Inactive Windows shuts down in 1 minute - Virus?

Bob Appendown · May 23, 2013

Hi.

New to the forum and new to viruses and I wonder if anyone could help me please.

I'm running Win7 x64 and all of a sudden, my PC will not stay on. Either in Windows or Safe Mode, it always shuts down within a minute (With a warning when in windows). It will not stay on long enough for me to do anything but I can't see anything "Unusual" in the process list.

I've seen a similar post, so heve downloaded and run Farbar Recovery Scan Tool (frst64.exe) according to the instructions on that post and here is the log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-05-2013 01
Ran by SYSTEM on 23-05-2013 11:24:32
Running from L:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ACPW06EN] "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN [1231992 2012-08-31] (ACD Systems)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-11-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN [822384 2011-09-19] (ACD Systems)
HKLM-x32\...\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\FRAZ\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [267056 2011-10-08] (BitTorrent, Inc.)
HKU\FRAZ\...\Run: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE /FU "C:\Windows\TEMP\E_S6681.tmp" /EF "HKCU" [148 2012-12-16] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\iReboot 1.1.1.lnk
ShortcutTarget: iReboot 1.1.1.lnk -> C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe (NeoSmart Technologies)
==================== Services (Whitelisted) =================
S2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [891432 2009-09-12] (Acronis)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2012-09-15] ()
S2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2011-10-09] (Acronis)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO)
S2 BITS; C:\Windows\System32\qmgr.dll [848384 2009-07-13] ()
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280 2013-03-22] ()
S2 iReboot; C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [17408 2009-09-15] ()
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-09-15] ()
S2 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-17] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-17] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55056 2013-04-22] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
S3 WimFltr; C:\Windows\SysWow64\DRIVERS\wimfltr.sys [128104 2006-11-01] (Microsoft Corporation)
S4 Gpstetexysm; No ImagePath
S0 snapman; system32\DRIVERS\snapman.sys [x]
S0 tdrpman251; system32\DRIVERS\tdrpm251.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-23 10:40 - 2013-05-23 10:40 - 00000000 ____D C:\FRST
2013-05-17 10:11 - 2013-05-17 10:11 - 00000000 __SHD C:\found.000
2013-05-16 05:21 - 2013-05-16 10:10 - 00000000 ____D C:\Users\FRAZ\Desktop\family photos spain
2013-05-14 22:28 - 2013-05-14 22:28 - 00300768 ____A C:\Windows\Minidump\051513-27908-01.dmp
2013-05-12 15:03 - 2013-05-12 15:04 - 00000000 ____D C:\Users\FRAZ\Desktop\Panasonic Camcorder photo test
2013-05-12 14:54 - 2013-05-12 14:55 - 00000000 ____D C:\Users\FRAZ\Desktop\FashionRingtones
2013-05-12 07:04 - 2013-05-12 07:04 - 00000952 ____A C:\Users\FRAZ\Desktop\HD Tune.lnk
2013-05-12 07:04 - 2013-05-12 07:04 - 00000000 ____D C:\Program Files (x86)\HD Tune
2013-05-11 03:29 - 2013-05-11 03:34 - 00000000 ____D C:\Users\FRAZ\Desktop\moby northern
2013-05-11 03:29 - 2013-05-03 14:58 - 09093237 ____N C:\Users\FRAZ\Desktop\20130503_235820.mp4
2013-05-11 03:29 - 2013-05-03 14:05 - 245591627 ____N C:\Users\FRAZ\Desktop\20130503_230306.mp4
2013-05-11 03:29 - 2013-05-03 14:02 - 71031828 ____N C:\Users\FRAZ\Desktop\20130503_230220.mp4
2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\[Originals]
2013-05-11 00:54 - 2013-05-11 00:54 - 00000000 ____D C:\Users\FRAZ\Documents\Adobe
2013-05-11 00:48 - 2013-05-11 00:48 - 00002077 ____A C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 00:48 - 2013-05-11 00:48 - 00002077 ____A C:\ProgramData\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 00:36 - 2013-05-11 00:36 - 00000000 ____D C:\Users\FRAZ\Desktop\Adobe
2013-05-08 23:17 - 2013-05-08 23:17 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-08 23:17 - 2013-05-08 23:17 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-07 05:30 - 2013-05-07 05:30 - 00001072 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 05:30 - 2013-05-07 05:30 - 00001072 ____A C:\ProgramData\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 05:30 - 2013-05-07 05:30 - 00000000 ____D C:\ProgramData\YTD YouTube Downloader & Converter
2013-05-07 05:30 - 2013-05-07 05:30 - 00000000 ____D C:\ProgramData\Application Data\YTD YouTube Downloader & Converter
2013-04-30 01:44 - 2013-04-30 01:44 - 00001388 ____A C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001388 ____A C:\ProgramData\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001265 ____A C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001265 ____A C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Users\FRAZ\Application Data\DVDVideoSoft
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\DVDVideoSoft
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
==================== One Month Modified Files and Folders =======
2013-05-23 10:40 - 2013-05-23 10:40 - 00000000 ____D C:\FRST
2013-05-23 01:54 - 2011-10-09 00:44 - 00000000 ____D C:\Users\FRAZ\AppData\Local\ACD Systems
2013-05-23 01:50 - 2011-10-08 15:31 - 00000000 ____D C:\Users\FRAZ\Application Data\uTorrent
2013-05-23 01:50 - 2011-10-08 15:31 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\uTorrent
2013-05-23 01:49 - 2012-09-15 00:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-23 01:49 - 2012-09-15 00:17 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab
2013-05-23 01:48 - 2011-10-08 14:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-23 01:48 - 2011-10-08 14:59 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-05-23 01:48 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-23 01:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-23 01:48 - 2003-12-01 04:31 - 00070328 ____A C:\Windows\setupact.log
2013-05-17 10:30 - 2009-07-13 15:38 - 00129024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2013-05-17 10:28 - 2009-07-13 16:10 - 00845824 ____A (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-05-17 10:27 - 2009-07-13 15:28 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-17 10:25 - 2009-07-13 15:49 - 01065984 ____A (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2013-05-17 10:14 - 2009-07-13 15:25 - 01898576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-17 10:13 - 2009-07-13 15:20 - 01659984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-17 10:11 - 2013-05-17 10:11 - 00000000 __SHD C:\found.000
2013-05-17 01:03 - 2011-10-08 13:41 - 02059676 ____A C:\Windows\WindowsUpdate.log
2013-05-17 00:57 - 2009-07-13 20:45 - 00015504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-17 00:57 - 2009-07-13 20:45 - 00015504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-17 00:47 - 2012-09-15 07:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-16 10:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-05-16 10:42 - 2011-10-08 15:03 - 00000000 ____D C:\Users\FRAZ\Application Data\Adobe
2013-05-16 10:42 - 2011-10-08 15:03 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\Adobe
2013-05-16 10:10 - 2013-05-16 05:21 - 00000000 ____D C:\Users\FRAZ\Desktop\family photos spain
2013-05-15 08:47 - 2012-09-15 07:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 08:47 - 2012-09-15 07:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 22:28 - 2013-05-14 22:28 - 00300768 ____A C:\Windows\Minidump\051513-27908-01.dmp
2013-05-14 22:28 - 2012-11-19 03:00 - 00000000 ____D C:\Windows\Minidump
2013-05-12 22:50 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-12 15:04 - 2013-05-12 15:03 - 00000000 ____D C:\Users\FRAZ\Desktop\Panasonic Camcorder photo test
2013-05-12 14:55 - 2013-05-12 14:54 - 00000000 ____D C:\Users\FRAZ\Desktop\FashionRingtones
2013-05-12 07:04 - 2013-05-12 07:04 - 00000952 ____A C:\Users\FRAZ\Desktop\HD Tune.lnk
2013-05-12 07:04 - 2013-05-12 07:04 - 00000000 ____D C:\Program Files (x86)\HD Tune
2013-05-11 03:34 - 2013-05-11 03:29 - 00000000 ____D C:\Users\FRAZ\Desktop\moby northern
2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\[Originals]
2013-05-11 00:54 - 2013-05-11 00:54 - 00000000 ____D C:\Users\FRAZ\Documents\Adobe
2013-05-11 00:54 - 2011-10-09 03:54 - 00000000 ____D C:\Users\FRAZ\AppData\Local\Adobe
2013-05-11 00:48 - 2013-05-11 00:48 - 00002077 ____A C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 00:48 - 2013-05-11 00:48 - 00002077 ____A C:\ProgramData\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 00:48 - 2011-10-09 03:59 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-11 00:48 - 2011-10-08 15:54 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-05-11 00:48 - 2011-10-08 15:54 - 00000000 ____D C:\ProgramData\Adobe
2013-05-11 00:47 - 2011-10-09 04:00 - 00000000 ____D C:\Program Files\Adobe
2013-05-11 00:36 - 2013-05-11 00:36 - 00000000 ____D C:\Users\FRAZ\Desktop\Adobe
2013-05-08 23:17 - 2013-05-08 23:17 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-08 23:17 - 2013-05-08 23:17 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-07 05:30 - 2013-05-07 05:30 - 00001072 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 05:30 - 2013-05-07 05:30 - 00001072 ____A C:\ProgramData\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 05:30 - 2013-05-07 05:30 - 00000000 ____D C:\ProgramData\YTD YouTube Downloader & Converter
2013-05-07 05:30 - 2013-05-07 05:30 - 00000000 ____D C:\ProgramData\Application Data\YTD YouTube Downloader & Converter
2013-05-07 05:30 - 2011-10-09 00:37 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader
2013-05-03 14:58 - 2013-05-11 03:29 - 09093237 ____N C:\Users\FRAZ\Desktop\20130503_235820.mp4
2013-05-03 14:05 - 2013-05-11 03:29 - 245591627 ____N C:\Users\FRAZ\Desktop\20130503_230306.mp4
2013-05-03 14:02 - 2013-05-11 03:29 - 71031828 ____N C:\Users\FRAZ\Desktop\20130503_230220.mp4
2013-04-30 21:51 - 2003-12-01 04:31 - 00030206 ____A C:\Windows\PFRO.log
2013-04-30 01:44 - 2013-04-30 01:44 - 00001388 ____A C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001388 ____A C:\ProgramData\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001265 ____A C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001265 ____A C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Users\FRAZ\Application Data\DVDVideoSoft
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\DVDVideoSoft
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-30 01:44 - 2011-10-09 06:29 - 00000000 ____D C:\Users\FRAZ\Documents\DVDVideoSoft
2013-04-30 01:22 - 2011-10-09 06:34 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
2013-04-30 01:22 - 2011-10-09 06:34 - 00000349 ____A C:\ProgramData\Documents\PCLECHAL.INI
2013-04-30 01:21 - 2011-10-09 06:34 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2013-04-30 01:21 - 2011-10-09 06:34 - 00000000 ____D C:\ProgramData\Documents\Pinnacle
2013-04-30 01:21 - 2011-10-09 03:06 - 00000000 ____D C:\Users\FRAZ\Documents\Pinnacle Studio
2013-04-23 23:37 - 2011-10-08 15:23 - 00270560 ____A C:\Users\FRAZ\AppData\Local\GDIPFONTCACHEV1.DAT
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2009-07-13 15:56] - [2009-07-13 17:39] - 2868224 ____A (Microsoft Corporation) 22424AE68280D6FDE95CD40F2D238049
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8190.05 MB
Available physical RAM: 7400.41 MB
Total Pagefile: 8188.2 MB
Available Pagefile: 7392.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: (130 GIG - SAT1 - WIN 7) (Fixed) (Total:136.72 GB) (Free:10.65 GB) NTFS (Disk=0 Partition=1)
Drive l: (8 GIG STICK) (Removable) (Total:7.55 GB) (Free:0.53 GB) FAT32 (Disk=7 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (96 gig ) (Fixed) (Total:96.16 GB) (Free:4.5 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 2D531A81)
Partition 1: (Not Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=96 GB) - (Type=07 NTFS)
========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0C)
Last Boot: 2013-05-14 05:58
==================== End Of Log ============================

