Resolved Unsuccessful Startup Repair

jdblue1976 · 2013/06/29

HP ProBook 4530s with Windows 7 Pro

Startup Repair is unable to recover driver file gzflt.sys which I think is a Bitdefender driver file. Their forum suggests I boot in safe mode and uninstall BD and reinstall, but the computer won't boot successfully in Safe Mode.

I have the recovery and OS DVD, but don't want to reload the OS and wipe out my data. Any suggestions on how to recover?

Thanks, JR

retiredlearner · 2013/06/29

Why were you running Startup Repair?
What was your original problem? Neil.

SpywareDr · 2013/06/29

Have you tried using Windows' "System Restore" to roll Windows back to a previous state when your computer was functioning correctly? It allows you to undo system changes without affecting your personal files, such as e-mail, documents, or photos.

Microsoft.com > System Restore > Windows 7

jdblue1976 · 2013/06/30

"retiredlearner said: ↑

Why were you running Startup Repair?
What was your original problem? Neil.
Click to expand...

Windows decided to run Startup Repair when it couldn't successfully boot.

jdblue1976 · 2013/06/30

"SpywareDr said: ↑

Have you tried using Windows' "System Restore" to roll Windows back to a previous state when your computer was functioning correctly? It allows you to undo system changes without affecting your personal files, such as e-mail, documents, or photos.

Microsoft.com > System Restore > Windows 7

Click to expand...

Unfortunately there are no previous states saved to revert back to.

SpywareDr · 2013/06/30

Great. And no recent backup I suppose?

jdblue1976 · 2013/06/30

You suppose correctly. I think I'll have to reinstall Win 7. How do I make this as painless as possilbly? I have the HD out and planning to copy over all the user data. Anyone know an article to guide me through this?

Thanks

broni · 2013/06/30

Let me see if we can figure this one out...

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

[color= "#0000FF"]To enter System Recovery Options from the Advanced Boot Options:[/color]

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

[color= "#0000FF"]To enter System Recovery Options by using Windows installation disc:[/color]

Insert the installation disc.

Restart your computer.

If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

Click Repair your computer.

Select US as the keyboard language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account and click Next.

[color= "#008000"]On the System Recovery Options menu you will get the following options:[/color]

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type [color= "#FF0000"]e[/color]:\frst (for x64 bit version type [color= "#FF0000"]e[/color]:\frst64) and press Enter
Note: Replace letter [color= "#FF0000"]e[/color] with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

jdblue1976 · 2013/06/30

As requested:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013
Ran by SYSTEM on 30-06-2013 14:35:43
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll ",TrayApp [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [200704 2012-04-05] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-09-04] (Synaptics Incorporated)
HKLM\...\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1573632 2013-02-20] (Bitdefender)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-09-04] (IDT, Inc.)
HKLM\...\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden [2996792 2011-07-15] (Hewlett-Packard Company)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, [820048 2011-02-11] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [267128 2010-11-26] ()
HKLM-x32\...\Run: [DTRun] C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Allie\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-07] (Google Inc.)
HKU\Allie\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBA.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series" [278112 2011-11-01] (SEIKO EPSON CORPORATION)
HKU\Allie\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\Users\Allie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [68880 2013-02-20] (Bitdefender)
S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-11] (DigitalPersona, Inc.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
S3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
S2 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
S2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-04-05] ()
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
S2 RtlISMServ; C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe [40960 2011-03-25] (Realtek)
S2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-10] (ArcSoft, Inc.)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [68416 2013-02-20] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-02-20] (Bitdefender)

