Jump to content

Malwarebytes consistently crashing during full scan


Recommended Posts

Hi, I was wondering if anybody here could help me solve my laptop's issues. I am pretty sure it is severely infected and I am desperate to remove all of the viruses/malware/adware etc.

It runs very slow, startup takes a long time and operation by normal methods is effectively non-existent. It is just far too slow to run any programmes by conventional methods.

I came across a few suggestions online recommending Hiren's BOOTCD which I used in Mini XP mode. The Malwarebytes software on the USB drive (I used a USB stick rather than a CD/DVD) keeps crashing during a full scan; the quick scan I performed went through with no problems l.

I also downloaded Combofix on the booted version of XP, which detected the presence of a rootkit.

Help would be much appreciated!!

 

 

Link to post
Share on other sites

Hello AA23 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply...

Thank you,

Kevin...
Link to post
Share on other sites

Hi Kevin. Many thanks for the prompt reply.

Before I begin, I'm going to say I'm booting my laptop from HirensBootCD (mini Windows XP) because the laptop does not load well enough to use it via the conventional start-up procedure.

Is that fine?

Link to post
Share on other sites

I must sound like a giant pain in the ass Kevin but I downloaded FRST (from Bleepingcomputer) and alongside being in another language, there is no option for addition.txt.

I reiterate I am using my laptop via Mini Windows XP on Hiren's BOOTCD as it will not startup properly.

Link to post
Share on other sites

Please ignore the last post. Here is the FRST log:

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x86) Versie: 11-08-2016 01
Gestart door SYSTEM op MiniXP-468 (12-08-2016 23:43:56)
Gestart vanaf X:\Documents and Settings\Default User\Desktop
Platform: Windows 10 Pro Versie 1511 (X86) Taal: English (United States)
Internet Explorer Versie 11
Boot Modus: Recovery
Standaard: ControlSet001
AANDACHT!:=====> Als het systeem kan opstarten, , moet FRST worden uitgevoerd in normaal of Veilige Modus om een compleet log te maken.


AANDACHT!:=====> HET BESTURINGSSYSTEEM IS EEN X64-SYSTEEM MAAR DE BOOT-SCHIJF DIE WORDT GEBRUIKT OM OP TE STARTEN VANAF RECOVERY ENVIRONMENT IS EEN X86-SYSTEEM SCHIJF.
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Register (gefilterd) ===========================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKU\Default\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-10-30] (Microsoft Corporation)
HKU\Default User\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-10-30] (Microsoft Corporation)
HKU\DefaultAppPool\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-10-30] (Microsoft Corporation)
HKU\User\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1125192 2016-06-23] (Google Inc.)
HKU\User\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2022688 2016-04-26] (IObit)

==================== Services (gefilterd) ========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-01] (Microsoft Corporation)
S3 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [57856 2015-10-30] ()
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [43696 2015-10-24] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-27] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-27] (Google Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [135848 2015-10-30] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [150600 2016-05-27] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2015-10-30] (Microsoft Corporation)
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3337728 2016-07-01] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
S2 XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [410624 2006-11-27] (Conexant Systems, Inc.)

===================== Drivers (gefilterd) ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [531296 2015-10-30] (Broadcom Corporation)
S3 CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [300032 2006-12-21] (Conexant Systems, Inc.)
S0 cm_km; C:\Windows\System32\drivers\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 e1express; C:\Windows\System32\drivers\e1e6032e.sys [300544 2015-10-30] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-10-30] (QLogic Corporation)
S3 HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [1511936 2006-12-21] (Conexant Systems, Inc.)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [38128 2015-10-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [113152 2015-10-30] (Intel Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-10-30] (Mellanox)
S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [6192640 2012-03-23] (Intel Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [26112 2015-10-30] (Microsoft Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-10-30] (Mellanox)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-10-30] (Mellanox)
S3 NETwLv64; C:\Windows\System32\drivers\NETwLv64.sys [7533568 2016-02-01] (Intel Corporation)
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [930656 2015-10-30] (Microsoft Corporation)
S2 rismxdp; C:\Windows\System32\drivers\rixdpx64.sys [55296 2006-11-18] (REDC)
S3 vpci; C:\Windows\System32\drivers\vpci.sys [74080 2015-10-30] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [731648 2006-12-21] (Conexant Systems, Inc.)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-10-30] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-10-30] (Mellanox)
S2 XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [9728 2006-11-27] (Conexant Systems, Inc.)