Can anyone advise or provide the fix log please.

Many thanks in advance

Fraz

Bob Appendown · May 23, 2013

. . . . and here's the Search Log:

Farbar Recovery Scan Tool (x64) Version: 22-05-2013 01
Ran by SYSTEM at 2013-05-23 20:15:21
Running from J:\
Boot Mode: Recovery
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======

I really hope I've not done anything wrong by running the Farbar thing but I was trying to speed up the solving process as I'm needing my PC for some important stuff and I'm on a borrowed PC right now.

thanks again

Broni · May 23, 2013

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.

Bob Appendown · May 24, 2013

Hi and thank you for taking the baton of my issues

I followed your instructions but unfortunately, the problem still exists.

When Windows loads, I get the message "Sweetpacks Update Manager failed to load - error 0x0000096"
(I don't know what "Sweetpacks" is but it's not in my programs list and I have not knowingly installed it.)

I then get the Windows message "DCOM Server Process Launcher failed, windows will shut down."
(This message seems to be something different almost every time that is causing the shutdown)

Don't know if any of the above is helpful?

Here is the LOG that you requested above:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-05-2013 01
Ran by SYSTEM at 2013-05-24 07:45:58 Run:1
Running from N:\
Boot Mode: Recovery
==============================================
Gpstetexysm => Service deleted successfully.
The operation completed successfully.
==== End of Fixlog ====

Broni · May 24, 2013

Post fresh FRST log.

