Jump to content

Recommended Posts

My laptop has two OS both are Windows 7. Recently I felt that my system is infected (because my system showing some downloads are going on but I am not downloading anything no other known program is downloading)  so I downloaded Mallwarebyte  and run a Quick Scan it find some virus and removed them. Then I run scan on other partition (where other Win 7 was installed) it also find some virus there and remove them. But when I try to login into this Win 7 it ask password and when I enter password it immediately logoff to back password screen. So I try to boot in safe mode but after entering password it shows only blank black screen with mouse pointer in middle, but I can run task manager, so I try to run

exloprer.exe then it show

 

Problem Event Name: APPCRASH

Application Name: Explorer.EXE

Fault Module Name: ntdll.dll

 

Please help me to solve this problem.

For any clarification please ask me.

Link to post
Share on other sites

Welcome to the forum.

Can you run this scan on the drive in question.....

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
      • Startup Repair

        System Restore

        Windows Complete PC Restore

        Windows Memory Diagnostic Tool

        Command Prompt

        Select Command Prompt

        Once in the Command Prompt:

    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC
Link to post
Share on other sites

Here is FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013

Ran by Sam (administrator) on 07-07-2013 20:23:00

Running from I:\

Windows 7 Ultimate (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Safe Mode (minimal)

 

==================== Could not list processes ===============

 

==================== Registry (Whitelisted) ==================

 

HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [144384 2009-07-14] (Microsoft Corporation)

MountPoints2: {a9b9a26e-849f-11e0-aadb-c012801d3f1d} - I:\Setup.exe

MountPoints2: {b4d3c7b8-3ac6-11e0-8d28-bd5678ea3359} - I:\mvxm.cmd

HKU\Administrator\...\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe [x]

HKU\Classic .NET AppPool\...\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe [x]

HKU\Default\...\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe [x]

HKU\Sam\...\Run: [WordWeb] "F:\Program Files\WordWeb\wweb32.exe" -startup [ 2009-11-08] (WordWeb Software)

HKU\Sam\...\Run: [Google Update] "F:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2012-04-21] (Google Inc.)

HKU\Sam\...\Run: [KiesHelper] F:\Program Files\Samsung\Kies\KiesHelper.exe /s [x]

HKU\Sam\...\Run: [KiesPreload] F:\Program Files\Samsung\Kies\Kies.exe /preload [ 2012-12-20] (Samsung)

HKU\Sam\...\Run: [KiesAirMessage] F:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [x]

HKU\Sam\...\Run: [] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]

HKU\Test\...\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe [x]

Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/

HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~4\Office12\GR469A~1.DLL No File

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre7\bin\ssv.dll No File

BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\FProgram Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll No File

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre7\bin\jp2ssv.dll No File

BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - F:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll No File

Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~4\Office12\GRA32A~1.DLL No File

Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - F:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL No File

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\PROGRA~1\MICROS~4\Office12\GR469A~1.DLL No File [ ]

Winsock: Catalog5 08 F:\Program Files\Bonjour\mdnsNSP.dll File Not found ()

Winsock: Catalog9 000000000100 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000101 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000102 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000103 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000104 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000105 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000106 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000107 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Winsock: Catalog9 000000000108 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)

Tcpip\..\Interfaces\{79FDEF57-1268-4BD3-B81F-22CFE3A91CE6}: [NameServer]192.168.1.1,8.8.8.8

 

========================== Services (Whitelisted) =================

 

S4 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [308224 2009-07-14] (Microsoft Corporation)

S4 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2009-07-14] (Microsoft Corporation)

S4 Microsoft Office Groove Audit Service; F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)

S4 odserv; F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)

S4 ose; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)

S3 AdobeFlashPlayerUpdateSvc; F:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 Apple Mobile Device; "F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [x]

S2 ATService; F:\Program Files\Fingerprint Sensor\AtService.exe [x]

S2 Bonjour Service; "F:\Program Files\Bonjour\mDNSResponder.exe" [x]