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een Maand Gemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2016-08-12 00:36 - 2016-08-12 00:36 - 00000000 ____D C:\FRST
2016-08-11 03:03 - 2016-08-11 03:03 - 00000000 ___HD C:\$Windows.~BT
2016-08-11 03:02 - 2016-08-11 03:04 - 00000000 ___HD C:\$SysReset
2016-08-11 00:03 - 2016-08-11 00:03 - 00000836 _____ C:\AdwCleaner[S2].txt
2016-08-10 23:51 - 2016-08-10 23:51 - 00791393 _____ (Lars Hederer ) C:\erunt-setup.exe
2016-08-10 23:50 - 2016-08-10 23:50 - 02030536 _____ (Bleeping Computer, LLC) C:\rkill.exe
2016-08-10 23:49 - 2016-08-10 23:49 - 02870984 _____ (ESET) C:\esetsmartinstaller_enu.exe
2016-08-10 23:25 - 2016-08-10 23:25 - 00013024 ____N C:\bootsqm.dat
2016-08-09 21:47 - 2016-08-11 03:44 - 00000000 _____ C:\Recovery.txt
2016-08-06 19:21 - 2016-08-06 19:21 - 00000000 _____ C:\Windows\System32\config\DRIVERS.iodefrag
2016-08-06 19:20 - 2016-08-06 19:20 - 00000000 ____H C:\asc_rdflag
2016-08-06 15:02 - 2016-08-06 15:38 - 00000000 ____D C:\Users\User\Documents\Sound recordings
2016-07-26 21:21 - 2016-07-26 21:21 - 00000000 ____D C:\Windows\en
2016-07-26 21:18 - 2016-07-26 21:18 - 00000000 ____D C:\Windows\PCHEALTH
2016-07-26 21:14 - 2010-06-02 03:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2016-07-26 21:14 - 2010-06-02 03:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2016-07-26 21:14 - 2010-05-26 10:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2016-07-26 21:14 - 2010-05-26 10:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2016-07-26 21:13 - 2009-09-04 16:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2016-07-26 21:13 - 2006-11-29 12:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2016-07-26 21:08 - 2016-07-26 21:23 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live
2016-07-26 21:06 - 2016-07-26 21:07 - 01239752 _____ (Microsoft Corporation) C:\Users\User\Downloads\wlsetup-web.exe
2016-07-26 20:54 - 2016-08-06 19:21 - 00000000 _____ C:\Windows\System32\config\DRIVERS.iodefrag.bak
2016-07-26 03:02 - 2016-07-26 03:02 - 05091328 _____ C:\Windows\System32\config\DRIVERS.iobit
2016-07-14 22:54 - 2016-08-06 19:21 - 81743872 _____ C:\Windows\System32\config\SOFTWARE.iodefrag.bak
2016-07-14 22:54 - 2016-08-06 19:21 - 00270336 _____ C:\Windows\System32\config\DEFAULT.iodefrag.bak
2016-07-14 22:54 - 2016-08-06 19:21 - 00032768 _____ C:\Windows\System32\config\SAM.iodefrag.bak
2016-07-14 22:54 - 2016-08-06 19:21 - 00028672 _____ C:\Windows\System32\config\SECURITY.iodefrag.bak
2016-07-14 22:51 - 2014-10-16 09:27 - 00027424 _____ (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2016-07-14 21:46 - 2016-07-14 21:46 - 00000000 ____D C:\Program Files\CMAK

