1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Reboot Loop on Windows 7

Discussion in 'Virus & Other Malware Removal' started by askboutme, Feb 13, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. askboutme

    askboutme Thread Starter

    Joined:
    Feb 13, 2013
    Messages:
    2
    I managed to log on through start up and get run frst.exe
    Any help would be appreciated. Thanks

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2013
    Ran by SYSTEM at 13-02-2013 19:20:23
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" [630784 2009-04-13] (Chicony)
    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [273528 2011-10-12] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [618496 2010-06-23] ()
    HKU\Askboutme\...\Run: [DS3 Tool] C:\PROGRA~1\MOTION~1\ds3\DS3_Tool.exe -mini [112400 2011-12-05] (www.motioninjoy.com)
    HKU\Askboutme\...\Run: [cdloader] "C:\Users\Askboutme\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2011-08-23] (magicJack L.P.)
    HKU\Askboutme\...\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [98304 2007-09-04] (NVIDIA)
    HKU\Askboutme\...\Run: [Google Update] "C:\Users\Askboutme\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-03] (Google Inc.)
    HKU\Askboutme\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam\Steam.exe" -silent [1353080 2012-11-11] (Valve Corporation)
    HKU\Askboutme\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
    HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
    Tcpip\..\Interfaces\{07812FC3-9DCF-4B4C-90E7-C96352A51538}: [NameServer]208.67.222.222,208.67.220.220
    Startup: C:\Users\Askboutme\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

    ==================== Services (Whitelisted) ===================

    4 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
    4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2009-09-29] (National Instruments, Inc.)
    4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [43056 2010-03-10] (National Instruments Corporation)
    4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53808 2010-03-10] (National Instruments Corporation)
    4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [366152 2011-08-31] (Malwarebytes Corporation)
    4 NIDomainService; "C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [358448 2010-03-10] (National Instruments Corporation)
    4 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1007616 2010-05-17] (Macrovision Corporation)
    4 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe -s [13896 2009-10-20] (National Instruments Corporation)
    4 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [180224 2007-09-04] (NVIDIA)
    4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)

    ==================== Drivers (Whitelisted) =====================

    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25416 2011-08-31] (Malwarebytes Corporation)
    3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
    3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62424 2008-05-13] (O2Micro )
    3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-10-14] ()
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-09-13] (Duplex Secure Ltd.)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========



    ==================== One Month Modified Files and Folders =======

    2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\FRST
    2013-02-06 21:02 - 2012-08-19 04:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-02-06 21:02 - 2012-04-02 17:47 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2013-02-06 21:02 - 2011-10-31 16:15 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
    2013-02-06 21:02 - 2011-10-12 16:39 - 00000000 ____D C:\Users\All Users\Real
    2013-02-06 21:02 - 2011-09-17 17:50 - 00000000 ____D C:\Program Files\PeerBlock
    2013-02-06 21:02 - 2011-09-13 17:49 - 00000000 ____D C:\Users\Askboutme\AppData\Roaming\vlc
    2013-02-06 21:02 - 2011-09-13 17:35 - 00000000 ____D C:\users\Askboutme
    2013-02-06 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-02-06 21:01 - 2012-04-06 15:18 - 00000000 ____D C:\Users\Askboutme\AppData\Roaming\Skype
    2013-02-06 21:01 - 2011-10-31 16:15 - 00000000 ____D C:\Users\Askboutme\AppData\Roaming\Yahoo!

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-1049736246-843297743-3546994-1000\$e2ea9889b1e702c0c7c9448eff10a0a4

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$e2ea9889b1e702c0c7c9448eff10a0a4

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-11-18 22:52:17
    Restore point made on: 2012-12-23 15:50:28
    Restore point made on: 2013-01-04 15:42:49

    ==================== Memory info ===========================

    Percentage of memory in use: 14%
    Total physical RAM: 4090.87 MB
    Available physical RAM: 3491.93 MB
    Total Pagefile: 4089.02 MB
    Available Pagefile: 3478.3 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:286.27 GB) (Free:135.52 GB) NTFS
    2 Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:2.59 GB) NTFS
    4 Drive g: () (Removable) (Total:7.45 GB) (Free:5.05 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 7633 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 0DA5D0FB

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 11 GB 1024 KB
    Partition 2 Primary 100 MB 11 GB
    Partition 3 Primary 286 GB 11 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E PQSERVICE NTFS Partition 11 GB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 286 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 00000000

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7633 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 7633 MB Healthy

    =========================================================

    Last Boot: 2013-01-04 15:35

    ==================== End Of Log =============================
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Open Notepad and Copy & Paste the contents of the code box below into it. To do this highlight the entire contents of the box, right click on the highlighted area and select Copy then right click in the Notepad window and select Paste. Save it to the flashdrive as fixlist.txt <--- it is very important to spell this name exactly as written here.

    Code:
    start
    TDL4: custom:26000022 <===== ATTENTION!
    end
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Plug the Flash Drive back into the infected PC and enter the System Recovery Options and select the Command Prompt using the same instructions you followed to run the first scan.

    • In the command window type e:\frst.exe (or for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
      NOTE: if you receive an error message "the system cannot find the drive specified" go back into Notepad and check the drive letter for the Flash Drive.
    • When the FRST window opens click on the Fix button just once and wait.
    • The tool will make a log on the flashdrive (Fixlog.txt) please Copy & Paste it into your next reply.


    Let me know if the system will now boot up.
     
  3. askboutme

    askboutme Thread Starter

    Joined:
    Feb 13, 2013
    Messages:
    2
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2013
    Ran by SYSTEM at 2013-02-14 19:53:47 Run:3
    Running from G:\

    ==============================================


    An error occurred while attempting to delete the specified data element.
    Element not found.
    The operation completed successfully.

    ==== End of Fixlog ====
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please run a fresh scan with FRST and post the new log.

    Has there been any change, can the PC now boot into Normal Mode or Safe Mode.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Reboot Loop Windows
  1. Scytrope
    Replies:
    1
    Views:
    417
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089401

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice