TechSpot

Stuck on starting windows screen

By skee357
Oct 23, 2014
  1. Pc is stuck on Starting Windows Screen
    Windows 7 Home Premium 32-bit
    Sony Vaio.
    I cannot get into safe mode and the repair gives a 0x45d code
     
  2. Broni

    Broni Malware Annihilator Posts: 52,884   +344

  3. skee357

    skee357 TS Rookie Topic Starter Posts: 59

    I do apologize for running out on you but I had a short notice overseas assignment/ contract with the army and I just returned a few weeks ago.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Forgiven but It can't happen again :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
    NOTE 2. Install Panda USB Vaccine, or BitDefenderā€™s USB Immunizer on GOOD computer to protect it from any infected USB device.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note:
      Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  5. skee357

    skee357 TS Rookie Topic Starter Posts: 59

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2014
    Ran by SYSTEM on MININT-I60PB8O on 23-10-2014 17:33:10
    Running from f:\
    Platform: Windows 7 Home Premium (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-10-31] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1873192 2010-10-31] (Synaptics Incorporated)
    HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
    HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
    HKLM\...\Run: [iBryte browseforchange Desktop] => C:\Program Files\iBryte\browseforchange\ibrytedesktop.exe [163840 2012-03-25] (iBryte)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1573576 2012-10-29] (Ask)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
    HKLM\...\Run: [ShopAtHomeWatcher] => C:\Users\CupC@ke\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [128656 2014-01-14] (ShopAtHome.com)
    HKLM\...\Run: [ShopAtHomeUpdater] => C:\Users\CupC@ke\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [201872 2014-01-14] (ShopAtHome.com)
    HKLM\...\Run: [RegWork] => C:\Program Files\RegWork\RegWork.exe [13964416 2012-08-16] (Honlyn (Macao Commercial Offshore) Limited)

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-05-24] (Advanced Micro Devices, Inc.)
    S2 NIS; C:\Program Files\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [138760 2011-05-24] (Symantec Corporation)
    S2 Oasis2Service; C:\Program Files\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.)
    S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [189048 2011-01-29] (Sony Corporation)
    S2 uCamMonitor; C:\Program Files\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
    S2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [64704 2011-03-05] (Sony Corporation)
    S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [549616 2011-05-19] (Sony Corporation)
    S3 VcmINSMgr; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [385336 2011-02-18] (Sony Corporation)
    S3 VCService; C:\Program Files\Sony\VAIO Care\VCService.exe [44736 2011-02-14] (Sony Corporation)
    S2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [866952 2011-07-04] (Sony Corporation)
    S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [792248 2011-03-30] (Sony Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [64128 2011-02-17] (Advanced Micro Devices)
    S0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [32384 2011-02-17] (Advanced Micro Devices)
    S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2009-05-26] (ArcSoft, Inc.)
    S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx86.sys [810616 2011-05-13] (Symantec Corporation)
    S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-10-31] (Broadcom Corporation.)
    S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1300000.080\ccSetx86.sys [131208 2011-05-23] (Symantec Corporation)
    S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSVix86.sys [367736 2011-05-13] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110519.002\NAVENG.SYS [86008 2011-05-18] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110519.002\NAVEX15.SYS [1542392 2011-05-18] (Symantec Corporation)
    S3 SRTSP; C:\Windows\system32\drivers\NIS\1300000.080\SRTSP.SYS [561272 2011-05-20] (Symantec Corporation)
    S1 SRTSPX; C:\Windows\system32\drivers\NIS\1300000.080\SRTSPX.SYS [31864 2011-05-20] (Symantec Corporation)
    S0 SymDS; C:\Windows\System32\drivers\NIS\1300000.080\SYMDS.SYS [340088 2011-05-16] (Symantec Corporation)
    S0 SymEFA; C:\Windows\System32\drivers\NIS\1300000.080\SYMEFA.SYS [897656 2011-05-16] (Symantec Corporation)
    S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [127096 2012-01-06] (Symantec Corporation)
    S1 SymIRON; C:\Windows\system32\drivers\NIS\1300000.080\Ironx86.SYS [149624 2011-05-16] (Symantec Corporation)
    S1 SymNetS; C:\Windows\system32\drivers\NIS\1300000.080\SYMNETS.SYS [310392 2011-05-09] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  6. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    This is not a full log.
     
  7. skee357

    skee357 TS Rookie Topic Starter Posts: 59

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2014
    Ran by SYSTEM on MININT-I60PB8O on 23-10-2014 17:53:16
    Running from f:\
    Platform: Windows 7 Home Premium (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-10-31] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1873192 2010-10-31] (Synaptics Incorporated)
    HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
    HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
    HKLM\...\Run: [iBryte browseforchange Desktop] => C:\Program Files\iBryte\browseforchange\ibrytedesktop.exe [163840 2012-03-25] (iBryte)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1573576 2012-10-29] (Ask)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
    HKLM\...\Run: [ShopAtHomeWatcher] => C:\Users\CupC@ke\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [128656 2014-01-14] (ShopAtHome.com)
    HKLM\...\Run: [ShopAtHomeUpdater] => C:\Users\CupC@ke\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [201872 2014-01-14] (ShopAtHome.com)
    HKLM\...\Run: [RegWork] => C:\Program Files\RegWork\RegWork.exe [13964416 2012-08-16] (Honlyn (Macao Commercial Offshore) Limited)