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2016-08-10 22:12 - 2016-06-26 23:45 - 00000000 ____D C:\users\DefaultAppPool
2016-08-10 14:41 - 2016-06-29 01:21 - 00002236 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-08-07 16:43 - 2016-06-27 08:00 - 00000000 ____D C:\Windows\INF
2016-08-07 16:43 - 2016-06-26 23:52 - 00879220 _____ C:\Windows\System32\PerfStringBackup.INI
2016-08-06 23:13 - 2016-06-27 08:03 - 00000000 ____D C:\Windows\AppReadiness
2016-08-06 16:10 - 2016-06-26 23:51 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2016-08-05 22:27 - 2016-06-27 08:03 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-02 12:45 - 2016-06-27 07:21 - 00524288 ___SH C:\Windows\System32\config\BBI
2016-07-29 17:48 - 2016-06-27 08:03 - 00000000 ____D C:\Windows\System32\NDF
2016-07-27 19:25 - 2016-06-27 16:51 - 00504488 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2016-07-27 14:29 - 2016-06-27 08:03 - 00000000 ____D C:\Windows\rescache
2016-07-26 21:18 - 2016-06-27 08:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-26 03:26 - 2016-06-27 18:41 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-21 00:02 - 2016-06-27 08:28 - 00000000 ____D C:\Windows.old
2016-07-14 21:58 - 2016-02-13 13:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-14 21:47 - 2016-06-27 08:03 - 00000000 ____D C:\Windows\System32\oobe
2016-07-14 21:47 - 2016-06-27 08:03 - 00000000 ____D C:\Windows\System32\appraiser
2016-07-14 21:46 - 2016-06-27 08:03 - 00000000 ___RD C:\Windows\PrintDialog
2016-07-14 21:46 - 2016-06-27 08:03 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-07-14 21:46 - 2016-06-27 08:03 - 00000000 ___RD C:\Windows\DevicesFlow
2016-07-14 21:46 - 2016-06-27 08:03 - 00000000 ____D C:\Windows\Provisioning
2016-07-14 21:46 - 2016-06-27 08:03 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-14 21:46 - 2016-06-27 08:03 - 00000000 ____D C:\Windows\bcastdvr
2016-07-14 21:46 - 2016-06-27 08:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-07-14 21:46 - 2016-06-27 08:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 21:46 - 2016-06-27 08:03 - 00000000 ____D C:\Program Files\Windows Defender
2016-07-14 00:42 - 2016-06-27 07:36 - 00000000 ____D C:\Windows\CbsTemp
2016-07-13 01:12 - 2016-06-27 16:42 - 00000000 ____D C:\Windows\System32\MRT
2016-07-13 01:06 - 2016-06-27 16:42 - 144749672 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Known DLLs (gefilterd) =========================

C:\Windows\System32\_Wow64.dll ONTBREEKT <==== AANDACHT
C:\Windows\System32\_Wow64cpu.dll ONTBREEKT <==== AANDACHT
C:\Windows\System32\_Wow64win.dll ONTBREEKT <==== AANDACHT

==================== Bamital & volsnap =================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\Windows\explorer.exe
[2016-07-12 23:55] - [2016-07-01 04:33] - 4515256 ____A (Microsoft Corporation) E396258CFD8F84E8F2C24930E6D88C67

C:\Windows\System32\winlogon.exe
[2016-05-11 19:19] - [2016-04-23 04:18] - 0585728 ____N (Microsoft Corporation) 5C156EC4E44E30331BCC865A3B61D839

C:\Windows\System32\wininit.exe
[2016-05-11 19:18] - [2016-04-23 05:06] - 0291360 ____N (Microsoft Corporation) C1C81AAF533552B3C4D9F11A5FF97700

C:\Windows\System32\svchost.exe
[2015-10-30 07:17] - [2015-10-30 07:17] - 0043944 ____N (Microsoft Corporation) 8497852ED44AFF902D502015792D315D