Bob Appendown · May 24, 2013

Here's the new FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-05-2013 01
Ran by SYSTEM on 24-05-2013 18:48:18
Running from N:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ACPW06EN] "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN [1231992 2012-08-31] (ACD Systems)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-11-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN [822384 2011-09-19] (ACD Systems)
HKLM-x32\...\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\FRAZ\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [267056 2011-10-08] (BitTorrent, Inc.)
HKU\FRAZ\...\Run: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE /FU "C:\Windows\TEMP\E_S6681.tmp" /EF "HKCU" [148 2012-12-16] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\iReboot 1.1.1.lnk
ShortcutTarget: iReboot 1.1.1.lnk -> C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe (NeoSmart Technologies)
==================== Services (Whitelisted) =================
S2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [891432 2009-09-12] (Acronis)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2012-09-15] ()
S2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2011-10-09] (Acronis)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO)
S3 BITS; C:\Windows\System32\qmgr.dll [848384 2009-07-13] ()
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280 2013-03-22] ()
S2 iReboot; C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [17408 2009-09-15] ()
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-09-15] ()
S2 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-17] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-17] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55056 2013-04-22] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
S3 WimFltr; C:\Windows\SysWow64\DRIVERS\wimfltr.sys [128104 2006-11-01] (Microsoft Corporation)
S0 snapman; system32\DRIVERS\snapman.sys [x]
S0 tdrpman251; system32\DRIVERS\tdrpm251.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-05-23 10:40 - 2013-05-23 10:40 - 00000000 ____D C:\FRST
2013-05-23 05:40 - 2013-05-23 05:40 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\FRAZ\Desktop\tdsskiller.exe
2013-05-23 05:24 - 2013-05-23 05:24 - 00000000 ____D C:\Windows\erdnt
2013-05-23 05:24 - 2013-05-23 05:24 - 00000000 ____D C:\Qoobox
2013-05-23 05:20 - 2013-05-23 05:12 - 00321416 ____A (ESET) C:\ESETSirefefCleaner.exe
2013-05-17 10:11 - 2013-05-17 10:11 - 00000000 __SHD C:\found.000
2013-05-16 05:21 - 2013-05-16 10:10 - 00000000 ____D C:\Users\FRAZ\Desktop\family photos spain
2013-05-14 22:28 - 2013-05-14 22:28 - 00300768 ____A C:\Windows\Minidump\051513-27908-01.dmp
2013-05-12 15:03 - 2013-05-12 15:04 - 00000000 ____D C:\Users\FRAZ\Desktop\Panasonic Camcorder photo test
2013-05-12 14:54 - 2013-05-12 14:55 - 00000000 ____D C:\Users\FRAZ\Desktop\FashionRingtones
2013-05-12 07:04 - 2013-05-12 07:04 - 00000952 ____A C:\Users\FRAZ\Desktop\HD Tune.lnk
2013-05-12 07:04 - 2013-05-12 07:04 - 00000000 ____D C:\Program Files (x86)\HD Tune
2013-05-11 03:29 - 2013-05-11 03:34 - 00000000 ____D C:\Users\FRAZ\Desktop\moby northern
2013-05-11 03:29 - 2013-05-03 14:58 - 09093237 ____N C:\Users\FRAZ\Desktop\20130503_235820.mp4
2013-05-11 03:29 - 2013-05-03 14:05 - 245591627 ____N C:\Users\FRAZ\Desktop\20130503_230306.mp4
2013-05-11 03:29 - 2013-05-03 14:02 - 71031828 ____N C:\Users\FRAZ\Desktop\20130503_230220.mp4
2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\[Originals]
2013-05-11 00:54 - 2013-05-11 00:54 - 00000000 ____D C:\Users\FRAZ\Documents\Adobe
2013-05-11 00:48 - 2013-05-11 00:48 - 00002077 ____A C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 00:48 - 2013-05-11 00:48 - 00002077 ____A C:\ProgramData\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 00:36 - 2013-05-11 00:36 - 00000000 ____D C:\Users\FRAZ\Desktop\Adobe
2013-05-08 23:17 - 2013-05-08 23:17 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-08 23:17 - 2013-05-08 23:17 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-07 05:30 - 2013-05-07 05:30 - 00001072 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 05:30 - 2013-05-07 05:30 - 00001072 ____A C:\ProgramData\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 05:30 - 2013-05-07 05:30 - 00000000 ____D C:\ProgramData\YTD YouTube Downloader & Converter
2013-05-07 05:30 - 2013-05-07 05:30 - 00000000 ____D C:\ProgramData\Application Data\YTD YouTube Downloader & Converter
2013-04-30 01:44 - 2013-04-30 01:44 - 00001388 ____A C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001388 ____A C:\ProgramData\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001265 ____A C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001265 ____A C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Users\FRAZ\Application Data\DVDVideoSoft
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\DVDVideoSoft
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
==================== One Month Modified Files and Folders =======
2013-05-23 22:49 - 2011-10-08 15:31 - 00000000 ____D C:\Users\FRAZ\Application Data\uTorrent
2013-05-23 22:49 - 2011-10-08 15:31 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\uTorrent
2013-05-23 22:48 - 2012-09-15 00:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-23 22:48 - 2012-09-15 00:17 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab
2013-05-23 22:47 - 2011-10-08 14:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-23 22:47 - 2011-10-08 14:59 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-05-23 22:47 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-23 22:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-23 22:47 - 2003-12-01 04:31 - 00070944 ____A C:\Windows\setupact.log
2013-05-23 10:40 - 2013-05-23 10:40 - 00000000 ____D C:\FRST
2013-05-23 05:40 - 2013-05-23 05:40 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\FRAZ\Desktop\tdsskiller.exe
2013-05-23 05:24 - 2013-05-23 05:24 - 00000000 ____D C:\Windows\erdnt
2013-05-23 05:24 - 2013-05-23 05:24 - 00000000 ____D C:\Qoobox
2013-05-23 05:12 - 2013-05-23 05:20 - 00321416 ____A (ESET) C:\ESETSirefefCleaner.exe
2013-05-23 01:54 - 2011-10-09 00:44 - 00000000 ____D C:\Users\FRAZ\AppData\Local\ACD Systems
2013-05-17 10:30 - 2009-07-13 15:38 - 00129024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2013-05-17 10:28 - 2009-07-13 16:10 - 00845824 ____A (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-05-17 10:27 - 2009-07-13 15:28 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-17 10:25 - 2009-07-13 15:49 - 01065984 ____A (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2013-05-17 10:14 - 2009-07-13 15:25 - 01898576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-17 10:13 - 2009-07-13 15:20 - 01659984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-17 10:11 - 2013-05-17 10:11 - 00000000 __SHD C:\found.000
2013-05-17 01:03 - 2011-10-08 13:41 - 02059676 ____A C:\Windows\WindowsUpdate.log
2013-05-17 00:57 - 2009-07-13 20:45 - 00015504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-17 00:57 - 2009-07-13 20:45 - 00015504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-17 00:47 - 2012-09-15 07:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-16 10:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-05-16 10:42 - 2011-10-08 15:03 - 00000000 ____D C:\Users\FRAZ\Application Data\Adobe
2013-05-16 10:42 - 2011-10-08 15:03 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\Adobe
2013-05-16 10:10 - 2013-05-16 05:21 - 00000000 ____D C:\Users\FRAZ\Desktop\family photos spain
2013-05-15 08:47 - 2012-09-15 07:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 08:47 - 2012-09-15 07:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 22:28 - 2013-05-14 22:28 - 00300768 ____A C:\Windows\Minidump\051513-27908-01.dmp
2013-05-14 22:28 - 2012-11-19 03:00 - 00000000 ____D C:\Windows\Minidump
2013-05-12 22:50 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-12 15:04 - 2013-05-12 15:03 - 00000000 ____D C:\Users\FRAZ\Desktop\Panasonic Camcorder photo test
2013-05-12 14:55 - 2013-05-12 14:54 - 00000000 ____D C:\Users\FRAZ\Desktop\FashionRingtones
2013-05-12 07:04 - 2013-05-12 07:04 - 00000952 ____A C:\Users\FRAZ\Desktop\HD Tune.lnk
2013-05-12 07:04 - 2013-05-12 07:04 - 00000000 ____D C:\Program Files (x86)\HD Tune
2013-05-11 03:34 - 2013-05-11 03:29 - 00000000 ____D C:\Users\FRAZ\Desktop\moby northern
2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\[Originals]
2013-05-11 00:54 - 2013-05-11 00:54 - 00000000 ____D C:\Users\FRAZ\Documents\Adobe
2013-05-11 00:54 - 2011-10-09 03:54 - 00000000 ____D C:\Users\FRAZ\AppData\Local\Adobe
2013-05-11 00:48 - 2013-05-11 00:48 - 00002077 ____A C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 00:48 - 2013-05-11 00:48 - 00002077 ____A C:\ProgramData\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 00:48 - 2011-10-09 03:59 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-11 00:48 - 2011-10-08 15:54 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-05-11 00:48 - 2011-10-08 15:54 - 00000000 ____D C:\ProgramData\Adobe
2013-05-11 00:47 - 2011-10-09 04:00 - 00000000 ____D C:\Program Files\Adobe
2013-05-11 00:36 - 2013-05-11 00:36 - 00000000 ____D C:\Users\FRAZ\Desktop\Adobe
2013-05-08 23:17 - 2013-05-08 23:17 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-08 23:17 - 2013-05-08 23:17 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-07 05:30 - 2013-05-07 05:30 - 00001072 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 05:30 - 2013-05-07 05:30 - 00001072 ____A C:\ProgramData\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 05:30 - 2013-05-07 05:30 - 00000000 ____D C:\ProgramData\YTD YouTube Downloader & Converter
2013-05-07 05:30 - 2013-05-07 05:30 - 00000000 ____D C:\ProgramData\Application Data\YTD YouTube Downloader & Converter
2013-05-07 05:30 - 2011-10-09 00:37 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader
2013-05-03 14:58 - 2013-05-11 03:29 - 09093237 ____N C:\Users\FRAZ\Desktop\20130503_235820.mp4
2013-05-03 14:05 - 2013-05-11 03:29 - 245591627 ____N C:\Users\FRAZ\Desktop\20130503_230306.mp4
2013-05-03 14:02 - 2013-05-11 03:29 - 71031828 ____N C:\Users\FRAZ\Desktop\20130503_230220.mp4
2013-04-30 21:51 - 2003-12-01 04:31 - 00030206 ____A C:\Windows\PFRO.log
2013-04-30 01:44 - 2013-04-30 01:44 - 00001388 ____A C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001388 ____A C:\ProgramData\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001265 ____A C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001265 ____A C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Users\FRAZ\Application Data\DVDVideoSoft
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\DVDVideoSoft
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-30 01:44 - 2011-10-09 06:29 - 00000000 ____D C:\Users\FRAZ\Documents\DVDVideoSoft
2013-04-30 01:22 - 2011-10-09 06:34 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
2013-04-30 01:22 - 2011-10-09 06:34 - 00000349 ____A C:\ProgramData\Documents\PCLECHAL.INI
2013-04-30 01:21 - 2011-10-09 06:34 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2013-04-30 01:21 - 2011-10-09 06:34 - 00000000 ____D C:\ProgramData\Documents\Pinnacle
2013-04-30 01:21 - 2011-10-09 03:06 - 00000000 ____D C:\Users\FRAZ\Documents\Pinnacle Studio
==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2009-07-13 15:56] - [2009-07-13 17:39] - 2868224 ____A (Microsoft Corporation) 22424AE68280D6FDE95CD40F2D238049
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================