==================== Drivers (Whitelisted) ====================

S3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-10] (ArcSoft, Inc.)
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [707528 2013-02-20] (BitDefender)
S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2013-02-20] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [589000 2013-02-20] (BitDefender)
S1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93160 2012-08-25] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82384 2013-02-20] (BitDefender SRL)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-09] (Hewlett-Packard Company)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [145696 2013-02-20] ()
S0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-04-05] (McAfee, Inc.)
S0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-04-05] (McAfee, Inc.)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11499008 2013-01-16] (Intel Corporation)
S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2612728 2011-02-11] (Sunplus Technology)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [350160 2013-02-20] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-11 23:03 - 2013-05-16 18:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-11 23:03 - 2013-05-16 18:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-11 23:03 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-11 23:03 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-11 23:03 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-11 23:02 - 2013-05-16 20:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-11 23:02 - 2013-05-16 19:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-11 23:02 - 2013-05-16 19:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 23:02 - 2013-05-16 19:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 23:02 - 2013-05-16 19:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-11 23:02 - 2013-05-16 19:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-11 23:02 - 2013-05-16 19:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-11 23:02 - 2013-05-16 18:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 23:02 - 2013-05-16 18:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-11 23:02 - 2013-05-16 18:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-11 23:02 - 2013-05-16 18:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 23:02 - 2013-05-16 18:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 23:02 - 2013-05-16 18:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-11 23:02 - 2013-05-16 18:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-11 23:02 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-11 23:02 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-11 23:02 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 23:02 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 23:02 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-11 23:02 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-11 23:02 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-11 23:02 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 23:02 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 23:02 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-11 23:02 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 23:02 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-11 23:02 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-11 20:21 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 20:21 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 20:21 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 20:21 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 20:21 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 20:21 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 20:21 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 20:21 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 20:21 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 20:21 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 20:21 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 20:21 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 20:21 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 20:21 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 20:21 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 20:21 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-11 20:21 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-11 20:21 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-11 20:21 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-06-26 09:06 - 2012-10-01 17:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 08:50 - 2012-07-07 12:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-26 08:35 - 2012-07-06 11:05 - 01322476 ____A C:\Windows\WindowsUpdate.log
2013-06-25 22:40 - 2012-07-07 12:20 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 22:33 - 2012-07-06 08:55 - 00000000 ____D C:\ProgramData\PDFC
2013-06-25 22:33 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-25 15:17 - 2012-07-07 12:20 - 00000000 ____D C:\Users\Allie\AppData\Local\Google
2013-06-21 18:07 - 2012-07-12 19:21 - 00000000 ____D C:\Users\Allie\AppData\Roaming\Skype
2013-06-20 15:37 - 2009-07-13 20:45 - 00010112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 15:37 - 2009-07-13 20:45 - 00010112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 15:31 - 2013-03-16 12:34 - 00000000 ____D C:\Users\Allie\AppData\Roaming\Dropbox
2013-06-20 15:30 - 2012-07-06 08:53 - 00000000 ____D C:\ProgramData\HPQLOG
2013-06-20 15:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 15:29 - 2009-07-13 20:51 - 00047654 ____A C:\Windows\setupact.log
2013-06-18 11:51 - 2012-07-13 20:36 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 17:02 - 2012-07-14 20:24 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-06-16 17:01 - 2012-12-29 18:23 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-06-11 23:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-11 23:21 - 2013-01-19 18:27 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForAllie.job
2013-06-11 23:01 - 2012-07-06 11:58 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 18:59 - 2012-07-19 08:46 - 00000000 ____D C:\Users\Allie\AppData\Local\CrashDumps
2013-06-11 17:20 - 2012-08-26 18:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 17:20 - 2012-08-26 18:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-06 19:10 - 2012-06-29 12:03 - 00000000 ____D C:\Users\Allie\Documents\Random

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8126.36 MB
Available physical RAM: 7228.14 MB
Total Pagefile: 8124.51 MB
Available Pagefile: 7220.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:693.53 GB) (Free:470.15 GB) NTFS (Disk=0 Partition=2)
Drive e: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:4.98 GB) FAT32 (Disk=0 Partition=3)
Drive g: () (Removable) (Total:0.24 GB) (Free:0.11 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 388DD338)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=694 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 245 MB) (Disk ID: 3C8D3BFA)
Partition 1: (Not Active) - (Size=245 MB) - (Type=06)

LastRegBack: 2013-06-23 21:10

==================== End Of Log ============================

broni · 2013/06/30

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run [color= "#0000FF"]FRST/FRST64[/color] and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can start normally.

jdblue1976 · 2013/06/30

Wouldn't start normally. Startup Repair startup again.

