Jump to content

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014

Ran by SYSTEM on MININT-LHHVNQB on 22-01-2014 20:19:02

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

 

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)

HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)

HKLM\...\Run: [C:\Windows\system32\V0740Ext.ax] - C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0740Ext.ax

HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-03] (CANON INC.)

HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-08-12] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI)

HKLM-x32\...\Run: [HPHUPD05] - C:\Program Files (x86)\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [49152 2003-05-22] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Component Manager] - C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe [212992 2003-04-08] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd.exe [49152 2002-12-17] ()

HKLM-x32\...\Run: [HPHmon05] - C:\Windows\SysWOW64\hphmon05.exe [483328 2003-05-22] (Hewlett-Packard)

HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [selectRebates] - C:\Program Files (x86)\SelectRebates\SelectRebates.exe [886752 2010-11-01] ()

HKLM-x32\...\Run: [V0740Mon.exe] - C:\Windows\V0740Mon.exe [28672 2011-02-28] (Creative Technology Ltd.)

HKLM-x32\...\Run: [C:\Windows\SysWOW64\V0740Ext.ax] - C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0740Ext.ax

HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)

HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-11-30] (RealNetworks, Inc.)

HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)

HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()

HKLM\...\RunOnce: [*Restore] - C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-20] (Microsoft Corporation)

HKLM\...\Winlogon: [userinit] c:\windows\system32\userinit.exe,C:\ProgramData\MPK\mpk.exe

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()

HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()

HKU\Kevin\...\Run: [Java Platform SE Auto Updater 3 0] - C:\Users\Kevin\AppData\Roaming\Java\jre7\lib\jusched.exe [5033660 2005-05-15] ()

HKU\Kevin\...\Run: [jusched.exe] - C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jusched.exe [5033660 2006-06-04] ()

HKU\Kevin\...\Run: [Windows Update] - C:\Users\Kevin\AppData\Local\Microsoft\svchost.exe [1091062 2012-09-11] ()

HKU\Kevin\...\Run: [Adobe Flash Updater] - C:\Users\Kevin\AppData\Roaming\Adobe\Adobe Flash Updater.exe [116967 2012-10-03] ()

HKU\Kevin\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\Kevin\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\Kevin\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\oovoo.exe [36125760 2013-12-18] (ooVoo LLC)

HKU\Kevin\...\CurrentVersion\Windows: [Load] C:\Users\Kevin\cerKB.exe <===== ATTENTION

Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jusched.exe ()

Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)

 

==================== Services (Whitelisted) =================

 

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()

S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)

S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-26] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)

S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)

S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)

S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4770728 2011-09-05] (INCA Internet Co., Ltd.)

S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-08-16] ()

S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

S2 uagqecsvc; C:\Users\Kevin\IAG Remote Access Agent\jranuscourtsgov\notes1\uagqecsvc.exe [149904 2011-06-16] (Microsoft ® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)

S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)

S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)

S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)

S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)

S3 V0740Vid; C:\Windows\System32\DRIVERS\V0740Vid.sys [397600 2011-02-28] (Creative Technology Ltd.)

S3 cpuz132; \??\C:\Users\Kevin\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

S3 X6va003; \??\C:\Users\Kevin\AppData\Local\Temp\003DBDE.tmp [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-22 20:18 - 2014-01-22 20:18 - 00000000 ____D C:\FRST

2014-01-21 06:49 - 2014-01-21 06:49 - 00003416 ____N C:\bootsqm.dat

2014-01-16 17:01 - 2014-01-16 17:01 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\AdamOutler

2014-01-16 14:11 - 2014-01-16 14:11 - 00000000 ____D C:\Program Files\SAMSUNG

2014-01-16 14:10 - 2014-01-16 14:10 - 00000000 ____D C:\ProgramData\Samsung

2014-01-16 14:09 - 2014-01-16 14:23 - 00000000 ____D C:\Program Files (x86)\Kingo Android ROOT

2014-01-16 14:09 - 2014-01-16 14:09 - 00000000 ____D C:\Users\Kevin\Documents\wmshua

2014-01-16 14:09 - 2014-01-16 14:09 - 00000000 ____D C:\Users\Kevin\AppData\Local\ZJMedia

2014-01-16 12:45 - 2014-01-16 12:45 - 00032303 _____ C:\Users\Kevin\Desktop\New Text Document.txt

2014-01-15 11:54 - 2014-01-15 11:54 - 00002579 _____ C:\Users\Public\Desktop\bvhacker.lnk

2014-01-15 11:54 - 2014-01-15 11:54 - 00000000 ____D C:\Program Files (x86)\bvhacker

2014-01-15 11:52 - 2014-01-15 11:52 - 00003260 _____ C:\Windows\System32\Tasks\{B280473B-126C-4D96-856B-CDB6F8E71AC0}

2014-01-14 08:25 - 2014-01-14 08:25 - 00019761 _____ C:\Users\Kevin\Downloads\Save 2.rar

2014-01-14 03:25 - 2014-01-14 16:48 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2496652212-1651206510-2742426596-1001

2014-01-13 07:16 - 2014-01-14 16:48 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2496652212-1651206510-2742426596-1001

2014-01-13 07:13 - 2014-01-21 19:29 - 00001250 _____ C:\Windows\PFRO.log

2014-01-11 22:31 - 2014-01-13 22:11 - 00016234 _____ C:\Windows\IE11_main.log

2014-01-11 07:11 - 2014-01-21 17:54 - 00001456 _____ C:\Windows\setupact.log

2014-01-11 07:11 - 2014-01-11 07:11 - 00000000 _____ C:\Windows\setuperr.log

2014-01-06 11:12 - 2014-01-06 11:12 - 06013024 _____ (Nota Inc.                                                   ) C:\Users\Kevin\Downloads\GyazoSetup.exe

2014-01-04 20:37 - 2014-01-04 20:37 - 00000000 ____D C:\Users\Kevin\Desktop\r-shirts

2014-01-03 09:33 - 2014-01-03 09:33 - 18257544 _____ (BreakPoint Software) C:\Users\Kevin\Downloads\hw_v673.exe

2014-01-02 14:53 - 2014-01-02 14:53 - 00049958 _____ C:\Users\Kevin\Downloads\TS010378272.dotx

2014-01-02 08:21 - 2014-01-02 08:27 - 00000000 ____D C:\Users\Kevin\AppData\Local\SingularityViewer64

2013-12-29 19:18 - 2013-12-29 19:18 - 00001824 _____ C:\Users\Public\Desktop\ooVoo.lnk

2013-12-29 19:18 - 2013-12-29 19:18 - 00000000 ____D C:\Program Files (x86)\ooVoo

2013-12-27 10:55 - 2013-12-27 10:56 - 00000000 ____D C:\Users\Kevin\AppData\Local\{A5813D00-CDA0-46FB-ADF7-DDEDB7F6AAFE}

2013-12-27 10:44 - 2013-12-27 10:44 - 01309289 _____ C:\Users\Kevin\Desktop\Fingerprints.jpeg

2013-12-27 10:31 - 2013-12-27 10:31 - 00000000 ____D C:\ProgramData\CanonIJ

2013-12-26 10:06 - 2013-12-26 10:06 - 00469547 _____ C:\Users\Kevin\Downloads\Normal Save.zip

 

==================== One Month Modified Files and Folders =======

 

2014-01-22 20:18 - 2014-01-22 20:18 - 00000000 ____D C:\FRST

2014-01-21 19:39 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-21 19:29 - 2014-01-13 07:13 - 00001250 _____ C:\Windows\PFRO.log

2014-01-21 17:54 - 2014-01-11 07:11 - 00001456 _____ C:\Windows\setupact.log

2014-01-21 17:54 - 2013-06-07 16:17 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

2014-01-21 17:54 - 2013-06-04 18:02 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2014-01-21 17:54 - 2010-02-20 12:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-21 17:54 - 2010-02-20 11:53 - 00000000 ____D C:\users\Kevin

2014-01-21 17:52 - 2013-10-31 14:12 - 00000000 ____D C:\hack

2014-01-21 17:52 - 2012-11-01 15:11 - 00000000 ____D C:\usb_driver

2014-01-21 17:52 - 2012-04-07 16:09 - 00000000 ____D C:\Program Files (x86)\SelectRebates

2014-01-21 17:52 - 2011-12-24 12:38 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2014-01-21 17:52 - 2011-03-16 11:27 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype

2014-01-21 17:52 - 2011-02-14 14:11 - 00000000 ____D C:\Users\Kevin\Documents\Jamaal

2014-01-21 17:52 - 2011-02-12 18:19 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\SoftGrid Client

2014-01-21 17:52 - 2010-02-21 12:33 - 00000000 ____D C:\ProgramData\CinemaNow

2014-01-21 17:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2014-01-21 17:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2014-01-21 17:51 - 2011-04-21 20:33 - 00000000 ____D C:\Program Files (x86)\McAfee

2014-01-21 17:51 - 2010-10-25 19:50 - 00000000 ____D C:\Program Files (x86)\Java

2014-01-21 17:51 - 2010-03-06 20:28 - 00000000 ____D C:\ProgramData\Real

2014-01-21 09:23 - 2012-02-07 13:30 - 00280064 ___SH C:\Users\Kevin\Desktop\Thumbs.db

2014-01-21 06:49 - 2014-01-21 06:49 - 00003416 ____N C:\bootsqm.dat

2014-01-20 13:59 - 2013-08-29 10:00 - 00000000 ____D C:\Users\Kevin\AppData\Local\Darkstorm

2014-01-20 04:47 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-20 04:47 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-20 04:42 - 2010-02-20 12:18 - 00000000 ____D C:\Users\Kevin\AppData\Local\Adobe

2014-01-19 17:03 - 2013-11-27 07:04 - 00000000 ____D C:\Users\Kevin\Documents\Mixcraft Projects

2014-01-19 08:14 - 2013-09-27 16:44 - 00000000 ____D C:\Users\Kevin\Desktop\RAMONA

2014-01-16 17:03 - 2011-03-05 14:09 - 00356864 ___SH C:\Users\Kevin\Downloads\Thumbs.db

2014-01-16 17:01 - 2014-01-16 17:01 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\AdamOutler

2014-01-16 14:23 - 2014-01-16 14:09 - 00000000 ____D C:\Program Files (x86)\Kingo Android ROOT

2014-01-16 14:11 - 2014-01-16 14:11 - 00000000 ____D C:\Program Files\SAMSUNG

2014-01-16 14:10 - 2014-01-16 14:10 - 00000000 ____D C:\ProgramData\Samsung

2014-01-16 14:09 - 2014-01-16 14:09 - 00000000 ____D C:\Users\Kevin\Documents\wmshua

2014-01-16 14:09 - 2014-01-16 14:09 - 00000000 ____D C:\Users\Kevin\AppData\Local\ZJMedia

2014-01-16 12:45 - 2014-01-16 12:45 - 00032303 _____ C:\Users\Kevin\Desktop\New Text Document.txt

2014-01-16 12:31 - 2013-10-20 06:44 - 00000000 ____D C:\ProgramData\Oracle

2014-01-15 22:49 - 2013-08-15 19:26 - 00000000 ____D C:\Windows\System32\MRT

2014-01-15 22:45 - 2012-09-13 02:18 - 01895767 _____ C:\Windows\WindowsUpdate.log

2014-01-15 22:44 - 2010-02-20 12:36 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-15 22:19 - 2012-04-01 19:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-15 19:08 - 2010-02-20 11:54 - 00132368 _____ C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT

2014-01-15 15:30 - 2009-07-13 21:13 - 00793844 _____ C:\Windows\System32\PerfStringBackup.INI

2014-01-15 11:54 - 2014-01-15 11:54 - 00002579 _____ C:\Users\Public\Desktop\bvhacker.lnk

2014-01-15 11:54 - 2014-01-15 11:54 - 00000000 ____D C:\Program Files (x86)\bvhacker

2014-01-15 11:52 - 2014-01-15 11:52 - 00003260 _____ C:\Windows\System32\Tasks\{B280473B-126C-4D96-856B-CDB6F8E71AC0}

2014-01-15 08:50 - 2010-02-20 17:00 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8723F58D-67D2-4BA3-89A6-95891DC29365}

2014-01-14 16:48 - 2014-01-14 03:25 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2496652212-1651206510-2742426596-1001

2014-01-14 16:48 - 2014-01-13 07:16 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2496652212-1651206510-2742426596-1001

2014-01-14 14:27 - 2010-03-07 09:52 - 00000000 ____D C:\ProgramData\CanonIJPLM

2014-01-14 08:25 - 2014-01-14 08:25 - 00019761 _____ C:\Users\Kevin\Downloads\Save 2.rar

2014-01-13 22:11 - 2014-01-11 22:31 - 00016234 _____ C:\Windows\IE11_main.log

2014-01-12 19:17 - 2011-04-21 20:33 - 00000000 ____D C:\Program Files\Common Files\McAfee

2014-01-12 19:02 - 2009-07-13 21:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-11 07:11 - 2014-01-11 07:11 - 00000000 _____ C:\Windows\setuperr.log

2014-01-10 09:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2014-01-08 07:08 - 2013-10-29 09:42 - 00000000 ____D C:\Program Files (x86)\Modio

2014-01-06 11:12 - 2014-01-06 11:12 - 06013024 _____ (Nota Inc.                                                   ) C:\Users\Kevin\Downloads\GyazoSetup.exe

2014-01-05 05:07 - 2010-06-26 04:28 - 00000000 ____D C:\Users\Kevin\Documents\Kevin

2014-01-04 20:37 - 2014-01-04 20:37 - 00000000 ____D C:\Users\Kevin\Desktop\r-shirts

2014-01-03 13:31 - 2009-10-27 08:59 - 00000000 ____D C:\ProgramData\Microsoft Help

2014-01-03 09:35 - 2011-02-09 12:02 - 00000000 ____D C:\Program Files\BreakPoint Software

2014-01-03 09:33 - 2014-01-03 09:33 - 18257544 _____ (BreakPoint Software) C:\Users\Kevin\Downloads\hw_v673.exe

2014-01-03 09:33 - 2012-07-13 07:07 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\BreakPoint Software

2014-01-02 14:53 - 2014-01-02 14:53 - 00049958 _____ C:\Users\Kevin\Downloads\TS010378272.dotx

2014-01-02 08:27 - 2014-01-02 08:21 - 00000000 ____D C:\Users\Kevin\AppData\Local\SingularityViewer64

2013-12-30 09:19 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2013-12-29 19:18 - 2013-12-29 19:18 - 00001824 _____ C:\Users\Public\Desktop\ooVoo.lnk

2013-12-29 19:18 - 2013-12-29 19:18 - 00000000 ____D C:\Program Files (x86)\ooVoo

2013-12-28 06:21 - 2010-02-24 17:04 - 00000000 ____D C:\Windows\Minidump

2013-12-28 06:18 - 2011-04-21 20:23 - 00000000 ____D C:\Program Files (x86)\CCleaner

2013-12-27 10:56 - 2013-12-27 10:55 - 00000000 ____D C:\Users\Kevin\AppData\Local\{A5813D00-CDA0-46FB-ADF7-DDEDB7F6AAFE}

2013-12-27 10:56 - 2010-10-21 19:00 - 00000000 ____D C:\Users\Kevin\AppData\Local\Windows Live

2013-12-27 10:54 - 2012-05-28 07:34 - 00048640 ___SH C:\Users\Kevin\Documents\Thumbs.db

2013-12-27 10:44 - 2013-12-27 10:44 - 01309289 _____ C:\Users\Kevin\Desktop\Fingerprints.jpeg

2013-12-27 10:31 - 2013-12-27 10:31 - 00000000 ____D C:\ProgramData\CanonIJ

2013-12-27 10:30 - 2010-03-07 10:02 - 00000000 ___HD C:\ProgramData\CanonIJScan

2013-12-27 10:30 - 2010-03-07 10:02 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Canon

2013-12-26 10:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports

2013-12-26 10:06 - 2013-12-26 10:06 - 00469547 _____ C:\Users\Kevin\Downloads\Normal Save.zip

2013-12-25 12:48 - 2010-02-20 14:34 - 00000000 ____D C:\Users\Kevin\AppData\Local\Apple Computer

 

Some content of TEMP:

====================

C:\Users\Kevin\AppData\Local\Temp\file2.exe

C:\Users\Kevin\AppData\Local\Temp\SkypeSetup.exe

 

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

Restore point made on: 2014-01-10 22:31:07

Restore point made on: 2014-01-11 22:30:41

Restore point made on: 2014-01-12 17:09:11

Restore point made on: 2014-01-12 20:47:35

Restore point made on: 2014-01-13 22:09:20

Restore point made on: 2014-01-15 11:53:29

Restore point made on: 2014-01-15 22:45:53

Restore point made on: 2014-01-16 12:26:10

Restore point made on: 2014-01-16 17:18:14

 

==================== Memory info =========================== 

 

Percentage of memory in use: 18%

Total physical RAM: 4061.18 MB

Available physical RAM: 3290.58 MB

Total Pagefile: 4059.32 MB

Available Pagefile: 3277.9 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

 

==================== Drives ================================

 

Drive c: (Gateway) (Fixed) (Total:684.87 GB) (Free:515.78 GB) NTFS

Drive e: (PQSERVICE) (Fixed) (Total:13.67 GB) (Free:3.74 GB) NTFS

Drive g: () (Removable) (Total:29.15 GB) (Free:29.15 GB) FAT32

Drive h: (New Volume) (Fixed) (Total:465.6 GB) (Free:17.23 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 622FEE93)

Partition 1: (Not Active) - (Size=14 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=685 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 29 GB) (Disk ID: 73696D20)

No partition Table on disk 1.

 

========================================================

Disk: 2 (Size: 466 GB) (Disk ID: D16DD291)

 

Partition: GPT Partition Type

 

LastRegBack: 2014-01-10 10:08

 

==================== End Of Log ============================

FRST.txt

Link to post
Share on other sites

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

If not...rescan with FRST and post the new log

MrC

Link to post
Share on other sites

Ok it says "A hard disk problem is preventing Windows from starting...." It goes on to say " contact your system admin or computer manufacturer to determine if you need to repair or replace the disk." While running the repair it said it could not fix the problem automatically.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.