==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8190.05 MB
Available physical RAM: 7391.18 MB
Total Pagefile: 8188.2 MB
Available Pagefile: 7383.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: (130 GIG - SAT1 - WIN 7) (Fixed) (Total:136.72 GB) (Free:10.65 GB) NTFS (Disk=1 Partition=1)
Drive d: (96 gig ) (Fixed) (Total:96.16 GB) (Free:4.5 GB) NTFS (Disk=1 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (700 GIG - SATA 1 - Misc) (Fixed) (Total:701.04 GB) (Free:5.52 GB) NTFS (Disk=0 Partition=4)
Drive f: (100 GIG - SATA 1 - WIN 7) (Fixed) (Total:100.59 GB) (Free:67.79 GB) NTFS (Disk=0 Partition=2)
Drive g: (120 GIG - SATA 1 - Win8) (Fixed) (Total:120.11 GB) (Free:12.18 GB) NTFS (Disk=0 Partition=3)
Drive n: (8 GIG STICK) (Removable) (Total:7.55 GB) (Free:0.53 GB) FAT32 (Disk=6 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: ( 10 GIG - SATA 1 - Win XP) (Fixed) (Total:9.77 GB) (Free:3.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B597786B)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=120 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=701 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 2D531A81)
Partition 1: (Not Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=96 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0C)

Last Boot: 2013-05-14 05:58
==================== End Of Log ============================

Bob Appendown · May 24, 2013

. . . . And here's the new "Services Search LOG":

Farbar Recovery Scan Tool (x64) Version: 22-05-2013 01
Ran by SYSTEM at 2013-05-24 18:51:27
Running from N:\
Boot Mode: Recovery
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======

Bob Appendown · May 24, 2013

They are showing as different drive letters etc because I've had to give back the borrowed PC and put a temporary HD in my own system (Just in case you were wondering)

again, thanks for your continued help.

Broni · May 24, 2013

They are showing as different drive letters etc because I've had to give back the borrowed PC and put a temporary HD in my own system

I'm not sure if I understand.

Also...

I don't know what "Sweetpacks" is but it's not in my programs list and I have not knowingly installed it.

How do you know that since you can't boot your system successfully?

Bob Appendown · May 24, 2013

1. I've set up another HD in the PC, with windows on, so I can get access to you and it's partitioned. I didn't have it connected when I originally did the 1st LOGs

2. My PC will run for 1 minute, which is giving me long enough to check in control panel for this sweetpacks thing, to uninstall but it's not there, then it shuts down again.

it always comes up with the "Sweetpacks error" then followed by the windows will shut sown message and a few secconds later, it restarts the system.

Hope this explains my comments, which were designed to assist, not confuse

Do the new logs I posted give you any idea what's wrong or how to proceed?

Broni · May 24, 2013

I'm not 100% sure yet what's going on so I'm trying to proceed with little steps.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Re-run FRST one more time and post new log.
See if it'll boot.

If not post another fresh FRST log.

Bob Appendown · May 25, 2013

I'll give the above a try but previously, I've been running FRST from a USB Flash Drive (Using the start up repair boot and CMD Prompt option) as I've assumed that my "Affedted OS Drive" will not stay "On" for long enough.

Just to confirm, previously FRST was run from USB Flash Drive and the LOG was saved to there. Your fixlist.txt was saved and run from the same USB drive (By pressing "Fix") - so they were all run & saved from / to the same USB Flash Drive.

I'll try it using the affected OS Drive and report below.

Bob Appendown · May 25, 2013

Hi. did as you suggested, from the Desktop but OS wouldn't stay on long enough to complete the process. FRST said it needed to restart the PC to complete the process (But before I could click anything, the PC restarted it self with the usual "Windows will restart" message.

On restart, the FRST window appeared, saying "Fixing" but nothing happened. Briefly a warning flashed up saying "CMD could not open", then a windows warning came up "setACL.exe Memory could not be read" (Didn't get time to write down the error code though) and then the next Windows Shutdown Error window appeared -"Windows must now restart a Power service terminated unexpectedly"

When it re-started, SWEETPACKS was seemingly gone, or it didn't give the warning window.

Then the same setACL.exe warning came up and then "Windows must restart - Plug & Play Service has terminated unexpectedly"

I figured that the FRST "Fix" hadn't worked from the desktop, so I ran it all again from the USB Flash Drive and tested it but it still gives the setALC.exe error and the "Windows must now restart - plug & Play"

I then ran FRST again to get the following LOGS.

After running the fixlist.txt file from the desktop, here is the saved fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-05-2013 01
Ran by FRAZ at 2013-05-25 08:02:10 Run:2
Running from C:\Users\FRAZ\Desktop
Boot Mode: Normal
==============================================
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator => Value deleted successfully.
"C:\Program Files (x86)\SweetIM" directory move:
C:\Program Files (x86)\SweetIM\Communicator\mgcommon.dll => Moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\mgcommunication.dll => Moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\mgsimcommon.dll => Moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\mgxml_wrapper.dll => Moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe => Moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest => Moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcm90.dll => Moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcp90.dll => Moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll => Moved successfully.
Could not move "C:\Program Files (x86)\SweetIM" directory. => Scheduled to move on reboot.
BrowserProtect => Service deleted successfully.
"C:\ProgramData\BrowserProtect" directory move:
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js. => Scheduled to move on reboot.
Could not move "C:\ProgramData\BrowserProtect" directory. => Scheduled to move on reboot.

=========== Result of Scheduled Files to move ===========
C:\Program Files (x86)\SweetIM => Moved successfully.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl => File could not move.
=========== Result of Scheduled Files to move ===========
C:\Program Files (x86)\SweetIM => Is moved successfully.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings => File could not move.

continued in next post . . . .

Bob Appendown · May 25, 2013

Continued from last post:

