Jump to content
YX Ong

Windows 10 - Wont boot. BSOD

Recommended Posts

Hi ...

 

I've been trying for a few days.

It an ASUS Transformer Book T100TA  with Windows 10 Home.

The computer gave a BSOD upon opening it.

This is the error:

:( Your PC ran into problem and needs to restart. We're just collecting some error info, and then we'll restart for you.

If you'd like to know more, you can search online later for this error: SYSTEM THREAD EXCEPTION NOT HANDLED (aswMonFlt.sys)

And it happens every time you start the pc. After it restarts about 2 times, it will boot into advanced startup.

 

As far as I've taken this is:

aswMonFlt.sys is part of Avast antivirus.

I tried starting in Safe Mode. But the error occurred again.

So I'm stuck ... cannot get to run any tools (directly).

Anyone has any ideas before I throw in the towel and do a fresh install ?

I've attached a very bad mobile phone photo - but I hope it documents the error good enough.

 

Regards,

Ong

IMG_20160816_152252.jpg

Share this post


Link to post
Share on other sites
8 hours ago, YX Ong said:

I tried starting in Safe Mode. But the error occurred again.

Did you get into safe mode ???    If not can you get to a command line ??

Share this post


Link to post
Share on other sites

Got someone you know that can allow you to do it, or they will do it for you?

 

 

 