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-06-2013
Ran by SYSTEM at 2013-06-30 15:46:14 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Could not copy DEFAULT hive.
DEFAULT hive was successfully restored from registry back up.
Could not copy SAM hive.
SAM hive was successfully restored from registry back up.
Could not copy SECURITY hive.
SECURITY hive was successfully restored from registry back up.
Could not copy SOFTWARE hive.
SOFTWARE hive was successfully restored from registry back up.
Could not copy SYSTEM hive.
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

jdblue1976 · 2013/06/30

Startup Repair says gzflt.sys is corrupt and it can't restore it.

broni · 2013/06/30

See if you can in safe mode.

jdblue1976 · 2013/06/30

Nope to safe mode

broni · 2013/06/30

Give me fresh FRST log.

jdblue1976 · 2013/06/30

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013
Ran by SYSTEM on 30-06-2013 16:45:02
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll ",TrayApp [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [200704 2012-04-05] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-09-04] (Synaptics Incorporated)
HKLM\...\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1573632 2013-02-20] (Bitdefender)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-09-04] (IDT, Inc.)
HKLM\...\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden [2996792 2011-07-15] (Hewlett-Packard Company)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, [820048 2011-02-11] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [267128 2010-11-26] ()
HKLM-x32\...\Run: [DTRun] C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Allie\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-07-07] (Google Inc.)
HKU\Allie\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBA.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-400 Series" [278112 2011-11-01] (SEIKO EPSON CORPORATION)
HKU\Allie\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\Users\Allie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [68880 2013-02-20] (Bitdefender)
S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-11] (DigitalPersona, Inc.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
S3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
S2 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
S2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-04-05] ()
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)
S2 RtlISMServ; C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe [40960 2011-03-25] (Realtek)
S2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-10] (ArcSoft, Inc.)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [68416 2013-02-20] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-02-20] (Bitdefender)

==================== Drivers (Whitelisted) ====================

S3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-10] (ArcSoft, Inc.)
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [707528 2013-02-20] (BitDefender)
S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2013-02-20] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [589000 2013-02-20] (BitDefender)
S1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93160 2012-08-25] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82384 2013-02-20] (BitDefender SRL)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-09] (Hewlett-Packard Company)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [145696 2013-02-20] ()
S0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-04-05] (McAfee, Inc.)
S0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-04-05] (McAfee, Inc.)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11499008 2013-01-16] (Intel Corporation)
S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2612728 2011-02-11] (Sunplus Technology)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [350160 2013-02-20] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-11 23:03 - 2013-05-16 18:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-11 23:03 - 2013-05-16 18:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-11 23:03 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-11 23:03 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-11 23:03 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-11 23:02 - 2013-05-16 20:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-11 23:02 - 2013-05-16 19:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-11 23:02 - 2013-05-16 19:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 23:02 - 2013-05-16 19:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 23:02 - 2013-05-16 19:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-11 23:02 - 2013-05-16 19:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-11 23:02 - 2013-05-16 19:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-11 23:02 - 2013-05-16 18:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 23:02 - 2013-05-16 18:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-11 23:02 - 2013-05-16 18:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-11 23:02 - 2013-05-16 18:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 23:02 - 2013-05-16 18:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 23:02 - 2013-05-16 18:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-11 23:02 - 2013-05-16 18:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-11 23:02 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-11 23:02 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-11 23:02 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 23:02 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 23:02 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-11 23:02 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-11 23:02 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-11 23:02 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 23:02 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 23:02 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-11 23:02 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 23:02 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-11 23:02 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-11 20:21 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 20:21 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 20:21 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 20:21 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 20:21 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 20:21 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 20:21 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 20:21 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 20:21 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 20:21 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 20:21 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 20:21 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 20:21 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 20:21 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 20:21 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 20:21 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-11 20:21 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-11 20:21 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-11 20:21 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-06-26 09:06 - 2012-10-01 17:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 08:50 - 2012-07-07 12:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-26 08:35 - 2012-07-06 11:05 - 01322476 ____A C:\Windows\WindowsUpdate.log
2013-06-25 22:40 - 2012-07-07 12:20 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 22:33 - 2012-07-06 08:55 - 00000000 ____D C:\ProgramData\PDFC
2013-06-25 22:33 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-25 15:17 - 2012-07-07 12:20 - 00000000 ____D C:\Users\Allie\AppData\Local\Google
2013-06-21 18:07 - 2012-07-12 19:21 - 00000000 ____D C:\Users\Allie\AppData\Roaming\Skype
2013-06-20 15:37 - 2009-07-13 20:45 - 00010112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 15:37 - 2009-07-13 20:45 - 00010112 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 15:31 - 2013-03-16 12:34 - 00000000 ____D C:\Users\Allie\AppData\Roaming\Dropbox
2013-06-20 15:30 - 2012-07-06 08:53 - 00000000 ____D C:\ProgramData\HPQLOG
2013-06-20 15:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 15:29 - 2009-07-13 20:51 - 00047654 ____A C:\Windows\setupact.log
2013-06-18 11:51 - 2012-07-13 20:36 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 17:02 - 2012-07-14 20:24 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-06-16 17:01 - 2012-12-29 18:23 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-06-11 23:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-11 23:21 - 2013-01-19 18:27 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForAllie.job
2013-06-11 23:01 - 2012-07-06 11:58 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 18:59 - 2012-07-19 08:46 - 00000000 ____D C:\Users\Allie\AppData\Local\CrashDumps
2013-06-11 17:20 - 2012-08-26 18:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 17:20 - 2012-08-26 18:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-06 19:10 - 2012-06-29 12:03 - 00000000 ____D C:\Users\Allie\Documents\Random

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8126.36 MB
Available physical RAM: 7230.32 MB
Total Pagefile: 8124.51 MB
Available Pagefile: 7223.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:693.53 GB) (Free:470.15 GB) NTFS (Disk=0 Partition=2)
Drive e: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:4.98 GB) FAT32 (Disk=0 Partition=3)
Drive g: () (Removable) (Total:0.24 GB) (Free:0.11 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 388DD338)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=694 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 245 MB) (Disk ID: 3C8D3BFA)
Partition 1: (Not Active) - (Size=245 MB) - (Type=06)

LastRegBack: 2013-06-23 21:10

==================== End Of Log ============================

broni · 2013/06/30

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run [color= "#0000FF"]FRST/FRST64[/color] and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot in any mode.

jdblue1976 · 2013/07/01

Here's the Fixlog. When I rebooted it took a long time to get passed the "Starting Windows" logo screen, but it finally came up with the user login screen. I logged in and then it churned away at the welcome screen for a while. Then it sat with a black screen then finally came up with "dwm.exe - Application Error" textbox, so I clicked OK on that. It sat with a black screen then it came up again, so I clicked it again. It seems to be slowly booting up now.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-06-2013
Ran by SYSTEM at 2013-07-01 10:35:21 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Bdagent => Value deleted successfully.
BdDesktopParental => Service deleted successfully.
UPDATESRV => Service deleted successfully.
VSSERV => Service deleted successfully.
C:\Program Files\Bitdefender => Could not move.
avc3 => Service deleted successfully.
avchv => Service deleted successfully.
avckf => Service deleted successfully.
BdfNdisf => Service deleted successfully.
bdfwfpf => Service deleted successfully.
BDSandBox => Service deleted successfully.
gzflt => Service deleted successfully.
C:\Windows\System32\DRIVERS\avc3.sys => Could not move.
C:\Windows\System32\DRIVERS\avchv.sys => Could not move.
C:\Windows\System32\DRIVERS\avckf.sys => Could not move.
C:\Program Files\Common Files\Bitdefender => Could not move.
C:\Windows\System32\DRIVERS\gzflt.sys => Could not move.
trufos => Service deleted successfully.
C:\Windows\System32\DRIVERS\trufos.sys => Could not move.

==== End of Fixlog ====

jdblue1976 · 2013/07/01

After about an hour the laptop seems unresponsive.

broni · 2013/07/01

Re-run FRST again.
Type the following in the edit box after "Search: ".

dwm.exe

Click Search button and post the log (Search.txt) it makes in your reply.

Log in or Sign up

Resolved Unsuccessful Startup Repair

jdblue1976 Well-Known Member Thread Starter

retiredlearner SuperGeek WindowsBBS Team Member

SpywareDr SuperGeek WindowsBBS Team Member

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

SpywareDr SuperGeek WindowsBBS Team Member

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Resolved Unsuccessful Startup Repair

jdblue1976 Well-Known Member Thread Starter

retiredlearner SuperGeek WindowsBBS Team Member

SpywareDr SuperGeek WindowsBBS Team Member

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

SpywareDr SuperGeek WindowsBBS Team Member

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

jdblue1976 Well-Known Member Thread Starter

jdblue1976 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches