TechSpot

Windows has encountered a critical error and will shutdown in one minute

Solved
By Daniel Riley
Aug 7, 2012
Topic Status:
Not open for further replies.
  1. This error comes up on my desktop running Windows 7 x64 Professional. I turn on my computer and it runs for about 1 minute before I get this error message, which restarts my computer. I believe it is microsoft security essentials that is causing this error because it only started happening when I asked it to scan my computer (and it tries scanning every time I turn on my computer).

    I've downloaded Kapersky Rescue Disc 10 and already ran it and scanned my computer and was able to remove several other viruses, but unfortunately this is still occurring when I turn on my computer.

    I have read other threads on here but Ididn't just want to follow what was done with theirs as my case might be different.

    Many thanks in advance for any help that can be offered.
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
  3. Daniel Riley

    Daniel Riley TS Rookie Topic Starter Posts: 25

    I did what you said but after choosing to repair my comp I go straight to a screen where it asks if I would like to restore my comp to an earlier time or cancel but I can't choose either option. Neither my keyboard or mouse work.
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's work with a different method, please...

    • Download OTLPENet.exe to your desktop
    • Download Farbar Recovery Scan Tool and save it to a flash drive.
    • Ensure that you have a blank CD in the drive
    • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
    • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
    • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads [​IMG]
    • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
    • Insert the flash drive with FRST on it
    • Locate the flash drive and run FSRT
    • The tool will start to run.
    [​IMG]
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  5. Daniel Riley

    Daniel Riley TS Rookie Topic Starter Posts: 25

    hey. thanks for all your help so far. I have tried to load reatogo on my comp now three times and every time I get the blue screen of death :(
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    What options were selected in Kaspersky Rescue Disc when you were able to run it?

    Are there more options available?
  7. Daniel Riley

    Daniel Riley TS Rookie Topic Starter Posts: 25

    yeah as far as I remember I got to the full kapersky desktop and just ran the scan. you want me to do it again?
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Try it once more, let's see how it works...
  9. Daniel Riley

    Daniel Riley TS Rookie Topic Starter Posts: 25

    Hi I'm scanning it now. However it won't connect to the Internet and so can't update databases and says they are obsolete. Do you think buying a wired keyboard and mouse might help me with the repair windows?
  10. Daniel Riley

    Daniel Riley TS Rookie Topic Starter Posts: 25

    did the scan again. says it picked up two viruses but no option to delete them. or quarantine. can get into console on here though if that helps?
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Go into Repair your computer again, and choose to Restore to an earlier time... and go ahead and pick out the second most recent Restore Point. Do the restore as such, and let me know if it will boot.
     
  12. Daniel Riley

    Daniel Riley TS Rookie Topic Starter Posts: 25

    Hi. I tRied this once but it won't let me choose any of the options. Mouse and keyboard don't work and I can just see the option to repair
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    At this point, seeing that there is high system damage, there is no choice but to reformat your hard drive and reinstall your operating system.

    Do you have your OEM discs such as operating system install, recovery discs, etc?

    If not, what is the make/model of your system?
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    What is the update?
  15. Daniel Riley

    Daniel Riley TS Rookie Topic Starter Posts: 25

    hI. I built the pc myself. so I don't have oem disks. but even if I did, I can't use my keyboard and mouse when it enters the repair or restore screens. they just don't work. is there no other options for getting this fixed? I have literally no idea how I would even wipe the hard drive at this point
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Eek! I think you may be able to get by with the following solutions (try each out)...
    1. If you're able to boot for at least a few minutes in to the operating system, do the following quickly:

      Quickly right-click on the Desktop, select New > Text Document. Click File > Save as, enter in blah in to the file name box and get it saved to the Desktop. (By this time, it might be restarting already). If you have to reboot in to the system, no biggie. The text file should be there. Right-click on the new text file, select Rename, and erase all the text. Enter in saveme.bat. Once that's done, it might be wanting to restart again. Boot back to the system again, if needed. Right-click on the saveme.bat and select edit.

      Enter the following in to the file (press enter after each line) and hit File > Save:

      shutdown /a
      shutdown /t 315360000
      exit

      Once done, exit the editor. Double-click on the file. The reboot problem should be solved (at least temporarily).

      If it is solved, do the following right away:

      ComboFix

      Please download ComboFix[​IMG] by sUBs
      From BleepingComputer.com

      Please save the file to your Desktop, but rename it first to svchost.exe

      Important information about ComboFix

      Before the download:
      • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
      • It is important to rename ComboFix before the download.
      • Please do not rename ComboFix to other names, but only the one indicated.
      After the download:
      • Close any open browsers.
      • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
      • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
      Running ComboFix:
      • Double click on svchost.exe & follow the prompts.
      • It will attempt to install the Recovery Console:
      • When ComboFix finishes, it will produce a report for you.
      • Please post the "C:\Combo-Fix.txt" in your next reply.
      Troubleshooting ComboFix

      Safe Mode:

      If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

      (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
      logo appears. A list of options will appear, select "Safe Mode.")

      Re-downloading:

      If this doesn't work either, try the same method (above method), but try to download it again, except name
      ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

      Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

      NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

      If that doesn't work, move on to Step 2 below.
    2. Do you have PS/2 slots in the back of your computer? See if you can get an old PS/2 keyboard and/or mouse from somebody, whether friend, family, or see if a computer shop will allow you to borrow one. If it is a classic repair shop or a more amateur repair shop, they might just have one in stock for a very cheap price. If you can find one of these, try it out. BIOS system automatically recognize PS/2 connectivity no matter what.
  17. Daniel Riley

    Daniel Riley TS Rookie Topic Starter Posts: 25

    HI,

    it didn't work sadly. and I don't have ps/2 slots. when I enter bios it does recognise the wireless mouse and keyboard though. is there anything in bios that I can do to wipe the system clean?
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Probably not. Can you get a wired keyboard and mouse? If the device drivers aren't loading properly on boot, it won't recognize the wireless keyboard/mouse.
  19. Daniel Riley

    Daniel Riley TS Rookie Topic Starter Posts: 25

    Ok I got a wired keyboard. going to do everything you have told me. tried the keyboard and it works but have to go to work and then will do it. I'll leave it loading while I go.
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    If it gets loading, we'll be working with FRST, probably.
  21. Daniel Riley

    Daniel Riley TS Rookie Topic Starter Posts: 25

    It worked! I left it to fix and the computer starts up now I can do everything on it. ok so what do I do next... just to let you know the firewall isn't working
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How is working FRST? Go ahead and try that first, please. :)
  23. Daniel Riley

    Daniel Riley TS Rookie Topic Starter Posts: 25

    I nkow you will be mad but I downloaded some malware scanners so that I don't have this problem again and they ran. Pleaze don't shout

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-08-2012
    Ran by dandadandan at 02-09-2012 18:33:59
    Running from E:\
    Service Pack 1 (X64) OS Language: English(US)
    Attention: Could not load system hive.The operation completed successfully.

    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


    ============ One Month Created Files and Folders ==============

    2012-09-02 18:33 - 2012-09-02 18:33 - 00000000 ____D C:\FRST
    2012-09-01 17:00 - 2012-09-02 18:32 - 00000112 ____A C:\Windows\setupact.log
    2012-09-01 17:00 - 2012-09-01 17:00 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-01 16:59 - 2012-09-01 16:59 - 00176940 ____A C:\Users\dandadandan\Downloads\BFE.reg
    2012-09-01 16:58 - 2012-09-01 16:58 - 00006396 ____A C:\Users\dandadandan\Downloads\MpsSvc.reg
    2012-09-01 16:46 - 2012-09-02 01:44 - 00004044 ____A C:\Windows\WindowsUpdate.log
    2012-09-01 16:43 - 2012-09-01 16:43 - 00109932 ____A C:\Users\dandadandan\Documents\cc_20120901_164317.reg
    2012-09-01 16:43 - 2012-09-01 16:43 - 00001314 ____A C:\Users\dandadandan\Documents\cc_20120901_164330.reg
    2012-09-01 16:41 - 2012-09-01 16:41 - 03927560 ____A (Piriform Ltd) C:\Users\dandadandan\Downloads\ccsetup322 (3).exe
    2012-09-01 16:41 - 2012-09-01 16:41 - 03927560 ____A (Piriform Ltd) C:\Users\dandadandan\Downloads\ccsetup322 (2).exe
    2012-09-01 16:41 - 2012-09-01 16:41 - 03927560 ____A (Piriform Ltd) C:\Users\dandadandan\Downloads\ccsetup322 (1).exe
    2012-09-01 16:41 - 2012-09-01 16:41 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-09-01 16:41 - 2012-09-01 16:41 - 00000000 ____D C:\Program Files\CCleaner
    2012-09-01 16:40 - 2012-09-01 16:57 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-09-01 16:40 - 2012-09-01 16:45 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2012-09-01 16:40 - 2012-09-01 16:41 - 03927560 ____A (Piriform Ltd) C:\Users\dandadandan\Downloads\ccsetup322.exe
    2012-09-01 16:40 - 2012-09-01 16:40 - 00001262 ____A C:\Users\dandadandan\Desktop\Spybot - Search & Destroy.lnk
    2012-09-01 16:39 - 2012-09-01 16:39 - 16409960 ____A (Safer Networking Limited ) C:\Users\dandadandan\Downloads\spybotsd162.exe
    2012-09-01 06:22 - 2012-09-01 06:22 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-01 06:22 - 2012-09-01 06:22 - 00000000 ____D C:\Users\dandadandan\AppData\Roaming\Malwarebytes
    2012-09-01 06:22 - 2012-09-01 06:22 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-01 06:22 - 2012-09-01 06:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-01 06:21 - 2012-09-01 06:21 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\dandadandan\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-29 21:27 - 2012-08-29 21:29 - 00000038 ____A C:\Users\dandadandan\Desktop\saveme.bat
    2012-08-29 21:22 - 2012-08-29 21:22 - 00000000 ____A C:\Users\dandadandan\Desktop\blah.txt
    2012-08-20 05:33 - 2012-08-20 05:33 - 04024320 ____A C:\Program Files (x86)\GUTF6CD.tmp
    2012-08-20 05:33 - 2012-08-20 05:33 - 00000000 ____D C:\Program Files (x86)\GUMF6AD.tmp

