D () C:\FRST
    2014-08-20 06:31 - 2014-08-20 06:31 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
    2014-08-13 06:08 - 2014-08-13 06:08 - 00000000 __SHD () C:\found.001
    2014-08-12 20:24 - 2014-08-11 20:55 - 249359867 _____ () C:\Windows\MEMORY.DMP
    2014-08-12 05:56 - 2014-04-20 08:09 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\SoftDMA
    2014-08-12 05:56 - 2014-04-12 19:42 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\PowerCinema
    2014-08-12 05:56 - 2009-01-07 12:48 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\PlayMovie
    2014-08-12 05:56 - 2008-10-12 11:42 - 00000000 ____D () C:\users\Guest
    2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\spool
    2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\Msdtc
    2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
    2014-08-12 05:56 - 2006-11-02 11:22 - 48496640 _____ () C:\Windows\System32\config\software_previous
    2014-08-12 05:56 - 2006-11-02 11:22 - 39583744 _____ () C:\Windows\System32\config\system_previous
    2014-08-12 05:42 - 2006-11-02 11:22 - 45875200 _____ () C:\Windows\System32\config\components_previous
    2014-08-12 05:42 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous
    2014-08-12 05:27 - 2014-08-12 05:27 - 00000000 __SHD () C:\found.000
    2014-08-11 21:06 - 2008-10-03 19:33 - 00646048 _____ () C:\ProgramData\nvModes.001
    2014-08-11 20:55 - 2014-08-11 20:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
    2014-08-11 20:55 - 2014-06-25 19:45 - 00226414 _____ () C:\Windows\PFRO.log
    2014-08-11 20:55 - 2008-10-05 16:19 - 00000000 ____D () C:\Windows\Minidump
    2014-08-11 20:02 - 2008-10-03 19:32 - 00646048 _____ () C:\ProgramData\nvModes.dat
    2014-08-11 20:02 - 2008-10-03 19:05 - 01839533 _____ () C:\Windows\WindowsUpdate.log
    2014-08-11 20:01 - 2008-10-03 19:31 - 00000000 ____D () C:\users\NOTEBOOK
    2014-08-11 19:57 - 2008-10-03 19:42 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
    2014-08-11 19:57 - 2008-04-25 07:16 - 00000147 _____ () C:\Windows\System32\agent.log
    2014-08-11 19:57 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-11 19:57 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-11 14:46 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\System32\config\default_previous
    2014-08-11 14:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\System32\config\security_previous
    2014-08-11 08:52 - 2009-02-18 19:38 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Skype
    2014-08-11 07:35 - 2014-08-11 07:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
    2014-08-10 08:41 - 2014-07-08 22:56 - 03148854 _____ () C:\Windows\Gaia Wallpaper Desktop.bmp
    2014-08-10 00:41 - 2008-10-04 14:53 - 00000012 _____ () C:\Windows\bthservsdp.dat
    2014-08-09 06:33 - 2008-01-21 07:47 - 01421554 _____ () C:\Windows\System32\PerfStringBackup.INI
    2014-08-08 20:41 - 2010-04-01 08:50 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
    2014-08-08 20:35 - 2014-08-08 18:44 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
    2014-08-08 20:32 - 2008-10-19 20:22 - 00247296 _____ () C:\Users\NOTEBOOK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-08-08 20:26 - 2010-04-01 08:59 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\Pinnacle
    2014-08-08 17:59 - 2008-10-30 00:08 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\vlc
    2014-08-07 06:31 - 2014-08-07 06:31 - 00000194 _____ () C:\Windows\wininit.ini
    2014-08-07 06:31 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
    2014-08-07 06:31 - 2014-08-07 06:29 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
    2014-08-07 06:30 - 2014-08-07 06:30 - 00000000 ____D () C:\Program Files\Dropbox
    2014-07-31 06:26 - 2014-06-25 19:50 - 00000789 _____ () C:\Windows\setupact.log

    ==================== Known DLLs (Whitelisted) ============


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 11%
    Total physical RAM: 4093.5 MB
    Available physical RAM: 3632 MB
    Total Pagefile: 3830.88 MB
    Available Pagefile: 3665.86 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1971.48 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:53.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (DATA) (Fixed) (Total:104.9 GB) (Free:102.82 GB) NTFS
    Drive f: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4.18 GB) NTFS
    Drive g: (USB DISK) (Removable) (Total:57.58 GB) (Free:57.5 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 8854C7A8)
    Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
    Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 57.6 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=57.6 GB) - (Type=0C)


    LastRegBack: 2014-08-11 07:10

    ==================== End Of Log ============================
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,660   +267

    It used to get stuck on aswrvrt.sys.
    What happens now when you try to boot?
    Did you try to boot into safe mode as well?
     