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-05-24] (Advanced Micro Devices, Inc.)
    S2 NIS; C:\Program Files\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [138760 2011-05-24] (Symantec Corporation)
    S2 Oasis2Service; C:\Program Files\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.)
    S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [189048 2011-01-29] (Sony Corporation)
    S2 uCamMonitor; C:\Program Files\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
    S2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [64704 2011-03-05] (Sony Corporation)
    S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [549616 2011-05-19] (Sony Corporation)
    S3 VcmINSMgr; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [385336 2011-02-18] (Sony Corporation)
    S3 VCService; C:\Program Files\Sony\VAIO Care\VCService.exe [44736 2011-02-14] (Sony Corporation)
    S2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [866952 2011-07-04] (Sony Corporation)
    S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [792248 2011-03-30] (Sony Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [64128 2011-02-17] (Advanced Micro Devices)
    S0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [32384 2011-02-17] (Advanced Micro Devices)
    S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2009-05-26] (ArcSoft, Inc.)
    S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx86.sys [810616 2011-05-13] (Symantec Corporation)
    S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-10-31] (Broadcom Corporation.)
    S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1300000.080\ccSetx86.sys [131208 2011-05-23] (Symantec Corporation)
    S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSVix86.sys [367736 2011-05-13] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110519.002\NAVENG.SYS [86008 2011-05-18] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110519.002\NAVEX15.SYS [1542392 2011-05-18] (Symantec Corporation)
    S3 SRTSP; C:\Windows\system32\drivers\NIS\1300000.080\SRTSP.SYS [561272 2011-05-20] (Symantec Corporation)
    S1 SRTSPX; C:\Windows\system32\drivers\NIS\1300000.080\SRTSPX.SYS [31864 2011-05-20] (Symantec Corporation)
    S0 SymDS; C:\Windows\System32\drivers\NIS\1300000.080\SYMDS.SYS [340088 2011-05-16] (Symantec Corporation)
    S0 SymEFA; C:\Windows\System32\drivers\NIS\1300000.080\SYMEFA.SYS [897656 2011-05-16] (Symantec Corporation)
    S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [127096 2012-01-06] (Symantec Corporation)
    S1 SymIRON; C:\Windows\system32\drivers\NIS\1300000.080\Ironx86.SYS [149624 2011-05-16] (Symantec Corporation)
    S1 SymNetS; C:\Windows\system32\drivers\NIS\1300000.080\SYMNETS.SYS [310392 2011-05-09] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-17 19:33 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2014-10-17 19:33 - 2014-09-28 16:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2014-10-17 19:33 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2014-10-17 19:33 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2014-10-17 19:33 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2014-10-17 19:33 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2014-10-17 19:33 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2014-10-17 19:33 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2014-10-17 19:33 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2014-10-17 19:33 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2014-10-17 19:33 - 2014-09-18 17:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
    2014-10-17 19:33 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2014-10-17 19:33 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2014-10-17 19:33 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
    2014-10-17 19:33 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
    2014-10-17 19:33 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2014-10-17 19:33 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2014-10-17 19:33 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2014-10-17 19:33 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2014-10-17 19:33 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2014-10-17 19:33 - 2014-09-18 16:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
    2014-10-17 19:33 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
    2014-10-17 19:33 - 2014-09-18 16:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-10-17 19:33 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-10-17 19:33 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2014-10-17 19:33 - 2014-09-18 16:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2014-10-17 19:33 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2014-10-17 19:33 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
    2014-10-17 19:33 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2014-10-17 19:33 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2014-10-17 19:33 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2014-10-17 19:32 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\System32\dfshim.dll
    2014-10-17 19:32 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\System32\mscorier.dll
    2014-10-17 19:32 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\System32\mscories.dll
    2014-10-17 19:31 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
    2014-10-17 19:15 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
    2014-10-17 19:15 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2014-10-17 19:15 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2014-10-17 19:15 - 2014-07-16 17:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
    2014-10-17 19:14 - 2014-07-16 17:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
    2014-10-17 19:14 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2014-10-17 19:14 - 2014-07-16 17:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2014-10-17 19:14 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
    2014-10-17 19:14 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
    2014-10-17 19:14 - 2014-07-16 17:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2014-10-17 19:14 - 2014-07-16 17:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
    2014-10-17 19:13 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
    2014-10-15 21:31 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
    2014-10-01 04:34 - 2014-09-24 17:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2014-09-23 22:56 - 2014-09-09 13:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-18 21:59 - 2012-01-06 17:40 - 01492016 _____ () C:\Windows\WindowsUpdate.log
    2014-10-18 21:51 - 2014-09-19 06:17 - 00016800 _____ () C:\Windows\setupact.log
    2014-10-18 21:46 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-10-18 21:41 - 2009-07-13 20:34 - 00020608 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-18 21:41 - 2009-07-13 20:34 - 00020608 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-18 21:30 - 2010-11-20 13:01 - 00783360 _____ () C:\Windows\System32\PerfStringBackup.INI
    2014-10-18 21:12 - 2012-11-11 20:58 - 00000000 ____D () C:\Program Files\Google
    2014-10-18 01:27 - 2009-07-13 20:33 - 00289480 _____ () C:\Windows\System32\FNTCACHE.DAT
    2014-10-05 14:18 - 2014-05-01 22:06 - 00089272 _____ () C:\test.xml
    2014-09-24 06:35 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\rescache
    2014-09-24 00:01 - 2014-02-08 14:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2014-09-24 00:01 - 2014-02-08 14:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

    ==================== Known DLLs (Whitelisted) ============


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe
    [2014-10-17 19:14] - [2014-07-16 17:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870

    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 23%
    Total physical RAM: 1642.9 MB
    Available physical RAM: 1250.29 MB
    Total Pagefile: 1642.9 MB
    Available Pagefile: 1254.63 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1947.32 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:288.78 GB) (Free:252.85 GB) NTFS
    Drive e: (Recovery) (Fixed) (Total:9.22 GB) (Free:1.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (FreeAgent Drive) (Fixed) (Total:298.09 GB) (Free:245.95 GB) NTFS
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B887C805)
    Partition 1: (Not Active) - (Size=9.2 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=288.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 298.1 GB) (Disk ID: A4B57300)
    Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)


    LastRegBack: 2014-10-10 21:17

    ==================== End Of Log ============================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Re-run FRST again.
    Type the following in the edit box after "Search Files:".

    winlogon.exe

    Click Search button and post the log (Search.txt) it makes in your reply.
     
  9. skee357

    skee357 TS Rookie Topic Starter Posts: 59

    Farbar Recovery Scan Tool (x86) Version: 22-10-2014
    Ran by SYSTEM at 2014-10-23 18:09:40
    Running from f:\
    Boot Mode: Recovery

    ================== Search: "winlogon.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
    [2014-10-17 19:14][2014-07-15 18:56] 0304640 ____A (Microsoft Corporation) 4F37B93C14AEE313BEC52A23AFB15C2E

    C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
    [2014-05-14 20:27][2014-03-04 02:39] 0304640 ____A (Microsoft Corporation) D53972F87D850CD2EB4B29B60CAFDD77

    C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
    [2014-10-17 19:14][2014-07-16 17:39] 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870

    C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
    [2014-05-14 20:27][2014-03-04 01:17] 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

    C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2010-11-20 13:29][2010-11-20 13:29] 0286720 ____A (Microsoft Corporation) 6D13E1406F50C66E2A95D97F22C47560

    C:\Windows\System32\winlogon.exe
    [2014-10-17 19:14][2014-07-16 17:39] 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870

    X:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
    [2009-07-13 15:37][2009-07-13 17:14] 0285696 ____A (Microsoft Corporation) 8EC6A4AB12B8F3759E21F8E3A388F2CF

    X:\Windows\System32\winlogon.exe
    [2009-07-13 15:37][2009-07-13 17:14] 0285696 ____A (Microsoft Corporation) 8EC6A4AB12B8F3759E21F8E3A388F2CF

    === End Of Search ===
     
  10. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    We have two possible fixes here.
    Let's see if any of them will work.

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    See if you can boot normally.
     

    Attached Files:

  11. skee357

    skee357 TS Rookie Topic Starter Posts: 59

    Just double checking but I should be running the 32-bit version not the 64-bit right?
     
  12. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Yes.
     
  13. skee357

    skee357 TS Rookie Topic Starter Posts: 59

    When system restarted it went automatically into repair but could not repair



    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-10-2014
    Ran by SYSTEM at 2014-10-23 18:45:22 Run:1
    Running from f:\
    Boot Mode: Recovery

    ==============================================

    Content of fixlist:
    *****************
    HKLM\...\Run: [] => [X]
    LastRegBack: 2014-10-10 21:17
    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    Could not copy DEFAULT hive.
    DEFAULT hive was successfully restored from registry back up.
    Could not copy SAM hive.
    SAM hive was successfully restored from registry back up.
    Could not copy SECURITY hive.
    Could not restore SECURITY hive from registry back up.
    Could not copy SOFTWARE hive.
    Could not restore SOFTWARE hive from registry back up.
    Could not copy SYSTEM hive.
    Could not restore SYSTEM hive from registry back up.

    ==== End of Fixlog ====
     
  14. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    We don't have any malware problem here.

    I suspect you may have hard drive issue.
    We tried to restore your computer to the state when the computer booted successfully for the last time (2014-10-10) but as you can see from fixlog some items "was successfully restored" but some others "Could not restore"/"Could not copy".
    Any other restore points are missing as well.


    You can try to start another topic in hardware or Windows forum.

    I'm sorry I couldn't help.
     
  15. skee357

    skee357 TS Rookie Topic Starter Posts: 59

    Ok thanks
     
  16. Broni

    Broni Malware Annihilator Posts: 52,884   +344

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...