    ============ 3 Months Modified Files ========================

    2012-09-02 18:33 - 2011-04-05 11:40 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
    2012-09-02 18:32 - 2012-09-01 17:00 - 00000112 ____A C:\Windows\setupact.log
    2012-09-02 18:32 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-02 02:57 - 2011-05-18 04:31 - 00000278 ____A C:\Windows\Tasks\RMSchedule.job
    2012-09-02 02:38 - 2005-01-02 01:25 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2694974181-1940623718-3779438024-1000UA.job
    2012-09-02 02:04 - 2012-06-11 00:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-02 01:44 - 2012-09-01 16:46 - 00004044 ____A C:\Windows\WindowsUpdate.log
    2012-09-01 17:00 - 2012-09-01 17:00 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-01 16:59 - 2012-09-01 16:59 - 00176940 ____A C:\Users\dandadandan\Downloads\BFE.reg
    2012-09-01 16:58 - 2012-09-01 16:58 - 00006396 ____A C:\Users\dandadandan\Downloads\MpsSvc.reg
    2012-09-01 16:43 - 2012-09-01 16:43 - 00109932 ____A C:\Users\dandadandan\Documents\cc_20120901_164317.reg
    2012-09-01 16:43 - 2012-09-01 16:43 - 00001314 ____A C:\Users\dandadandan\Documents\cc_20120901_164330.reg
    2012-09-01 16:41 - 2012-09-01 16:41 - 03927560 ____A (Piriform Ltd) C:\Users\dandadandan\Downloads\ccsetup322 (3).exe
    2012-09-01 16:41 - 2012-09-01 16:41 - 03927560 ____A (Piriform Ltd) C:\Users\dandadandan\Downloads\ccsetup322 (2).exe
    2012-09-01 16:41 - 2012-09-01 16:41 - 03927560 ____A (Piriform Ltd) C:\Users\dandadandan\Downloads\ccsetup322 (1).exe
    2012-09-01 16:41 - 2012-09-01 16:41 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-09-01 16:41 - 2012-09-01 16:40 - 03927560 ____A (Piriform Ltd) C:\Users\dandadandan\Downloads\ccsetup322.exe
    2012-09-01 16:40 - 2012-09-01 16:40 - 00001262 ____A C:\Users\dandadandan\Desktop\Spybot - Search & Destroy.lnk
    2012-09-01 16:39 - 2012-09-01 16:39 - 16409960 ____A (Safer Networking Limited ) C:\Users\dandadandan\Downloads\spybotsd162.exe
    2012-09-01 06:22 - 2012-09-01 06:22 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-01 06:21 - 2012-09-01 06:21 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\dandadandan\Downloads\mbam-setup-1.62.0.1300.exe
    2012-09-01 05:38 - 2005-01-02 01:25 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2694974181-1940623718-3779438024-1000Core.job
    2012-08-31 20:04 - 2012-06-11 00:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-31 20:04 - 2012-06-11 00:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-31 20:04 - 2011-07-12 22:47 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-31 20:04 - 2011-07-12 22:47 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-29 21:29 - 2012-08-29 21:27 - 00000038 ____A C:\Users\dandadandan\Desktop\saveme.bat
    2012-08-29 21:22 - 2012-08-29 21:22 - 00000000 ____A C:\Users\dandadandan\Desktop\blah.txt
    2012-08-20 05:33 - 2012-08-20 05:33 - 04024320 ____A C:\Program Files (x86)\GUTF6CD.tmp
    2012-07-20 00:54 - 2012-07-20 00:54 - 00384844 ____A C:\Users\dandadandan\AppData\Local\funmoods-speeddial.crx
    2012-07-20 00:54 - 2012-07-20 00:54 - 00031465 ____A C:\Users\dandadandan\AppData\Local\funmoods.crx
    2012-07-20 00:54 - 2012-07-12 23:46 - 00385784 ____A (Proland Software) C:\Users\dandadandan\Downloads\cleanshutdowner.exe
    2012-07-12 23:46 - 2012-07-12 23:46 - 00000237 ____A C:\user.js
    2012-07-12 22:55 - 2012-07-12 22:52 - 72334880 ____A (Microsoft Corporation) C:\Users\dandadandan\Downloads\msert.exe
    2012-07-12 22:48 - 2011-08-10 03:30 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-12 22:48 - 2011-04-07 21:17 - 00005348 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-12 22:48 - 2011-04-07 21:17 - 00005348 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-12 22:47 - 2012-07-12 22:46 - 12621696 ____A (Microsoft Corporation) C:\Users\dandadandan\Downloads\mseinstall.exe
    2012-07-11 03:10 - 2012-07-08 15:05 - 533378739 ____A C:\Users\dandadandan\Downloads\True.Blood.S05E04.HDTV.x264-ASAP.mp4
    2012-07-11 02:37 - 2012-07-11 01:31 - 442039719 ____A C:\Users\dandadandan\Downloads\True.Blood.S05E05.HDTV.x264-ASAP.mp4
    2012-07-11 00:55 - 2012-07-10 23:27 - 351741224 ____A C:\Users\dandadandan\Downloads\Chastity Lynn.avi
    2012-07-11 00:04 - 2012-07-10 23:28 - 633081334 ____A C:\Users\dandadandan\Downloads\21997_Ariel X_Roxy Raye_Chastity Lynn.wmv
    2012-07-08 15:14 - 2012-07-07 15:06 - 768978029 ____A C:\Users\dandadandan\Downloads\12.05.30.Angelll.mp4
    2012-07-07 15:04 - 2012-07-07 15:04 - 00059528 ____A C:\Users\dandadandan\Downloads\[kat.ph]mranal.angell.summers.she.loves.anal.may.30.2012.torrent
    2012-07-04 19:14 - 2012-07-04 19:14 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-07-04 19:14 - 2012-07-04 19:14 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd.dll
    2012-07-04 19:14 - 2012-07-04 19:14 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-07-04 19:14 - 2012-07-04 19:14 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