  13. Broni

    Broni Malware Annihilator Posts: 47,660   +267

    Still with me?
     
  14. metaathron

    metaathron TS Rookie Topic Starter

    Well, now it is stuck on BootDefragDriver.sys while trying safe mode
     
  15. Broni

    Broni Malware Annihilator Posts: 47,660   +267

    Let's try to remove that one...

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     

    Attached Files:

  16. metaathron

    metaathron TS Rookie Topic Starter

    Now it's on crcdisk.sys :(
    FixLog:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-08-2014 01
    Ran by SYSTEM at 2014-09-02 19:18:31 Run:3
    Running from G:\
    Boot Mode: Recovery

    ==============================================

    Content of fixlist:
    *****************
    S0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-22] (Glarysoft Ltd)
    C:\Windows\System32\drivers\BootDefragDriver.sys
    *****************

    BootDefragDriver => Service deleted successfully.
    C:\Windows\System32\drivers\BootDefragDriver.sys => Moved successfully.

    ==== End of Fixlog ====
     
  17. metaathron

    metaathron TS Rookie Topic Starter

    And new FRST log:
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
    Ran by SYSTEM on MINWINPC on 02-09-2014 19:27:06
    Running from G:\
    Platform: WIN_VISTA Service Pack 2 (X86) OS Language: Čeština (Česká republika)
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    ATTENTION: Software hive is not loaded.
    BootExecute: autocheck autochk *

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [571288 2010-09-14] (Affinegy, Inc.)
    S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2009-04-16] ()
    S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
    S2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3474432 2008-10-03] ()
    S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
    S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
    S2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-10-24] ()
    S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2008-10-03] (Alfa Corporation)
    S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2012-01-28] ()
    S1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
    S0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
    S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [65896 2013-07-25] (FTDI Ltd.)
    S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2012-06-09] (LogMeIn, Inc.)
    S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
    S3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
    S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2012-01-28] ()
    S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
    S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-10-26] (Duplex Secure Ltd.)
    S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-20 06:31 - 2014-08-20 06:31 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
    2014-08-19 05:22 - 2014-09-02 19:18 - 00000000 ____D () C:\FRST
    2014-08-13 06:08 - 2014-08-13 06:08 - 00000000 __SHD () C:\found.001
    2014-08-12 05:27 - 2014-08-12 05:27 - 00000000 __SHD () C:\found.000
    2014-08-11 20:55 - 2014-08-12 20:24 - 249359867 _____ () C:\Windows\MEMORY.DMP
    2014-08-11 20:55 - 2014-08-11 20:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
    2014-08-11 07:35 - 2014-08-11 07:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
    2014-08-08 18:44 - 2014-08-08 20:35 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
    2014-08-07 06:31 - 2014-08-07 06:31 - 00000194 _____ () C:\Windows\wininit.ini
    2014-08-07 06:31 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
    2014-08-07 06:30 - 2014-08-07 06:30 - 00000000 ____D () C:\Program Files\Dropbox
    2014-08-07 06:29 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-02 19:18 - 2014-08-19 05:22 - 00000000 ____D () C:\FRST
    2014-08-20 06:31 - 2014-08-20 06:31 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
    2014-08-13 06:08 - 2014-08-13 06:08 - 00000000 __SHD () C:\found.001
    2014-08-12 20:24 - 2014-08-11 20:55 - 249359867 _____ () C:\Windows\MEMORY.DMP
    2014-08-12 05:56 - 2014-04-20 08:09 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\SoftDMA
    2014-08-12 05:56 - 2014-04-12 19:42 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\PowerCinema
    2014-08-12 05:56 - 2009-01-07 12:48 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\PlayMovie
    2014-08-12 05:56 - 2008-10-12 11:42 - 00000000 ____D () C:\users\Guest
    2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\spool
    2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\System32\Msdtc
    2014-08-12 05:56 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
    2014-08-12 05:56 - 2006-11-02 11:22 - 48496640 _____ () C:\Windows\System32\config\software_previous
    2014-08-12 05:56 - 2006-11-02 11:22 - 39583744 _____ () C:\Windows\System32\config\system_previous
    2014-08-12 05:42 - 2006-11-02 11:22 - 45875200 _____ () C:\Windows\System32\config\components_previous
    2014-08-12 05:42 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous
    2014-08-12 05:27 - 2014-08-12 05:27 - 00000000 __SHD () C:\found.000
    2014-08-11 21:06 - 2008-10-03 19:33 - 00646048 _____ () C:\ProgramData\nvModes.001
    2014-08-11 20:55 - 2014-08-11 20:55 - 00000000 _____ () C:\Windows\Minidump\Mini081114-01.dmp
    2014-08-11 20:55 - 2014-06-25 19:45 - 00226414 _____ () C:\Windows\PFRO.log
    2014-08-11 20:55 - 2008-10-05 16:19 - 00000000 ____D () C:\Windows\Minidump
    2014-08-11 20:02 - 2008-10-03 19:32 - 00646048 _____ () C:\ProgramData\nvModes.dat
    2014-08-11 20:02 - 2008-10-03 19:05 - 01839533 _____ () C:\Windows\WindowsUpdate.log
    2014-08-11 20:01 - 2008-10-03 19:31 - 00000000 ____D () C:\users\NOTEBOOK
    2014-08-11 19:57 - 2008-10-03 19:42 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml
    2014-08-11 19:57 - 2008-04-25 07:16 - 00000147 _____ () C:\Windows\System32\agent.log
    2014-08-11 19:57 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-11 19:57 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-11 14:46 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\System32\config\default_previous
    2014-08-11 14:46 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\System32\config\security_previous
    2014-08-11 08:52 - 2009-02-18 19:38 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Skype
    2014-08-11 07:35 - 2014-08-11 07:35 - 00000000 ___RD () C:\Users\NOTEBOOK\Desktop\Počítač – zástupce
    2014-08-10 08:41 - 2014-07-08 22:56 - 03148854 _____ () C:\Windows\Gaia Wallpaper Desktop.bmp
    2014-08-10 00:41 - 2008-10-04 14:53 - 00000012 _____ () C:\Windows\bthservsdp.dat
    2014-08-09 06:33 - 2008-01-21 07:47 - 01421554 _____ () C:\Windows\System32\PerfStringBackup.INI
    2014-08-08 20:41 - 2010-04-01 08:50 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
    2014-08-08 20:35 - 2014-08-08 18:44 - 00000000 ____D () C:\Users\NOTEBOOK\Desktop\foto
    2014-08-08 20:32 - 2008-10-19 20:22 - 00247296 _____ () C:\Users\NOTEBOOK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-08-08 20:26 - 2010-04-01 08:59 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Local\Pinnacle
    2014-08-08 17:59 - 2008-10-30 00:08 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\vlc
    2014-08-07 06:31 - 2014-08-07 06:31 - 00000194 _____ () C:\Windows\wininit.ini
    2014-08-07 06:31 - 2014-08-07 06:31 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\DropboxMaster
    2014-08-07 06:31 - 2014-08-07 06:29 - 00000000 ____D () C:\Users\NOTEBOOK\AppData\Roaming\Dropbox
    2014-08-07 06:30 - 2014-08-07 06:30 - 00000000 ____D () C:\Program Files\Dropbox

    ==================== Known DLLs (Whitelisted) ============


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 11%
    Total physical RAM: 4093.5 MB
    Available physical RAM: 3638.41 MB
    Total Pagefile: 3832.83 MB
    Available Pagefile: 3670.89 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1978.45 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:111.44 GB) (Free:53.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (DATA) (Fixed) (Total:104.9 GB) (Free:102.84 GB) NTFS
    Drive f: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4.18 GB) NTFS
    Drive g: (USB DISK) (Removable) (Total:57.58 GB) (Free:57.5 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 8854C7A8)
    Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
    Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=104.9 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 57.6 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=57.6 GB) - (Type=0C)


    LastRegBack: 2014-08-11 07:10

    ==================== End Of Log ============================
     
  18. Broni

    Broni Malware Annihilator Posts: 47,660   +267

    This is not good.
    You may have hard drive problem.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.