S2 clr_optimization_v4.0.30319_32; F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]

S2 DynDNS Updater; F:\Program Files\DynDNS Updater\DynUpSvc.exe [x]

S3 fussvc; "F:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe" [x]

S3 iPod Service; "F:\Program Files\iPod\bin\iPodService.exe" [x]

S3 MozillaMaintenance; "F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [x]

S2 MsDtsServer100; "F:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [x]

S2 MSSQL$SQLEXPRESS; "F:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]

S3 MSSQLFDLauncher; "F:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.MSSQLSERVER [x]

S2 MSSQLSERVER; "F:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [x]

S4 MSSQLServerADHelper; "F:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]

S4 MSSQLServerADHelper100; "F:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]

S2 MSSQLServerOLAPService; "F:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "F:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Config" [x]

S4 msvsmon90; "F:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 [x]

S4 NAUpdate; "F:\Program Files\Nero\Update\NASvc.exe" [x]

S4 NetMsmqActivator; "F:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]

S2 NetPipeActivator; F:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]

S2 NetTcpActivator; F:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]

S3 NetTcpPortSharing; F:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]

S4 OracleJobSchedulerXE; f:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [x]

S3 OracleMTSRecoveryService; F:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe "OracleMTSRecoveryService" [x]

S2 OracleServiceXE; f:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [x]

S3 OracleXEClrAgent; F:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 [x]

S2 OracleXETNSListener; F:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [x]

S4 Pml Driver HPZ12; F:\Windows\system32\HPZipm12.dll [x]

S2 ReportServer; "F:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [x]

S3 ServiceLayer; "F:\Program Files\PC Connectivity Solution\ServiceLayer.exe" [x]

S4 SQLBrowser; "F:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]

S3 SQLSERVERAGENT; "F:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [x]

S2 SQLWriter; "F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

S3 Te.Service; "F:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe" [x]

 

==================== Drivers (Whitelisted) ====================

 

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)

S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)

S1 ISODrive; F:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)

S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [28672 2008-12-02] (http://libusb-win32.sourceforge.net)

S3 pnetmdm; C:\Windows\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology)

S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)

S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181432 2012-02-24] (DEVGURU Co., LTD.(www.devguru.co.kr))

S2 int15; \??\F:\Windows\system32\drivers\int15.sys [x]

S3 VSPerfDrv100; \??\F:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [x]

S3 VSPerfDrv110; \??\C:\FProgram Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-07-07 18:02 - 2013-07-07 18:02 - 00000020 __ASH C:\Users\Test\ntuser.ini

2013-07-07 18:02 - 2013-07-07 18:02 - 00000000 ____D C:\users\Test

2013-07-04 05:20 - 2013-07-04 05:20 - 00000440 _RASH C:\Users\Administrator\ntuser.pol

2013-07-04 04:16 - 2013-07-04 03:03 - 123444992 ____A C:\cureit.exe

2013-07-04 04:09 - 2013-07-02 03:30 - 10285040 ____A (Malwarebytes Corporation) C:\Users\Sam\Desktop\mbam-setup-1.75.0.1300.exe

2013-07-04 04:03 - 2013-07-04 04:03 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-07-04 04:03 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-07-04 03:54 - 2013-07-04 05:29 - 00000000 ____D C:\users\Administrator

2013-07-04 03:54 - 2013-07-04 03:54 - 00000020 ___SH C:\Users\Administrator\ntuser.ini

2013-07-04 01:51 - 2009-07-14 06:44 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\userinit.exe

2013-07-04 01:47 - 2009-07-14 06:44 - 02613248 ____A (Microsoft Corporation) C:\Windows\explorer.exe

2013-07-01 22:47 - 2013-07-01 21:41 - 00059392 __RSH C:\Users\Sam\Downloads\lpk.dll

2013-06-16 13:38 - 2013-06-16 13:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump

 

==================== One Month Modified Files and Folders ========

 

2013-07-07 18:02 - 2013-07-07 18:02 - 00000020 __ASH C:\Users\Test\ntuser.ini

2013-07-07 18:02 - 2013-07-07 18:02 - 00000000 ____D C:\users\Test

2013-07-04 06:27 - 2009-07-14 10:04 - 00018768 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-04 06:27 - 2009-07-14 10:04 - 00018768 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-04 06:23 - 2012-03-06 01:14 - 00000440 _RASH C:\ProgramData\ntuser.pol

2013-07-04 05:43 - 2012-03-30 02:26 - 00000000 ____D C:\Windows\pss

2013-07-04 05:33 - 2010-06-19 09:24 - 01487798 ____A C:\Windows\WindowsUpdate.log

2013-07-04 05:33 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\System32\inetsrv

2013-07-04 05:29 - 2013-07-04 03:54 - 00000000 ____D C:\users\Administrator

2013-07-04 05:27 - 2012-10-04 00:43 - 00000484 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job

2013-07-04 05:27 - 2011-03-19 17:33 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118053540-1150925154-1053409081-1000UA.job

2013-07-04 05:24 - 2010-06-18 21:06 - 01073962 ____A C:\Windows\System32\PerfStringBackup.INI

2013-07-04 05:20 - 2013-07-04 05:20 - 00000440 _RASH C:\Users\Administrator\ntuser.pol

2013-07-04 05:19 - 2010-08-09 01:35 - 00334208 ____A C:\Windows\PFRO.log

2013-07-04 05:19 - 2009-07-14 10:23 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-07-04 05:19 - 2009-07-14 10:09 - 00007753 ____A C:\Windows\setupact.log

2013-07-04 04:03 - 2013-07-04 04:03 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-07-04 03:54 - 2013-07-04 03:54 - 00000020 ___SH C:\Users\Administrator\ntuser.ini

2013-07-04 03:03 - 2013-07-04 04:16 - 123444992 ____A C:\cureit.exe

2013-07-02 23:54 - 2009-07-14 13:19 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents

2013-07-02 23:54 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\System32\com

2013-07-02 23:54 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\Microsoft.NET

2013-07-02 23:00 - 2010-12-28 16:12 - 00000000 ____D C:\Program Files\Common Files\AuthenTec

2013-07-02 20:59 - 2009-07-14 10:03 - 00407712 ____A C:\Windows\System32\FNTCACHE.DAT

2013-07-02 03:30 - 2013-07-04 04:09 - 10285040 ____A (Malwarebytes Corporation) C:\Users\Sam\Desktop\mbam-setup-1.75.0.1300.exe

2013-07-01 22:38 - 2012-09-17 17:54 - 00000000 ____D C:\Users\Sam\Desktop\MS Certification

2013-07-01 22:35 - 2011-01-26 17:30 - 00000000 ____D C:\Users\Sam\Desktop\AnVir.Task.Manager.v.6.2_the-vault.org

2013-07-01 22:25 - 2010-12-14 17:45 - 00000000 __HDC C:\ProgramData\{F4C27F8E-1446-47B9-886D-53BE81CD9CC4}

2013-07-01 22:23 - 2010-06-18 21:05 - 00000000 ____D C:\Program Files\WinRAR

2013-07-01 22:23 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\Windows Sidebar

2013-07-01 22:22 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2013-07-01 22:19 - 2012-09-13 18:38 - 00000000 ____D C:\Program Files\SelfTest

2013-07-01 22:19 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-01 22:19 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\Windows Defender

2013-07-01 22:15 - 2011-12-29 06:19 - 00000000 ____D C:\Program Files\QuickTime

2013-07-01 22:15 - 2011-11-01 20:23 - 00000000 ____D C:\Program Files\QS

2013-07-01 22:15 - 2010-07-24 14:42 - 00000000 ____D C:\Program Files\PC Connectivity Solution

2013-07-01 22:12 - 2013-05-24 05:04 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-07-01 22:12 - 2012-10-12 02:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-07-01 22:05 - 2010-11-30 04:36 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2008 R2 Upgrade Advisor