    2012-07-04 19:14 - 2012-07-04 19:14 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
    2012-07-04 19:14 - 2012-07-04 19:14 - 00204952 ____A C:\Windows\System32\ativvsvl.dat
    2012-07-04 19:14 - 2012-07-04 19:14 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-07-04 19:14 - 2012-07-04 19:14 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-07-04 19:14 - 2012-07-04 19:14 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc32.dll
    2012-07-04 19:14 - 2012-07-04 19:14 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom32.dll
    2012-07-04 19:14 - 2011-03-09 05:56 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-07-04 19:14 - 2011-03-09 05:56 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx32.dll
    2012-07-04 19:14 - 2011-03-09 05:30 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-07-04 19:14 - 2011-03-09 05:30 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumdag.dll
    2012-07-04 19:13 - 2012-07-04 19:13 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-07-04 19:13 - 2012-07-04 19:13 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxy.dll
    2012-07-04 19:13 - 2012-07-04 19:13 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat
    2012-07-04 19:13 - 2012-07-04 19:13 - 00157144 ____A C:\Windows\System32\ativvsva.dat
    2012-07-04 19:13 - 2012-07-04 19:13 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-07-04 19:13 - 2012-07-04 19:13 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\System32\ati2edxx.dll
    2012-07-04 19:13 - 2011-03-09 05:48 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-07-04 19:13 - 2011-03-09 05:48 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx32.dll
    2012-07-04 19:12 - 2012-07-04 19:12 - 00038159 ____A C:\Windows\atiogl.xml
    2012-07-04 19:12 - 2012-07-04 19:12 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-07-04 19:12 - 2012-07-04 19:12 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-07-04 19:12 - 2012-07-04 19:12 - 00003917 ____A C:\Windows\SysWOW64\atipblag.dat
    2012-07-04 19:12 - 2012-07-04 19:12 - 00003917 ____A C:\Windows\System32\atipblag.dat
    2012-07-04 19:12 - 2011-03-09 05:17 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-07-04 19:12 - 2011-03-09 05:17 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxpag.dll
    2012-07-04 19:12 - 2011-03-09 05:16 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-07-04 19:12 - 2011-03-09 05:16 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9pag.dll
    2012-07-04 19:11 - 2012-07-04 19:11 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
    2012-07-04 19:11 - 2012-07-04 19:11 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumdmv.dll
    2012-07-04 19:11 - 2012-07-04 19:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-07-04 19:11 - 2012-07-04 19:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atigktxx.dll
    2012-07-04 19:11 - 2012-07-04 19:09 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-07-04 19:11 - 2012-07-04 19:09 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atioglxx.dll
    2012-07-04 19:11 - 2011-03-09 04:34 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-07-04 19:11 - 2011-03-09 04:34 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumdva.dll
    2012-07-04 19:10 - 2012-07-04 19:09 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-07-04 19:10 - 2012-07-04 19:09 - 02664704 ____A C:\Windows\System32\atiumdva.cap
    2012-07-04 19:09 - 2012-07-04 19:09 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-07-04 19:09 - 2012-07-04 19:09 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt.dll
    2012-07-04 19:09 - 2012-07-04 19:09 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-07-04 19:09 - 2012-07-04 19:09 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl.dll
    2012-07-04 18:49 - 2009-07-14 06:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-27 01:31 - 2012-06-27 00:33 - 494399192 ____A C:\Users\dandadandan\Downloads\True.Blood.S05E03.HDTV.x264-ASAP.mp4
    2012-06-26 22:30 - 2012-06-26 22:30 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-25 16:04 - 2012-06-25 16:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2012-06-25 16:04 - 2012-06-25 16:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\System32\msxml4.dll
    2012-06-09 05:41 - 2012-07-10 22:03 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-09 05:41 - 2012-07-10 22:03 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-06 06:05 - 2012-07-10 22:03 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-06 06:05 - 2012-07-10 22:03 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-06 06:05 - 2012-07-10 22:03 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-06 06:05 - 2012-07-10 22:03 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-06 06:03 - 2012-07-10 22:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-06 06:03 - 2012-07-10 22:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll


    ZeroAccess:
    C:\Windows\Installer\{d62fee95-4285-3685-1e08-bb7744f9fbac}
    C:\Windows\Installer\{d62fee95-4285-3685-1e08-bb7744f9fbac}\@
    C:\Windows\Installer\{d62fee95-4285-3685-1e08-bb7744f9fbac}\L
    C:\Windows\Installer\{d62fee95-4285-3685-1e08-bb7744f9fbac}\U
    C:\Windows\Installer\{d62fee95-4285-3685-1e08-bb7744f9fbac}\U\00000001.@

    ZeroAccess:
    C:\Users\dandadandan\AppData\Local\{d62fee95-4285-3685-1e08-bb7744f9fbac}
    C:\Users\dandadandan\AppData\Local\{d62fee95-4285-3685-1e08-bb7744f9fbac}\@
    C:\Users\dandadandan\AppData\Local\{d62fee95-4285-3685-1e08-bb7744f9fbac}\L
    C:\Users\dandadandan\AppData\Local\{d62fee95-4285-3685-1e08-bb7744f9fbac}\U

    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe
    [2011-04-28 12:09] - [2011-02-25 07:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

    C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
    C:\Windows\System32\User32.dll
    [2011-04-08 01:01] - [2010-11-20 13:08] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

    ========================= Memory info ======================

    Percentage of memory in use: 22%
    Total physical RAM: 8172.16 MB
    Available physical RAM: 6327.77 MB
    Total Pagefile: 16342.51 MB
    Available Pagefile: 14256.2 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3971.25 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:577.66 GB) NTFS
    3 Drive e: (Lexlar) (Removable) (Total:0.94 GB) (Free:0.9 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 960 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 931 GB Healthy Boot

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 959 MB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Lexlar NTFS Removable 959 MB Healthy

    ==================================================================================
    ======================= End Of Log ==========================
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Any reason why this wasn't run from the Recovery Environment...

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there (if necessary)
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  25. Daniel Riley

    Daniel Riley TS Rookie Topic Starter Posts: 25

    Ok just did what you said and it says 'this version of system recovery options is not compatible with the version of windows that you are trying to repair. try using a recovery disc that is compatible with this version of windows. I am using the 64bit disk, but it is still having problems.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.