Here is the fresh FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-05-2013 01
Ran by SYSTEM on 25-05-2013 08:22:34
Running from N:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ACPW06EN] "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN [1231992 2012-08-31] (ACD Systems)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2012-11-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN [822384 2011-09-19] (ACD Systems)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\FRAZ\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [267056 2011-10-08] (BitTorrent, Inc.)
HKU\FRAZ\...\Run: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE /FU "C:\Windows\TEMP\E_S6681.tmp" /EF "HKCU" [148 2012-12-16] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\iReboot 1.1.1.lnk
ShortcutTarget: iReboot 1.1.1.lnk -> C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe (NeoSmart Technologies)
==================== Services (Whitelisted) =================
S2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [891432 2009-09-12] (Acronis)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2012-09-15] ()
S2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2011-10-09] (Acronis)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO)
S3 BITS; C:\Windows\System32\qmgr.dll [848384 2009-07-13] ()
S2 iReboot; C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [17408 2009-09-15] ()
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-09-15] ()
S2 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-17] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-17] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55056 2013-04-22] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
S3 WimFltr; C:\Windows\SysWow64\DRIVERS\wimfltr.sys [128104 2006-11-01] (Microsoft Corporation)
S0 snapman; system32\DRIVERS\snapman.sys [x]
S0 tdrpman251; system32\DRIVERS\tdrpm251.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-05-24 22:58 - 2013-05-23 02:17 - 01878472 ____A (Farbar) C:\Users\FRAZ\Desktop\FRST64.exe
2013-05-23 10:40 - 2013-05-25 08:15 - 00000000 ____D C:\FRST
2013-05-23 05:40 - 2013-05-23 05:40 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\FRAZ\Desktop\tdsskiller.exe
2013-05-23 05:24 - 2013-05-23 05:24 - 00000000 ____D C:\Windows\erdnt
2013-05-23 05:24 - 2013-05-23 05:24 - 00000000 ____D C:\Qoobox
2013-05-23 05:20 - 2013-05-23 05:12 - 00321416 ____A (ESET) C:\ESETSirefefCleaner.exe
2013-05-17 10:11 - 2013-05-17 10:11 - 00000000 __SHD C:\found.000
2013-05-16 05:21 - 2013-05-16 10:10 - 00000000 ____D C:\Users\FRAZ\Desktop\family photos spain
2013-05-14 22:28 - 2013-05-14 22:28 - 00300768 ____A C:\Windows\Minidump\051513-27908-01.dmp
2013-05-12 15:03 - 2013-05-12 15:04 - 00000000 ____D C:\Users\FRAZ\Desktop\Panasonic Camcorder photo test
2013-05-12 14:54 - 2013-05-12 14:55 - 00000000 ____D C:\Users\FRAZ\Desktop\FashionRingtones
2013-05-12 07:04 - 2013-05-12 07:04 - 00000952 ____A C:\Users\FRAZ\Desktop\HD Tune.lnk
2013-05-12 07:04 - 2013-05-12 07:04 - 00000000 ____D C:\Program Files (x86)\HD Tune
2013-05-11 03:29 - 2013-05-11 03:34 - 00000000 ____D C:\Users\FRAZ\Desktop\moby northern
2013-05-11 03:29 - 2013-05-03 14:58 - 09093237 ____N C:\Users\FRAZ\Desktop\20130503_235820.mp4
2013-05-11 03:29 - 2013-05-03 14:05 - 245591627 ____N C:\Users\FRAZ\Desktop\20130503_230306.mp4
2013-05-11 03:29 - 2013-05-03 14:02 - 71031828 ____N C:\Users\FRAZ\Desktop\20130503_230220.mp4
2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\[Originals]
2013-05-11 00:54 - 2013-05-11 00:54 - 00000000 ____D C:\Users\FRAZ\Documents\Adobe
2013-05-11 00:48 - 2013-05-11 00:48 - 00002077 ____A C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 00:48 - 2013-05-11 00:48 - 00002077 ____A C:\ProgramData\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 00:36 - 2013-05-11 00:36 - 00000000 ____D C:\Users\FRAZ\Desktop\Adobe
2013-05-08 23:17 - 2013-05-08 23:17 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-08 23:17 - 2013-05-08 23:17 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-07 05:30 - 2013-05-07 05:30 - 00001072 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 05:30 - 2013-05-07 05:30 - 00001072 ____A C:\ProgramData\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 05:30 - 2013-05-07 05:30 - 00000000 ____D C:\ProgramData\YTD YouTube Downloader & Converter
2013-05-07 05:30 - 2013-05-07 05:30 - 00000000 ____D C:\ProgramData\Application Data\YTD YouTube Downloader & Converter
2013-04-30 01:44 - 2013-04-30 01:44 - 00001388 ____A C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001388 ____A C:\ProgramData\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001265 ____A C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001265 ____A C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Users\FRAZ\Application Data\DVDVideoSoft
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\DVDVideoSoft
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
==================== One Month Modified Files and Folders =======
2013-05-25 08:15 - 2013-05-23 10:40 - 00000000 ____D C:\FRST
2013-05-24 23:20 - 2011-10-08 15:31 - 00000000 ____D C:\Users\FRAZ\Application Data\uTorrent
2013-05-24 23:20 - 2011-10-08 15:31 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\uTorrent
2013-05-24 23:18 - 2012-09-15 00:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-24 23:18 - 2012-09-15 00:17 - 00000000 ____D C:\ProgramData\Application Data\Kaspersky Lab
2013-05-24 23:18 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-24 23:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-24 23:17 - 2011-10-08 14:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-24 23:17 - 2011-10-08 14:59 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-05-24 23:17 - 2003-12-01 04:31 - 00071224 ____A C:\Windows\setupact.log
2013-05-24 23:03 - 2003-12-01 04:31 - 00036866 ____A C:\Windows\PFRO.log
2013-05-23 05:40 - 2013-05-23 05:40 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\FRAZ\Desktop\tdsskiller.exe
2013-05-23 05:24 - 2013-05-23 05:24 - 00000000 ____D C:\Windows\erdnt
2013-05-23 05:24 - 2013-05-23 05:24 - 00000000 ____D C:\Qoobox
2013-05-23 05:12 - 2013-05-23 05:20 - 00321416 ____A (ESET) C:\ESETSirefefCleaner.exe
2013-05-23 02:17 - 2013-05-24 22:58 - 01878472 ____A (Farbar) C:\Users\FRAZ\Desktop\FRST64.exe
2013-05-23 01:54 - 2011-10-09 00:44 - 00000000 ____D C:\Users\FRAZ\AppData\Local\ACD Systems
2013-05-17 10:30 - 2009-07-13 15:38 - 00129024 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2013-05-17 10:28 - 2009-07-13 16:10 - 00845824 ____A (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-05-17 10:27 - 2009-07-13 15:28 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-17 10:25 - 2009-07-13 15:49 - 01065984 ____A (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2013-05-17 10:14 - 2009-07-13 15:25 - 01898576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-17 10:13 - 2009-07-13 15:20 - 01659984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-17 10:11 - 2013-05-17 10:11 - 00000000 __SHD C:\found.000
2013-05-17 01:03 - 2011-10-08 13:41 - 02059676 ____A C:\Windows\WindowsUpdate.log
2013-05-17 00:57 - 2009-07-13 20:45 - 00015504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-17 00:57 - 2009-07-13 20:45 - 00015504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-17 00:47 - 2012-09-15 07:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-16 10:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-05-16 10:42 - 2011-10-08 15:03 - 00000000 ____D C:\Users\FRAZ\Application Data\Adobe
2013-05-16 10:42 - 2011-10-08 15:03 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\Adobe
2013-05-16 10:10 - 2013-05-16 05:21 - 00000000 ____D C:\Users\FRAZ\Desktop\family photos spain
2013-05-15 08:47 - 2012-09-15 07:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 08:47 - 2012-09-15 07:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 22:28 - 2013-05-14 22:28 - 00300768 ____A C:\Windows\Minidump\051513-27908-01.dmp
2013-05-14 22:28 - 2012-11-19 03:00 - 00000000 ____D C:\Windows\Minidump
2013-05-12 22:50 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-12 15:04 - 2013-05-12 15:03 - 00000000 ____D C:\Users\FRAZ\Desktop\Panasonic Camcorder photo test
2013-05-12 14:55 - 2013-05-12 14:54 - 00000000 ____D C:\Users\FRAZ\Desktop\FashionRingtones
2013-05-12 07:04 - 2013-05-12 07:04 - 00000952 ____A C:\Users\FRAZ\Desktop\HD Tune.lnk
2013-05-12 07:04 - 2013-05-12 07:04 - 00000000 ____D C:\Program Files (x86)\HD Tune
2013-05-11 03:34 - 2013-05-11 03:29 - 00000000 ____D C:\Users\FRAZ\Desktop\moby northern
2013-05-11 01:16 - 2013-05-11 01:16 - 00000000 ___HD C:\Users\Public\[Originals]
2013-05-11 00:54 - 2013-05-11 00:54 - 00000000 ____D C:\Users\FRAZ\Documents\Adobe
2013-05-11 00:54 - 2011-10-09 03:54 - 00000000 ____D C:\Users\FRAZ\AppData\Local\Adobe
2013-05-11 00:48 - 2013-05-11 00:48 - 00002077 ____A C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 00:48 - 2013-05-11 00:48 - 00002077 ____A C:\ProgramData\Desktop\Lightroom 4.3 64-bit.lnk
2013-05-11 00:48 - 2011-10-09 03:59 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-11 00:48 - 2011-10-08 15:54 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-05-11 00:48 - 2011-10-08 15:54 - 00000000 ____D C:\ProgramData\Adobe
2013-05-11 00:47 - 2011-10-09 04:00 - 00000000 ____D C:\Program Files\Adobe
2013-05-11 00:36 - 2013-05-11 00:36 - 00000000 ____D C:\Users\FRAZ\Desktop\Adobe
2013-05-08 23:17 - 2013-05-08 23:17 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-08 23:17 - 2013-05-08 23:17 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-07 05:30 - 2013-05-07 05:30 - 00001072 ____A C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 05:30 - 2013-05-07 05:30 - 00001072 ____A C:\ProgramData\Desktop\YTD YouTube Downloader & Converter.lnk
2013-05-07 05:30 - 2013-05-07 05:30 - 00000000 ____D C:\ProgramData\YTD YouTube Downloader & Converter
2013-05-07 05:30 - 2013-05-07 05:30 - 00000000 ____D C:\ProgramData\Application Data\YTD YouTube Downloader & Converter
2013-05-07 05:30 - 2011-10-09 00:37 - 00000000 ____D C:\Program Files (x86)\YouTube Downloader
2013-05-03 14:58 - 2013-05-11 03:29 - 09093237 ____N C:\Users\FRAZ\Desktop\20130503_235820.mp4
2013-05-03 14:05 - 2013-05-11 03:29 - 245591627 ____N C:\Users\FRAZ\Desktop\20130503_230306.mp4
2013-05-03 14:02 - 2013-05-11 03:29 - 71031828 ____N C:\Users\FRAZ\Desktop\20130503_230220.mp4
2013-04-30 01:44 - 2013-04-30 01:44 - 00001388 ____A C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001388 ____A C:\ProgramData\Desktop\Free Video Flip and Rotate.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001265 ____A C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00001265 ____A C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Users\FRAZ\Application Data\DVDVideoSoft
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Users\FRAZ\AppData\Roaming\DVDVideoSoft
2013-04-30 01:44 - 2013-04-30 01:44 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-04-30 01:44 - 2011-10-09 06:29 - 00000000 ____D C:\Users\FRAZ\Documents\DVDVideoSoft
2013-04-30 01:22 - 2011-10-09 06:34 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
2013-04-30 01:22 - 2011-10-09 06:34 - 00000349 ____A C:\ProgramData\Documents\PCLECHAL.INI
2013-04-30 01:21 - 2011-10-09 06:34 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2013-04-30 01:21 - 2011-10-09 06:34 - 00000000 ____D C:\ProgramData\Documents\Pinnacle
2013-04-30 01:21 - 2011-10-09 03:06 - 00000000 ____D C:\Users\FRAZ\Documents\Pinnacle Studio
==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2009-07-13 15:56] - [2009-07-13 17:39] - 2868224 ____A (Microsoft Corporation) 22424AE68280D6FDE95CD40F2D238049
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================

==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8190.05 MB
Available physical RAM: 7389.82 MB
Total Pagefile: 8188.2 MB
Available Pagefile: 7380.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: (130 GIG - SAT1 - WIN 7) (Fixed) (Total:136.72 GB) (Free:10.65 GB) NTFS (Disk=0 Partition=1)
Drive d: ( 10 GIG - SATA 1 - Win XP) (Fixed) (Total:9.77 GB) (Free:3.07 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive e: (700 GIG - SATA 1 - Misc) (Fixed) (Total:701.04 GB) (Free:5.52 GB) NTFS (Disk=1 Partition=4)
Drive g: (100 GIG - SATA 1 - WIN 7) (Fixed) (Total:100.59 GB) (Free:67.79 GB) NTFS (Disk=1 Partition=2)
Drive h: (120 GIG - SATA 1 - Win8) (Fixed) (Total:120.11 GB) (Free:12.18 GB) NTFS (Disk=1 Partition=3)
Drive n: (8 GIG STICK) (Removable) (Total:7.55 GB) (Free:0.53 GB) FAT32 (Disk=6 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (96 gig ) (Fixed) (Total:96.16 GB) (Free:4.5 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 2D531A81)
Partition 1: (Not Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=96 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B597786B)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=120 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=701 GB) - (Type=OF Extended)
========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0C)

Last Boot: 2013-05-14 05:58
==================== End Of Log ============================

Bob Appendown · May 25, 2013

Continued again . . . the Services LOG:

Farbar Recovery Scan Tool (x64) Version: 22-05-2013 01
Ran by SYSTEM at 2013-05-25 08:23:48
Running from N:\
Boot Mode: Recovery
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======

We've got somewhere, in that "Sweetpacks" warning has gone, though the restarting issue (And others probably) still exist.