Share this post


Link to post
Share on other sites

NOTE 1. Use another working computer to download Farbar Recovery Scan Tool and save it to USB flash drive.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: http://betanews.com/2015/07/29/how-to-down...h-drive-or-dvd/ and boot from it.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-08-2016 01
Ran by SYSTEM on MININT-VEDPQ1V (17-08-2016 14:57:03)
Running from f:\
Platform: Windows 10 Home Version 1511 (X86) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [81336 2014-12-30] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-29] (Realtek Semiconductor)
HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\360Tray.exe [345000 2016-08-07] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-07-12] ()
HKU\Administrator\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515072 2015-10-29] (Microsoft Corporation)
HKU\asus\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23496872 2016-05-16] (Google)
HKU\asus\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2014-06-11] (ASUSTek Computer Inc.)
S2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-03-25] (ASUSTek Computer Inc.)
S2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation)
S2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-20] (ASUS)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-06-23] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2015-04-08] (Broadcom Corporation.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2128624 2016-07-01] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280696 2016-01-12] (Intel Corporation)
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83384 2014-12-30] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [97208 2014-12-30] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [90552 2014-12-30] (Intel Corporation)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [383640 2016-02-04] ()
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-23] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [274040 2016-01-12] (Intel Corporation)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2013-08-25] (Intel Corporation)
S2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [914344 2016-08-07] (QIHU 360 SOFTWARE CO. LIMITED)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.)
S3 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [115864 2016-02-04] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [383640 2016-02-04] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2016-06-30] (Microsoft Corporation)
S2 WsAppService; C:\Program Files\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [144384 2016-08-07] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [83456 2016-08-07] (360.cn)
S1 360Box; C:\Windows\System32\DRIVERS\360Box.sys [221696 2016-08-07] (360.cn)
S1 360Camera; C:\Windows\System32\Drivers\360Camera.sys [52224 2016-08-07] (360.cn)
S1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [195712 2016-08-07] (360安全中心)
S2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
S3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [64792 2013-12-12] (ASUS Corporation)
S3 AsusSGDrv; C:\Windows\System32\drivers\AsusSGDrv.sys [116032 2015-07-14] (ASUS Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-06-23] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-23] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-06-23] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-06-23] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [60424 2016-06-23] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-06-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118152 2016-06-23] (AVAST Software)
S1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [195072 2016-08-07] (360.cn)
S3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [304344 2013-10-02] (Broadcom Corp)
S3 BthMini; C:\Windows\System32\drivers\BTHMINI.sys [23040 2015-10-29] (Microsoft Corporation)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [162560 2015-04-08] (Broadcom Corporation.)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [139520 2015-04-08] (Broadcom Corporation.)
S3 camera; C:\Windows\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
S3 CM3218x; C:\Windows\system32\DRIVERS\WUDFRd.sys [163328 2015-10-29] (Microsoft Corporation)
S3 CPLMACPI; C:\Windows\system32\DRIVERS\CPLMACPI.sys [25040 2015-07-07] (Capella Microsystems, Inc.)
S3 DptfDevAmbient; C:\Windows\System32\drivers\DptfDevAmbient.sys [44472 2014-12-30] (Intel Corporation)
S3 DptfDevDBPT; C:\Windows\System32\drivers\DptfDevPower.sys [25528 2014-12-30] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [28088 2014-12-30] (Intel Corporation)
S3 DptfDevGen; C:\Windows\System32\drivers\DptfDevGen.sys [36280 2014-12-30] (Intel Corporation)
S3 DptfDevProc; C:\Windows\System32\drivers\DptfDevProc.sys [80824 2014-12-30] (Intel Corporation)
S3 DptfManager; C:\Windows\System32\drivers\DptfManager.sys [182200 2014-12-30] (Intel Corporation)
S1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23248 2016-04-18] (360.cn)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2013-11-03] (Intel Corporation)
S3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2013-11-03] (Intel Corporation)
S3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17416 2015-05-12] (ASUS)
S0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [78208 2016-08-07] (360安全中心)
S3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [58368 2013-11-14] (Intel Corporation)
S3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2013-11-03] (Intel Corporation)
S3 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-08] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel Corporation)
S3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [252416 2013-11-03] (Intel(R) Corporation)
S3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [163328 2015-10-29] (Microsoft Corporation)
S3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel Corporation)
S0 MBI; C:\Windows\System32\drivers\MBI.sys [21456 2013-11-02] (Intel Corporation)
S3 MiraDispKmd; C:\Windows\System32\drivers\MiraDispKmd.sys [19456 2015-10-29] (Microsoft Corporation)
S3 MT9M114; C:\Windows\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 PMIC; C:\Windows\System32\drivers\PMIC.sys [48128 2013-11-02] (Intel Corporation)
S1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [322688 2016-08-07] (360.cn)
S1 qutmipc; C:\WINDOWS\system32\drivers\qutmipc.sys [74496 2016-08-07] (360.cn)
S3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [263936 2015-05-20] (Realtek Semiconductor Corp.)
S3 TXEI; C:\Windows\System32\drivers\TXEI.sys [76304 2013-11-02] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [37400 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [246104 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [98648 2015-10-29] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [163328 2015-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-16 22:53 - 2016-08-16 22:53 - 00000000 _____ C:\Windows\Minidump\081716-11812-01.dmp
2016-08-16 22:52 - 2016-08-16 22:52 - 00000000 _____ C:\Windows\Minidump\081716-13500-01.dmp
2016-08-16 22:33 - 2016-08-16 22:33 - 00000000 _____ C:\Windows\Minidump\081716-12515-01.dmp
2016-08-16 22:32 - 2016-08-16 22:32 - 00000000 _____ C:\Windows\Minidump\081716-13375-01.dmp
2016-08-16 14:25 - 2016-08-16 14:26 - 00000000 ____D C:\FRST
2016-08-15 23:23 - 2016-08-15 23:23 - 00000000 _____ C:\Windows\Minidump\081616-12062-01.dmp
2016-08-15 23:22 - 2016-08-15 23:22 - 00000000 _____ C:\Windows\Minidump\081616-12437-01.dmp
2016-08-15 22:03 - 2016-08-15 22:03 - 00000000 _____ C:\Windows\Minidump\081616-29812-01.dmp
2016-08-15 22:02 - 2016-08-15 22:02 - 00000000 _____ C:\Windows\Minidump\081616-27609-01.dmp
2016-08-15 21:55 - 2016-08-15 21:55 - 00000000 _____ C:\Windows\Minidump\081616-28062-01.dmp
2016-08-15 21:53 - 2016-08-15 21:53 - 00000000 _____ C:\Windows\Minidump\081616-27796-01.dmp
2016-08-15 21:49 - 2016-08-15 21:49 - 00000000 _____ C:\Windows\Minidump\081616-28328-01.dmp
2016-08-15 21:48 - 2016-08-15 21:48 - 00000000 _____ C:\Windows\Minidump\081616-29296-01.dmp
2016-08-15 21:41 - 2016-08-15 21:42 - 00000000 ___HD C:\$Windows.~BT
2016-08-15 21:38 - 2016-08-15 21:55 - 00000000 ___HD C:\$SysReset
2016-08-15 16:55 - 2016-08-15 21:55 - 00000000 _____ C:\Recovery.txt
2016-08-15 16:53 - 2016-08-17 14:51 - 01048576 _____ C:\BitLockerWinRELog.etl
2016-08-15 06:11 - 2016-08-15 06:11 - 00000000 ____D C:\Windows\Minidump
2016-08-15 06:11 - 2016-08-15 06:11 - 00000000 _____ C:\Windows\Minidump\081516-30421-01.dmp
2016-08-15 06:09 - 2016-08-15 06:09 - 00003072 _____ C:\Windows\System32\umstartup.etl
2016-08-15 05:30 - 2016-08-16 22:53 - 222033813 _____ C:\Windows\MEMORY.DMP
2016-08-15 05:28 - 2016-08-15 05:29 - 00165424 _____ C:\Windows\ntbtlog.txt
2016-08-15 00:28 - 2016-08-15 05:29 - 00307112 _____ C:\Windows\System32\FNTCACHE.DAT
2016-08-11 05:08 - 2016-08-11 05:08 - 04516102 _____ C:\Users\asus\Desktop\2016_Citi_Rewards_Catalogue.pdf
2016-08-11 04:32 - 2016-08-11 04:32 - 00001186 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-08-08 23:02 - 2016-08-08 23:02 - 00402783 _____ C:\Users\asus\Downloads\PMBDSF_20160728_CII0700000099991-01.pdf
2016-08-07 06:39 - 2016-08-07 06:39 - 00740664 _____ C:\Users\asus\Downloads\George Lamberis Lamberis George tumblr_iMEaY2TVAbi.mp4
2016-08-04 06:37 - 2016-08-04 06:37 - 00006144 _____ C:\Users\asus\Desktop\CIMBClicks_Trx_History.xls
2016-08-01 23:32 - 2016-08-01 23:32 - 00260452 _____ C:\Users\asus\Desktop\Payment Receipt.pdf
2016-08-01 23:20 - 2016-08-04 06:04 - 00023236 _____ C:\Users\asus\Desktop\Senarai Nama ke LSB.pdf
2016-08-01 23:14 - 2016-08-01 23:14 - 00008755 _____ C:\Users\asus\Desktop\Laporan Mingguan Petang 270716.pdf
2016-08-01 23:13 - 2016-08-01 23:13 - 00008757 _____ C:\Users\asus\Desktop\Laporan Mingguan Petang 130716.pdf
2016-08-01 23:12 - 2016-08-01 23:12 - 00008793 _____ C:\Users\asus\Desktop\Laporan Mingguan Pagi 270716.pdf
2016-08-01 23:11 - 2016-08-01 23:11 - 00008977 _____ C:\Users\asus\Desktop\Laporan Mingguan Pagi 130716.pdf
2016-08-01 05:09 - 2016-08-01 05:09 - 00080711 _____ C:\Users\asus\Desktop\eStatement20160728.pdf
2016-07-28 06:32 - 2016-06-23 07:52 - 00319248 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2016-07-25 05:12 - 2016-07-25 05:12 - 00258966 _____ C:\Users\asus\Downloads\Payment Receipt.pdf
2016-07-22 04:07 - 2016-07-22 04:07 - 00018975 _____ C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1297038.zip
2016-07-22 04:07 - 2016-07-22 04:07 - 00000000 ____D C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1297038
2016-07-22 04:02 - 2016-07-22 04:02 - 00000000 ____D C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1296457
2016-07-22 04:01 - 2016-07-22 04:02 - 00019167 _____ C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1296457.zip
2016-07-22 00:28 - 2016-07-22 00:29 - 00000000 ____D C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1292922
2016-07-22 00:28 - 2016-07-22 00:28 - 00017294 _____ C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1292922.zip
2016-07-22 00:24 - 2016-07-22 00:24 - 00000000 ____D C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1292393
2016-07-19 04:30 - 2016-07-19 04:30 - 00021453 _____ C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1292393.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-15 17:19 - 2016-06-03 14:00 - 00000000 ___DC C:\Windows\Panther
2016-08-15 17:04 - 2015-10-29 21:47 - 00000000 ____D C:\Windows\INF
2016-08-15 05:29 - 2015-10-29 21:13 - 00786432 ___SH C:\Windows\System32\config\BBI
2016-08-12 07:23 - 2015-06-29 06:25 - 144884648 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-08-12 07:22 - 2015-10-29 21:39 - 00000000 ____D C:\Windows\CbsTemp
2016-08-12 07:18 - 2015-09-07 06:29 - 00000000 ____D C:\ProgramData\360Quarant
2016-08-12 06:45 - 2015-10-29 21:48 - 00000000 ____D C:\Windows\AppReadiness
2016-08-12 06:43 - 2015-10-29 21:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-12 06:21 - 2016-04-22 02:22 - 00000000 ____D C:\Users\asus\AppData\LocalLow\360WD
2016-08-12 05:42 - 2016-04-22 02:22 - 00000000 ____D C:\Users\asus\AppData\Roaming\360safe
2016-08-12 05:39 - 2016-06-07 05:00 - 00000000 ____D C:\Users\asus\AppData\Roaming\Skype
2016-08-12 04:34 - 2016-06-02 22:00 - 00000000 ____D C:\Windows\System32\SleepStudy
2016-08-12 04:28 - 2015-10-29 21:48 - 00000000 ____D C:\Windows\System32\NDF
2016-08-12 04:28 - 2015-09-14 07:22 - 00000000 ___RD C:\Users\asus\Google Drive
2016-08-12 04:25 - 2015-09-05 23:59 - 00879220 _____ C:\Windows\System32\PerfStringBackup.INI
2016-08-12 04:19 - 2016-06-03 22:11 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-08-12 04:18 - 2015-09-06 00:05 - 00000000 __SHD C:\Users\asus\IntelGraphicsProfiles
2016-08-12 04:11 - 2016-04-22 02:22 - 00000000 _RSHD C:\360SANDBOX
2016-08-12 04:10 - 2016-06-02 22:07 - 00000000 ____D C:\users\asus
2016-08-12 04:06 - 2016-06-02 22:07 - 00000000 ____D C:\users\Administrator
2016-08-07 22:04 - 2016-04-22 02:22 - 00221696 _____ (360.cn) C:\Windows\System32\Drivers\360Box.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00195712 _____ (360安全中心) C:\Windows\System32\Drivers\360SelfProtection.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00144384 _____ (360.cn) C:\Windows\System32\Drivers\360AntiHacker.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00074496 _____ (360.cn) C:\Windows\System32\Drivers\qutmipc.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00052224 _____ (360.cn) C:\Windows\System32\Drivers\360Camera.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00322688 _____ (360.cn) C:\Windows\System32\Drivers\qutmdrv.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00195072 _____ (360.cn) C:\Windows\System32\Drivers\BAPIDRV.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00083456 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00078208 _____ (360安全中心) C:\Windows\System32\Drivers\hookport.sys
2016-08-07 06:56 - 2014-04-21 20:37 - 00000000 ____D C:\Users\asus\AppData\LocalLow\57217810-E194-2A9B-F98E-DBA96CA40352
2016-08-07 06:40 - 2015-12-28 05:34 - 00000000 ____D C:\Users\asus\AppData\Roaming\vlc
2016-08-04 06:38 - 2014-04-16 19:54 - 00000000 ____D C:\Users\asus\AppData\Local\Packages
2016-08-03 06:33 - 2016-06-23 07:53 - 00224616 _____ C:\Windows\System32\Drivers\aswvmm.sys
2016-07-30 03:09 - 2016-05-31 02:45 - 00000000 ____D C:\Users\asus\Desktop\YX Ong
2016-07-28 06:33 - 2016-06-23 07:53 - 00438296 _____ C:\Windows\System32\Drivers\aswsp.sys
2016-07-28 06:21 - 2016-06-07 04:59 - 00000000 ___RD C:\Program Files\Skype
2016-07-28 06:21 - 2016-06-07 04:59 - 00000000 ____D C:\ProgramData\Skype
2016-07-24 03:53 - 2015-10-29 21:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-24 03:51 - 2014-04-21 18:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-19 07:02 - 2016-06-23 22:02 - 00000501 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2016-07-19 05:15 - 2015-10-29 21:48 - 00000000 ____D C:\Windows\rescache
2016-07-19 04:03 - 2016-04-26 20:36 - 00000000 __RHD C:\Users\Public\AccountPictures

Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe
[2016-07-14 04:51] - [2016-06-30 20:19] - 4074160 ____A (Microsoft Corporation) B6113983ED77D6FE99BDEE461E7BE004

C:\Windows\System32\winlogon.exe
[2016-06-04 06:46] - [2016-04-22 20:14] - 0494592 ____A (Microsoft Corporation) 4A618D1B1D6D46B2FE635A85A3B10F3E

C:\Windows\System32\wininit.exe
[2016-06-04 06:45] - [2016-04-22 21:07] - 0192704 ____A (Microsoft Corporation) C3063049D15E3C93194463E0A7F213A5

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-06-04 06:45] - [2016-04-22 21:00] - 1273720 ____A (Microsoft Corporation) 588454298D5160155B522C58EFD81DC4

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 1933.15 MB
Available physical RAM: 1383.11 MB
Total Virtual: 1933.15 MB
Available Virtual: 1419.27 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:27.78 GB) (Free:5.89 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data1) (Fixed) (Total:465.76 GB) (Free:432.65 GB) NTFS
Drive e: () (Fixed) (Total:0.44 GB) (Free:0.18 GB) NTFS
Drive f: (SHAH) (Removable) (Total:3.63 GB) (Free:0.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: FF6160FC)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A8DC5C91)

Partition: GPT.

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 481A943F)

Partition: GPT.

========================================================
Disk: 3 (Size: 3.6 GB) (Disk ID: 00000000)

Partition: GPT.


LastRegBack: 2016-06-02 22:00

==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

Most likely, the issue is caused by running two AV programs, 360 Total Security and Avast.

Let's see if we can fix it.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8/10: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


See if you can boot normally.

fixlist.txt

Share this post


Link to post
Share on other sites

@Broni

The following is the fix log that you want.

When I reboot my pc, the pc prepared automatic repair and diagnosed, but lastly it said that did not start correctly. The following attachment is the photo that I captured.

___________________________________________________________________________________________________________________________________

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-08-2016 01
Ran by SYSTEM (18-08-2016 20:28:27) Run:1
Running from f:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
LastRegBack: 2016-06-02 22:00 
*****************

DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up

==== End of Fixlog 20:28:28 ====

IMG_20160818_205559.jpg

Edited by YX Ong

Share this post


Link to post
Share on other sites

We just tried to restore your computer to a date when it booted successfully for the last time but it didn't work.

Let's see if eliminating Avast from starting will help.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8/10: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


See if you can boot normally.

 

fixlist.txt

Share this post


Link to post
Share on other sites

@Broni

The following is the fix log that you want.

The problem still assists when I reboot my pc.

___________________________________________________________________________________________________________________________________

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-08-2016 01
Ran by SYSTEM (19-08-2016 15:18:17) Run:2
Running from f:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-06-23] (AVAST Software)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-06-23] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-06-23] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-06-23] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-06-23] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [60424 2016-06-23] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-06-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118152 2016-06-23] (AVAST Software)
C:\ProgramData\fontcacheev1.dat 

*****************

avast! Antivirus => service not found.
aswHwid => service not found.
aswKbd => service not found.
aswMonFlt => service not found.
aswRdr => service not found.
aswRvrt => service not found.
aswSnx => service not found.
aswStm => service not found.
C:\ProgramData\fontcacheev1.dat => moved successfully

==== End of Fixlog 15:18:21 ====

Share this post


Link to post
Share on other sites

@Broni

This is the fresh FRST log that you want.

__________________________________________________________________________________________________________________________________