2013-07-01 22:01 - 2012-10-07 20:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-01 21:55 - 2012-10-22 21:20 - 00000000 ____D C:\Program Files\IIS Express

2013-07-01 21:54 - 2010-09-07 16:20 - 00000000 ____D C:\Program Files\Common Files\Merge Modules

2013-07-01 21:54 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\DVD Maker

2013-07-01 21:53 - 2012-01-30 16:20 - 00000000 ____D C:\PFW

2013-07-01 21:53 - 2011-12-29 06:19 - 00000000 ____D C:\Program Files\Apple Software Update

2013-07-01 21:53 - 2011-12-29 06:18 - 00000000 ____D C:\Program Files\Bonjour

2013-07-01 21:53 - 2011-01-26 17:50 - 00000000 ____D C:\Program Files\AnVir Task Manager Pro

2013-07-01 21:49 - 2009-12-01 00:09 - 00000000 __HDC C:\Desktop Data

2013-07-01 21:41 - 2013-07-01 22:47 - 00059392 __RSH C:\Users\Sam\Downloads\lpk.dll

2013-06-23 21:27 - 2011-03-19 17:33 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2118053540-1150925154-1053409081-1000Core.job

2013-06-23 21:15 - 2013-02-03 03:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-23 20:12 - 2011-05-08 01:47 - 00000000 ____D C:\Users\Sam\AppData\Roaming\vlc

2013-06-23 18:31 - 2011-03-19 17:37 - 00002415 ____A C:\Users\Sam\Desktop\Google Chrome.lnk

2013-06-23 18:15 - 2012-05-17 01:12 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-06-23 18:15 - 2011-07-12 19:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-06-16 15:49 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\System32\NDF

2013-06-16 13:38 - 2013-06-16 13:38 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2013-06-16 13:04 - 2012-04-13 22:44 - 00000000 ____D C:\Users\Sam\Documents\SelfMV

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-06-23 19:29

 

==================== End Of Log ============================

Link to post
Share on other sites

Not much showing, lets try this:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now , MrC

Link to post
Share on other sites

Hi MrCharlie

 

Here is fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-07-2013

Ran by SYSTEM at 2013-07-08 00:07:10 Run:3

Running from G:\

Boot Mode: Recovery

 

==============================================

 

DEFAULT hive was successfully copied to System32\config\HiveBackup

DEFAULT hive was successfully restored from registry back up.

SAM hive was successfully copied to System32\config\HiveBackup

SAM hive was successfully restored from registry back up.

SECURITY hive was successfully copied to System32\config\HiveBackup

SECURITY hive was successfully restored from registry back up.

SOFTWARE hive was successfully copied to System32\config\HiveBackup

SOFTWARE hive was successfully restored from registry back up.

SYSTEM hive was successfully copied to System32\config\HiveBackup

SYSTEM hive was successfully restored from registry back up.

 

==== End of Fixlog ====

 

 

After applying fixlist when I try to boot into safe mode password screen come and I enter password it showed error message

 

Userinit.exe – Entry Point Not Found

The procedure entry point DwmHintDxUpdate could not be located in the dynamic link library USER32.DLL

 

When I click OK button blank black screen displayed with mouse pointer. Then I run Task Manager and try to run control.exe it give following error message

 

::{26EE0668 – A00A – 44D7 – 9371 – BEB064C98683}\0

No such interface supported

 

Before applying this fixlist I was able to run control.exe

 

Can I undo this fixlist ?

Link to post
Share on other sites

Yes we can but this is a copy of the registry the last time Windows booted successfully, I think we should keep it until we run out if options.
Have you tried StartupRepair:

http://pcsupport.about.com/od/toolsofthetrade/ss/windows-7-startup-repair.htm

If no luck there:

Rescan with FRST (uncheck all the whitelist boxes) and also add Listparts to the usb flash drive:
Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes

Need the 2 logs....MrC

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

To undo what we did:
 
Please download the attached  fixlist.txt and copy it to your flashdrive.
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)
 
Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 
MrC
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.