C:\Windows\System32\services.exe
[2016-02-13 12:54] - [2016-02-13 12:54] - 0440152 ____N (Microsoft Corporation) 6FF8248F3A9D69A095C7F3F42BC29CB2

C:\Windows\System32\User32.dll
[2016-05-11 19:19] - [2016-04-23 05:00] - 1399224 ____N (Microsoft Corporation) F5F7CE3E32536F1A37FB3972F27A814F

C:\Windows\System32\userinit.exe
[2015-10-30 07:17] - [2015-10-30 07:17] - 0030720 ____N (Microsoft Corporation) 8F3ECCB5DC878FA14887B43CD148CBA9

C:\Windows\System32\rpcss.dll
[2015-10-30 07:17] - [2015-10-30 07:17] - 0904704 ____N (Microsoft Corporation) B339861C6A2A86FBCA67C2006B461473

C:\Windows\System32\dnsapi.dll
[2016-05-03 08:13] - [2016-05-03 08:13] - 0686976 ____N (Microsoft Corporation) 9A3E17CDB177913C2A111C80F3D0DBB4

C:\Windows\System32\Drivers\volsnap.sys
[2015-10-30 07:17] - [2015-10-30 07:17] - 0414560 ____N (Microsoft Corporation) E1F91A727A04C9F8199D04FF3BBBF63C


==================== Bestandskoppeling (gefilterd) =============


==================== Herstelpunten =========================


==================== Geheugen info ===========================

Percentage geheugen in gebruik: 22%
Totaal fysiek RAM-geheugen: 2022.23 MB
Beschikbaar fysiek RAM-geheugen: 1558.42 MB
Totaal Virtueel geheugen: 1794.96 MB
Beschikbaar Virtual geheugen: 1149.33 MB

==================== Schijven ================================

Drive b: (RamDrive) (Fixed) (Total:0.53 GB) (Free:0.48 GB) NTFS
Drive c: () (Fixed) (Total:73.99 GB) (Free:45.85 GB) NTFS
Drive d: (HBCD 15_2) (Removable) (Total:1.86 GB) (Free:1.26 GB) FAT32
Drive x: (Mini Xp) (Fixed) (Total:0.23 GB) (Free:0.22 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[systeem met boot componenten (verkregen van schijf)]

==================== MBR & Partitietabel ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 003F8867)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0C)


LastRegBack: 2016-08-06 23:23

==================== Eind van FRST.txt ============================



 

Link to post
Share on other sites

Yes 8 is the month, ok do the following:

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Re-boot and see if your system will start in Normal mode...

fixlist.txt

Link to post
Share on other sites

Fix resultaat van Farbar Recovery Scan Tool (x86) Versie: 11-08-2016 01
Gestart door SYSTEM (2016-08-13 00:58:10) Run:1
Gestart vanaf X:\Documents and Settings\Default User\Desktop
Boot Modus: Recovery

==============================================

fixlist Inhoud:
*****************
Start
LastRegBack: 2016-08-06 23:23
end




*****************

DEFAULT => succesvol gekopieerd naar System32\config\HiveBackup
DEFAULT => met succes hersteld from registry back up
SAM => succesvol gekopieerd naar System32\config\HiveBackup
SAM => met succes hersteld from registry back up
SECURITY => succesvol gekopieerd naar System32\config\HiveBackup
SECURITY => met succes hersteld from registry back up
SOFTWARE => succesvol gekopieerd naar System32\config\HiveBackup
SOFTWARE => met succes hersteld from registry back up
SYSTEM => succesvol gekopieerd naar System32\config\HiveBackup
SYSTEM => met succes hersteld from registry back up

==== Eind van Fixlog 00:58:21 ====
 

Link to post
Share on other sites

I don't want to be a nuisance. I'll call time here. 

Saved fixlist.txt to the desktop on Hiren's BootCD as that is where my FRST log was saved. Was that the right location?

Pressed fix on FRST.

Now restarted. Just waiting to see if it will load in normal mode (black screen atm).

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.