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-08-2016 01
Ran by SYSTEM on MININT-0CM8CSO (21-08-2016 11:37:23)
Running from f:\
Platform: WIN_10 (X86) Language: English (United States)
Boot Mode: Recovery
ATTENTION: Could not load system hive.
The operation completed successfully.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Winlogon: [Userinit] 
HKLM\...\Winlogon: [Shell]  [x ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  <==== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION
HKU\Administrator\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515072 2015-10-29] (Microsoft Corporation)
HKU\asus\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23496872 2016-05-16] (Google)
HKU\asus\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-18 20:28 - 2016-08-18 20:28 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2016-08-18 04:19 - 2016-08-18 04:19 - 00000000 _____ C:\Windows\Minidump\081816-11843-01.dmp
2016-08-18 04:18 - 2016-08-18 04:18 - 00000000 _____ C:\Windows\Minidump\081816-13000-01.dmp
2016-08-18 02:20 - 2016-08-18 02:20 - 00000000 _____ C:\Windows\Minidump\081816-11828-01.dmp
2016-08-18 02:19 - 2016-08-18 02:19 - 00000000 _____ C:\Windows\Minidump\081816-13515-01.dmp
2016-08-16 22:53 - 2016-08-16 22:53 - 00000000 _____ C:\Windows\Minidump\081716-11812-01.dmp
2016-08-16 22:52 - 2016-08-16 22:52 - 00000000 _____ C:\Windows\Minidump\081716-13500-01.dmp
2016-08-16 22:33 - 2016-08-16 22:33 - 00000000 _____ C:\Windows\Minidump\081716-12515-01.dmp
2016-08-16 22:32 - 2016-08-16 22:32 - 00000000 _____ C:\Windows\Minidump\081716-13375-01.dmp
2016-08-16 14:25 - 2016-08-21 11:37 - 00000000 ____D C:\FRST
2016-08-15 23:23 - 2016-08-15 23:23 - 00000000 _____ C:\Windows\Minidump\081616-12062-01.dmp
2016-08-15 23:22 - 2016-08-15 23:22 - 00000000 _____ C:\Windows\Minidump\081616-12437-01.dmp
2016-08-15 22:03 - 2016-08-15 22:03 - 00000000 _____ C:\Windows\Minidump\081616-29812-01.dmp
2016-08-15 22:02 - 2016-08-15 22:02 - 00000000 _____ C:\Windows\Minidump\081616-27609-01.dmp
2016-08-15 21:55 - 2016-08-15 21:55 - 00000000 _____ C:\Windows\Minidump\081616-28062-01.dmp
2016-08-15 21:53 - 2016-08-15 21:53 - 00000000 _____ C:\Windows\Minidump\081616-27796-01.dmp
2016-08-15 21:49 - 2016-08-15 21:49 - 00000000 _____ C:\Windows\Minidump\081616-28328-01.dmp
2016-08-15 21:48 - 2016-08-15 21:48 - 00000000 _____ C:\Windows\Minidump\081616-29296-01.dmp
2016-08-15 21:41 - 2016-08-15 21:42 - 00000000 ___HD C:\$Windows.~BT
2016-08-15 21:38 - 2016-08-15 21:55 - 00000000 ___HD C:\$SysReset
2016-08-15 16:55 - 2016-08-15 21:55 - 00000000 _____ C:\Recovery.txt
2016-08-15 16:53 - 2016-08-19 15:19 - 01245184 _____ C:\BitLockerWinRELog.etl
2016-08-15 06:11 - 2016-08-15 06:11 - 00000000 ____D C:\Windows\Minidump
2016-08-15 06:11 - 2016-08-15 06:11 - 00000000 _____ C:\Windows\Minidump\081516-30421-01.dmp
2016-08-15 06:09 - 2016-08-15 06:09 - 00003072 _____ C:\Windows\System32\umstartup.etl
2016-08-15 05:30 - 2016-08-18 04:19 - 222349157 _____ C:\Windows\MEMORY.DMP
2016-08-15 05:28 - 2016-08-15 05:29 - 00165424 _____ C:\Windows\ntbtlog.txt
2016-08-15 00:28 - 2016-08-15 05:29 - 00307112 _____ C:\Windows\System32\FNTCACHE.DAT
2016-08-11 05:08 - 2016-08-11 05:08 - 04516102 _____ C:\Users\asus\Desktop\2016_Citi_Rewards_Catalogue.pdf
2016-08-11 04:32 - 2016-08-11 04:32 - 00001186 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-08-08 23:02 - 2016-08-08 23:02 - 00402783 _____ C:\Users\asus\Downloads\PMBDSF_20160728_CII0700000099991-01.pdf
2016-08-07 06:39 - 2016-08-07 06:39 - 00740664 _____ C:\Users\asus\Downloads\George Lamberis Lamberis George tumblr_iMEaY2TVAbi.mp4
2016-08-04 06:37 - 2016-08-04 06:37 - 00006144 _____ C:\Users\asus\Desktop\CIMBClicks_Trx_History.xls
2016-08-01 23:32 - 2016-08-01 23:32 - 00260452 _____ C:\Users\asus\Desktop\Payment Receipt.pdf
2016-08-01 23:20 - 2016-08-04 06:04 - 00023236 _____ C:\Users\asus\Desktop\Senarai Nama ke LSB.pdf
2016-08-01 23:14 - 2016-08-01 23:14 - 00008755 _____ C:\Users\asus\Desktop\Laporan Mingguan Petang 270716.pdf
2016-08-01 23:13 - 2016-08-01 23:13 - 00008757 _____ C:\Users\asus\Desktop\Laporan Mingguan Petang 130716.pdf
2016-08-01 23:12 - 2016-08-01 23:12 - 00008793 _____ C:\Users\asus\Desktop\Laporan Mingguan Pagi 270716.pdf
2016-08-01 23:11 - 2016-08-01 23:11 - 00008977 _____ C:\Users\asus\Desktop\Laporan Mingguan Pagi 130716.pdf
2016-08-01 05:09 - 2016-08-01 05:09 - 00080711 _____ C:\Users\asus\Desktop\eStatement20160728.pdf
2016-07-28 06:32 - 2016-06-23 07:52 - 00319248 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2016-07-25 05:12 - 2016-07-25 05:12 - 00258966 _____ C:\Users\asus\Downloads\Payment Receipt.pdf
2016-07-22 04:07 - 2016-07-22 04:07 - 00018975 _____ C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1297038.zip
2016-07-22 04:07 - 2016-07-22 04:07 - 00000000 ____D C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1297038
2016-07-22 04:02 - 2016-07-22 04:02 - 00000000 ____D C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1296457
2016-07-22 04:01 - 2016-07-22 04:02 - 00019167 _____ C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1296457.zip
2016-07-22 00:28 - 2016-07-22 00:29 - 00000000 ____D C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1292922
2016-07-22 00:28 - 2016-07-22 00:28 - 00017294 _____ C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1292922.zip
2016-07-22 00:24 - 2016-07-22 00:24 - 00000000 ____D C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1292393