I am your servant, awaiting your instruction

Broni · May 25, 2013

Restart to System Recovery Options>Command Prompt again and run following command:
chkdsk /f /r (<------watch for "spaces")

Bob Appendown · May 26, 2013

checkdisk would not run:

This was the message (Condensed version)
"Windows can not lock the drive, The volume is write protected"

Broni · May 26, 2013

You are probably running the chkdsk utility on a drive other than C (like X).
Try this command:
chkdsk C: /f /r (<------watch for "spaces")

If "C" doesn't work try other letters.

Bob Appendown · May 27, 2013

Before I ran Checkdisk, I opened Notepad to confirm the drive letter of the affected OS Drive, which is F Drive and I used chkdsk /f /r as you'd said but I guess it was running on the "Recovery Drive X"

I'll try this new method and report back

Bob Appendown · May 27, 2013

Checkdisk ran ok and gave the following results. I did not try t oboot the affected OS Drive, as you didn't tell me to, so I will await your further instructions.

Please can you tell me what the results of the checkdisk mean too? Thanks

X:\windows\system32>chkdsk F: /f /r
The type of the file system is NTFS.
Volume label is 130 GIG - SAT1 - WIN 7.
CHKDSK is verifying files (stage 1 of 5)...
255488 file records processed.
File verification completed.
844 large file records processed.
0 bad file records processed.
2 EA records processed.
76 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
312538 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
255488 file SDs/SIDs processed.
Security descriptor verification completed.
28526 data files processed.
CHKDSK is verifying Usn Journal...
37634136 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
37 percent complete. (70874 of 255472 files processed)
Windows replaced bad clusters in file 70896
of name \SYSTEM~1\_RESTO~1\RP2\A0004379.exe.
38 percent complete. (146460 of 255472 files processed)
Windows replaced bad clusters in file 146552
of name \SYSTEM~1\_RESTO~1\RP2\A0004408.dll.
38 percent complete. (146572 of 255472 files processed)
Windows replaced bad clusters in file 146648
of name \SYSTEM~1\_RESTO~1\RP2\A0004483.dll.
38 percent complete. (146685 of 255472 files processed)
Windows replaced bad clusters in file 146707
of name \SYSTEM~1\_RESTO~1\RP2\A0004535.dll.
38 percent complete. (146813 of 255472 files processed)
Windows replaced bad clusters in file 146871
of name \SYSTEM~1\_RESTO~1\RP2\A0004699.dll.
38 percent complete. (147261 of 255472 files processed)
Windows replaced bad clusters in file 147299
of name \SYSTEM~1\_RESTO~1\RP2\A0005115.dll.
38 percent complete. (147295 of 255472 files processed)
Windows replaced bad clusters in file 147334
of name \SYSTEM~1\_RESTO~1\RP2\A0005150.dll.
38 percent complete. (147383 of 255472 files processed)
Windows replaced bad clusters in file 147411
of name \SYSTEM~1\_RESTO~1\RP2\A0005227.exe.
38 percent complete. (148340 of 255472 files processed)
Windows replaced bad clusters in file 148363
of name \SYSTEM~1\_RESTO~1\RP2\A0005657.DLL.
38 percent complete. (148496 of 255472 files processed)
Windows replaced bad clusters in file 148539
of name \SYSTEM~1\_RESTO~1\RP2\A0005832.dll.
Windows replaced bad clusters in file 148555
of name \SYSTEM~1\_RESTO~1\RP2\A0005848.dll.
38 percent complete. (148870 of 255472 files processed)
Windows replaced bad clusters in file 148900
of name \SYSTEM~1\_RESTO~1\RP2\A0006193.DLL.
38 percent complete. (149077 of 255472 files processed)
Windows replaced bad clusters in file 149127
of name \SYSTEM~1\_RESTO~1\RP2\A0006420.dll.
38 percent complete. (149471 of 255472 files processed)
Windows replaced bad clusters in file 149567
of name \SYSTEM~1\_RESTO~1\RP2\A0006859.dll.
38 percent complete. (149630 of 255472 files processed)
Windows replaced bad clusters in file 149661
of name \SYSTEM~1\_RESTO~1\RP2\A0006953.dll.
255472 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
2793539 free clusters processed.
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
143359996 KB total disk space.
131706872 KB in 202305 files.
115592 KB in 28527 indexes.
0 KB in bad sectors.
363376 KB in use by the system.
65536 KB occupied by the log file.
11174156 KB available on disk.
4096 bytes in each allocation unit.
35839999 total allocation units on disk.
2793539 allocation units available on disk.
Failed to transfer logged messages to the event log with status 50.
X:\windows\system32>

Bob Appendown · May 27, 2013

OK, I figured that a Checkdisk would only correct things, so I tried to boot the PC.

It came up with this warning before restarting:

"Windows must restart as the plug and play service has terminated"

there were none of the other usual warnings though

Whilst waiting for the inevitable shutdown, I looked in "My Computer" and noticed that the USB Memory Stick drive and the usb connected "Multi-card-reader" Drives were not showing up - thought I'd mention this, in case it's of importance?

I will await your further instructions

Thanks

Broni · May 27, 2013

Did the computer actually boot OK?

Bob Appendown · May 27, 2013

No more than at the beginning.

It boots to the windows desktop, the cursor flickers a couple of times and then the "Windows needs to restart . . . ." error appears and then it restarts.

Startup repair does nothing either

Broni · May 27, 2013

Let's try one more fix...

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Bob Appendown · May 27, 2013

Done and here's the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-05-2013 01
Ran by SYSTEM at 2013-05-27 19:18:07 Run:4
Running from N:\
Boot Mode: Recovery
==============================================
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====

Inactive Windows shuts down in 1 minute - Virus?

Posts: 49 +0

Posts: 49 +0

Posts: 56,041 +516

Attachments

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Posts: 49 +0

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Posts: 56,041 +516

Attachments

Posts: 49 +0

Posts: 49 +0

Posts: 49 +0

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Posts: 49 +0

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Posts: 56,041 +516

Attachments

Posts: 49 +0

Similar threads