Reboot Loop on Windows 7

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

askboutme

Thread Starter
Joined
Feb 13, 2013
Messages
2
I managed to log on through start up and get run frst.exe
Any help would be appreciated. Thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2013
Ran by SYSTEM at 13-02-2013 19:20:23
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" [630784 2009-04-13] (Chicony)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [273528 2011-10-12] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [618496 2010-06-23] ()
HKU\Askboutme\...\Run: [DS3 Tool] C:\PROGRA~1\MOTION~1\ds3\DS3_Tool.exe -mini [112400 2011-12-05] (www.motioninjoy.com)
HKU\Askboutme\...\Run: [cdloader] "C:\Users\Askboutme\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2011-08-23] (magicJack L.P.)
HKU\Askboutme\...\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [98304 2007-09-04] (NVIDIA)
HKU\Askboutme\...\Run: [Google Update] "C:\Users\Askboutme\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-03] (Google Inc.)
HKU\Askboutme\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam\Steam.exe" -silent [1353080 2012-11-11] (Valve Corporation)
HKU\Askboutme\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{07812FC3-9DCF-4B4C-90E7-C96352A51538}: [NameServer]208.67.222.222,208.67.220.220
Startup: C:\Users\Askboutme\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Services (Whitelisted) ===================

4 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2009-09-29] (National Instruments, Inc.)
4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [43056 2010-03-10] (National Instruments Corporation)
4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53808 2010-03-10] (National Instruments Corporation)
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [366152 2011-08-31] (Malwarebytes Corporation)
4 NIDomainService; "C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe" [358448 2010-03-10] (National Instruments Corporation)
4 NILM License Manager; "C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1007616 2010-05-17] (Macrovision Corporation)
4 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe -s [13896 2009-10-20] (National Instruments Corporation)
4 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [180224 2007-09-04] (NVIDIA)
4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25416 2011-08-31] (Malwarebytes Corporation)
3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62424 2008-05-13] (O2Micro )
3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-10-14] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-09-13] (Duplex Secure Ltd.)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========



==================== One Month Modified Files and Folders =======

2013-02-06 21:56 - 2013-02-06 21:56 - 00000000 ____D C:\FRST
2013-02-06 21:02 - 2012-08-19 04:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-06 21:02 - 2012-04-02 17:47 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-02-06 21:02 - 2011-10-31 16:15 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
2013-02-06 21:02 - 2011-10-12 16:39 - 00000000 ____D C:\Users\All Users\Real
2013-02-06 21:02 - 2011-09-17 17:50 - 00000000 ____D C:\Program Files\PeerBlock
2013-02-06 21:02 - 2011-09-13 17:49 - 00000000 ____D C:\Users\Askboutme\AppData\Roaming\vlc
2013-02-06 21:02 - 2011-09-13 17:35 - 00000000 ____D C:\users\Askboutme
2013-02-06 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-02-06 21:01 - 2012-04-06 15:18 - 00000000 ____D C:\Users\Askboutme\AppData\Roaming\Skype
2013-02-06 21:01 - 2011-10-31 16:15 - 00000000 ____D C:\Users\Askboutme\AppData\Roaming\Yahoo!

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1049736246-843297743-3546994-1000\$e2ea9889b1e702c0c7c9448eff10a0a4

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e2ea9889b1e702c0c7c9448eff10a0a4

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-18 22:52:17
Restore point made on: 2012-12-23 15:50:28
Restore point made on: 2013-01-04 15:42:49

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4090.87 MB
Available physical RAM: 3491.93 MB
Total Pagefile: 4089.02 MB
Available Pagefile: 3478.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:286.27 GB) (Free:135.52 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:2.59 GB) NTFS
4 Drive g: () (Removable) (Total:7.45 GB) (Free:5.05 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 0DA5D0FB

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 11 GB 1024 KB
Partition 2 Primary 100 MB 11 GB
Partition 3 Primary 286 GB 11 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 11 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 286 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7633 MB Healthy

=========================================================

Last Boot: 2013-01-04 15:35

==================== End Of Log =============================
 
Joined
May 7, 2011
Messages
14,142
Open Notepad and Copy & Paste the contents of the code box below into it. To do this highlight the entire contents of the box, right click on the highlighted area and select Copy then right click in the Notepad window and select Paste. Save it to the flashdrive as fixlist.txt <--- it is very important to spell this name exactly as written here.

Code:
start
TDL4: custom:26000022 <===== ATTENTION!
end
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Plug the Flash Drive back into the infected PC and enter the System Recovery Options and select the Command Prompt using the same instructions you followed to run the first scan.

  • In the command window type e:\frst.exe (or for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
    NOTE: if you receive an error message "the system cannot find the drive specified" go back into Notepad and check the drive letter for the Flash Drive.
  • When the FRST window opens click on the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please Copy & Paste it into your next reply.


Let me know if the system will now boot up.
 

askboutme

Thread Starter
Joined
Feb 13, 2013
Messages
2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2013
Ran by SYSTEM at 2013-02-14 19:53:47 Run:3
Running from G:\

==============================================


An error occurred while attempting to delete the specified data element.
Element not found.
The operation completed successfully.

==== End of Fixlog ====
 
Joined
May 7, 2011
Messages
14,142
Please run a fresh scan with FRST and post the new log.

Has there been any change, can the PC now boot into Normal Mode or Safe Mode.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top