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-15 17:19 - 2016-06-03 14:00 - 00000000 ___DC C:\Windows\Panther
2016-08-15 17:04 - 2015-10-29 21:47 - 00000000 ____D C:\Windows\INF
2016-08-15 05:29 - 2015-10-29 21:13 - 00786432 ___SH C:\Windows\System32\config\BBI
2016-08-12 07:23 - 2015-06-29 06:25 - 144884648 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-08-12 07:22 - 2015-10-29 21:39 - 00000000 ____D C:\Windows\CbsTemp
2016-08-12 07:18 - 2015-09-07 06:29 - 00000000 ____D C:\ProgramData\360Quarant
2016-08-12 06:45 - 2015-10-29 21:48 - 00000000 ____D C:\Windows\AppReadiness
2016-08-12 06:43 - 2015-10-29 21:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-12 06:21 - 2016-04-22 02:22 - 00000000 ____D C:\Users\asus\AppData\LocalLow\360WD
2016-08-12 05:42 - 2016-04-22 02:22 - 00000000 ____D C:\Users\asus\AppData\Roaming\360safe
2016-08-12 05:39 - 2016-06-07 05:00 - 00000000 ____D C:\Users\asus\AppData\Roaming\Skype
2016-08-12 04:34 - 2016-06-02 22:00 - 00000000 ____D C:\Windows\System32\SleepStudy
2016-08-12 04:28 - 2015-10-29 21:48 - 00000000 ____D C:\Windows\System32\NDF
2016-08-12 04:28 - 2015-09-14 07:22 - 00000000 ___RD C:\Users\asus\Google Drive
2016-08-12 04:25 - 2015-09-05 23:59 - 00879220 _____ C:\Windows\System32\PerfStringBackup.INI
2016-08-12 04:19 - 2016-06-03 22:11 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-08-12 04:18 - 2015-09-06 00:05 - 00000000 __SHD C:\Users\asus\IntelGraphicsProfiles
2016-08-12 04:11 - 2016-04-22 02:22 - 00000000 _RSHD C:\360SANDBOX
2016-08-12 04:10 - 2016-06-02 22:07 - 00000000 ____D C:\users\asus
2016-08-12 04:06 - 2016-06-02 22:07 - 00000000 ____D C:\users\Administrator
2016-08-07 22:04 - 2016-04-22 02:22 - 00221696 _____ (360.cn) C:\Windows\System32\Drivers\360Box.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00195712 _____ (360安全中心) C:\Windows\System32\Drivers\360SelfProtection.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00144384 _____ (360.cn) C:\Windows\System32\Drivers\360AntiHacker.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00074496 _____ (360.cn) C:\Windows\System32\Drivers\qutmipc.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00052224 _____ (360.cn) C:\Windows\System32\Drivers\360Camera.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00322688 _____ (360.cn) C:\Windows\System32\Drivers\qutmdrv.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00195072 _____ (360.cn) C:\Windows\System32\Drivers\BAPIDRV.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00083456 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00078208 _____ (360安全中心) C:\Windows\System32\Drivers\hookport.sys
2016-08-07 06:56 - 2014-04-21 20:37 - 00000000 ____D C:\Users\asus\AppData\LocalLow\57217810-E194-2A9B-F98E-DBA96CA40352
2016-08-07 06:40 - 2015-12-28 05:34 - 00000000 ____D C:\Users\asus\AppData\Roaming\vlc
2016-08-04 06:38 - 2014-04-16 19:54 - 00000000 ____D C:\Users\asus\AppData\Local\Packages
2016-08-03 06:33 - 2016-06-23 07:53 - 00224616 _____ C:\Windows\System32\Drivers\aswvmm.sys
2016-07-30 03:09 - 2016-05-31 02:45 - 00000000 ____D C:\Users\asus\Desktop\YX Ong
2016-07-28 06:33 - 2016-06-23 07:53 - 00438296 _____ C:\Windows\System32\Drivers\aswsp.sys
2016-07-28 06:21 - 2016-06-07 04:59 - 00000000 ___RD C:\Program Files\Skype
2016-07-28 06:21 - 2016-06-07 04:59 - 00000000 ____D C:\ProgramData\Skype
2016-07-24 03:53 - 2015-10-29 21:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-24 03:51 - 2014-04-21 18:57 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe
[2016-07-14 04:51] - [2016-06-30 20:19] - 4074160 ____A (Microsoft Corporation) B6113983ED77D6FE99BDEE461E7BE004

C:\Windows\System32\winlogon.exe
[2016-06-04 06:46] - [2016-04-22 20:14] - 0494592 ____A (Microsoft Corporation) 4A618D1B1D6D46B2FE635A85A3B10F3E

C:\Windows\System32\wininit.exe
[2016-06-04 06:45] - [2016-04-22 21:07] - 0192704 ____A (Microsoft Corporation) C3063049D15E3C93194463E0A7F213A5

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-06-04 06:45] - [2016-04-22 21:00] - 1273720 ____A (Microsoft Corporation) 588454298D5160155B522C58EFD81DC4

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

HKLM\...\.exe:  =>  <===== ATTENTION
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION
HKLM\...\exefile\shell\open\command:  <===== ATTENTION

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 1933.15 MB
Available physical RAM: 1461.18 MB
Total Virtual: 1933.15 MB
Available Virtual: 1494.61 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:27.78 GB) (Free:5.91 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data1) (Fixed) (Total:465.76 GB) (Free:432.65 GB) NTFS
Drive e: () (Fixed) (Total:0.44 GB) (Free:0.18 GB) NTFS
Drive f: (SHAH) (Removable) (Total:3.63 GB) (Free:0.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: FF6160FC)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A8DC5C91)

Partition: GPT.

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 481A943F)

Partition: GPT.

========================================================
Disk: 3 (Size: 3.6 GB) (Disk ID: 00000000)

Partition: GPT.


LastRegBack: 2016-06-02 22:00

==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

This line from FRST log:

Quote

ATTENTION: Could not load system hive.

indicates some disk corruption.

Let's try couple of things, one thing at a time...

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8/10: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


See if you can boot normally.

If you can't post fresh FRST log.

fixlist.txt

Share this post


Link to post
Share on other sites

@Broni

This is the fix log that you want.

My pc still cant boot. So, the fresh FRST log is below the fix log.

___________________________________________________________________________________________________________________________________

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-08-2016 01
Ran by SYSTEM (21-08-2016 22:27:48) Run:3
Running from f:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
HKLM\...\Winlogon: [Shell]  [x ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  <==== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION
HKLM\...\.exe:  =>  <===== ATTENTION
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION
HKLM\...\exefile\shell\open\command:  <===== ATTENTION
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => value restored successfully
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
HKLM\Software\Classes\.exe\\Default => value restored successfully
HKLM\Software\Classes\exefile\DefaultIcon\\Default => value restored successfully
HKLM\Software\Classes\exefile\shell\open\command\\Default => value restored successfully

==== End of Fixlog 22:27:50 ====

 

___________________________________________________________________________________________________________________________________

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-08-2016 01
Ran by SYSTEM on MININT-DCH8EGI (21-08-2016 22:32:31)
Running from f:\
Platform: WIN_10 (X86) Language: English (United States)
Boot Mode: Recovery
ATTENTION: Could not load system hive.
The operation completed successfully.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Winlogon: [Userinit] 
HKU\Administrator\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515072 2015-10-29] (Microsoft Corporation)
HKU\asus\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23496872 2016-05-16] (Google)
HKU\asus\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-18 20:28 - 2016-08-18 20:28 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2016-08-18 04:19 - 2016-08-18 04:19 - 00000000 _____ C:\Windows\Minidump\081816-11843-01.dmp
2016-08-18 04:18 - 2016-08-18 04:18 - 00000000 _____ C:\Windows\Minidump\081816-13000-01.dmp
2016-08-18 02:20 - 2016-08-18 02:20 - 00000000 _____ C:\Windows\Minidump\081816-11828-01.dmp
2016-08-18 02:19 - 2016-08-18 02:19 - 00000000 _____ C:\Windows\Minidump\081816-13515-01.dmp
2016-08-16 22:53 - 2016-08-16 22:53 - 00000000 _____ C:\Windows\Minidump\081716-11812-01.dmp
2016-08-16 22:52 - 2016-08-16 22:52 - 00000000 _____ C:\Windows\Minidump\081716-13500-01.dmp
2016-08-16 22:33 - 2016-08-16 22:33 - 00000000 _____ C:\Windows\Minidump\081716-12515-01.dmp
2016-08-16 22:32 - 2016-08-16 22:32 - 00000000 _____ C:\Windows\Minidump\081716-13375-01.dmp
2016-08-16 14:25 - 2016-08-21 22:32 - 00000000 ____D C:\FRST
2016-08-15 23:23 - 2016-08-15 23:23 - 00000000 _____ C:\Windows\Minidump\081616-12062-01.dmp
2016-08-15 23:22 - 2016-08-15 23:22 - 00000000 _____ C:\Windows\Minidump\081616-12437-01.dmp
2016-08-15 22:03 - 2016-08-15 22:03 - 00000000 _____ C:\Windows\Minidump\081616-29812-01.dmp
2016-08-15 22:02 - 2016-08-15 22:02 - 00000000 _____ C:\Windows\Minidump\081616-27609-01.dmp
2016-08-15 21:55 - 2016-08-15 21:55 - 00000000 _____ C:\Windows\Minidump\081616-28062-01.dmp
2016-08-15 21:53 - 2016-08-15 21:53 - 00000000 _____ C:\Windows\Minidump\081616-27796-01.dmp
2016-08-15 21:49 - 2016-08-15 21:49 - 00000000 _____ C:\Windows\Minidump\081616-28328-01.dmp
2016-08-15 21:48 - 2016-08-15 21:48 - 00000000 _____ C:\Windows\Minidump\081616-29296-01.dmp
2016-08-15 21:41 - 2016-08-15 21:42 - 00000000 ___HD C:\$Windows.~BT
2016-08-15 21:38 - 2016-08-15 21:55 - 00000000 ___HD C:\$SysReset
2016-08-15 16:55 - 2016-08-15 21:55 - 00000000 _____ C:\Recovery.txt
2016-08-15 16:53 - 2016-08-21 22:28 - 01376256 _____ C:\BitLockerWinRELog.etl
2016-08-15 06:11 - 2016-08-15 06:11 - 00000000 ____D C:\Windows\Minidump
2016-08-15 06:11 - 2016-08-15 06:11 - 00000000 _____ C:\Windows\Minidump\081516-30421-01.dmp
2016-08-15 06:09 - 2016-08-15 06:09 - 00003072 _____ C:\Windows\System32\umstartup.etl
2016-08-15 05:30 - 2016-08-18 04:19 - 222349157 _____ C:\Windows\MEMORY.DMP
2016-08-15 05:28 - 2016-08-15 05:29 - 00165424 _____ C:\Windows\ntbtlog.txt
2016-08-15 00:28 - 2016-08-15 05:29 - 00307112 _____ C:\Windows\System32\FNTCACHE.DAT
2016-08-11 05:08 - 2016-08-11 05:08 - 04516102 _____ C:\Users\asus\Desktop\2016_Citi_Rewards_Catalogue.pdf
2016-08-11 04:32 - 2016-08-11 04:32 - 00001186 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-08-08 23:02 - 2016-08-08 23:02 - 00402783 _____ C:\Users\asus\Downloads\PMBDSF_20160728_CII0700000099991-01.pdf
2016-08-07 06:39 - 2016-08-07 06:39 - 00740664 _____ C:\Users\asus\Downloads\George Lamberis Lamberis George tumblr_iMEaY2TVAbi.mp4
2016-08-04 06:37 - 2016-08-04 06:37 - 00006144 _____ C:\Users\asus\Desktop\CIMBClicks_Trx_History.xls
2016-08-01 23:32 - 2016-08-01 23:32 - 00260452 _____ C:\Users\asus\Desktop\Payment Receipt.pdf
2016-08-01 23:20 - 2016-08-04 06:04 - 00023236 _____ C:\Users\asus\Desktop\Senarai Nama ke LSB.pdf
2016-08-01 23:14 - 2016-08-01 23:14 - 00008755 _____ C:\Users\asus\Desktop\Laporan Mingguan Petang 270716.pdf
2016-08-01 23:13 - 2016-08-01 23:13 - 00008757 _____ C:\Users\asus\Desktop\Laporan Mingguan Petang 130716.pdf
2016-08-01 23:12 - 2016-08-01 23:12 - 00008793 _____ C:\Users\asus\Desktop\Laporan Mingguan Pagi 270716.pdf
2016-08-01 23:11 - 2016-08-01 23:11 - 00008977 _____ C:\Users\asus\Desktop\Laporan Mingguan Pagi 130716.pdf
2016-08-01 05:09 - 2016-08-01 05:09 - 00080711 _____ C:\Users\asus\Desktop\eStatement20160728.pdf
2016-07-28 06:32 - 2016-06-23 07:52 - 00319248 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2016-07-25 05:12 - 2016-07-25 05:12 - 00258966 _____ C:\Users\asus\Downloads\Payment Receipt.pdf
2016-07-22 04:07 - 2016-07-22 04:07 - 00018975 _____ C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1297038.zip
2016-07-22 04:07 - 2016-07-22 04:07 - 00000000 ____D C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1297038
2016-07-22 04:02 - 2016-07-22 04:02 - 00000000 ____D C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1296457
2016-07-22 04:01 - 2016-07-22 04:02 - 00019167 _____ C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1296457.zip
2016-07-22 00:28 - 2016-07-22 00:29 - 00000000 ____D C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1292922
2016-07-22 00:28 - 2016-07-22 00:28 - 00017294 _____ C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1292922.zip
2016-07-22 00:24 - 2016-07-22 00:24 - 00000000 ____D C:\Users\asus\Downloads\descendants-of-the-sun-taeyangui-huye_indonesian-1292393

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-15 17:19 - 2016-06-03 14:00 - 00000000 ___DC C:\Windows\Panther
2016-08-15 17:04 - 2015-10-29 21:47 - 00000000 ____D C:\Windows\INF
2016-08-15 05:29 - 2015-10-29 21:13 - 00786432 ___SH C:\Windows\System32\config\BBI
2016-08-12 07:23 - 2015-06-29 06:25 - 144884648 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-08-12 07:22 - 2015-10-29 21:39 - 00000000 ____D C:\Windows\CbsTemp
2016-08-12 07:18 - 2015-09-07 06:29 - 00000000 ____D C:\ProgramData\360Quarant
2016-08-12 06:45 - 2015-10-29 21:48 - 00000000 ____D C:\Windows\AppReadiness
2016-08-12 06:43 - 2015-10-29 21:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-12 06:21 - 2016-04-22 02:22 - 00000000 ____D C:\Users\asus\AppData\LocalLow\360WD
2016-08-12 05:42 - 2016-04-22 02:22 - 00000000 ____D C:\Users\asus\AppData\Roaming\360safe
2016-08-12 05:39 - 2016-06-07 05:00 - 00000000 ____D C:\Users\asus\AppData\Roaming\Skype
2016-08-12 04:34 - 2016-06-02 22:00 - 00000000 ____D C:\Windows\System32\SleepStudy
2016-08-12 04:28 - 2015-10-29 21:48 - 00000000 ____D C:\Windows\System32\NDF
2016-08-12 04:28 - 2015-09-14 07:22 - 00000000 ___RD C:\Users\asus\Google Drive
2016-08-12 04:25 - 2015-09-05 23:59 - 00879220 _____ C:\Windows\System32\PerfStringBackup.INI
2016-08-12 04:19 - 2016-06-03 22:11 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-08-12 04:18 - 2015-09-06 00:05 - 00000000 __SHD C:\Users\asus\IntelGraphicsProfiles
2016-08-12 04:11 - 2016-04-22 02:22 - 00000000 _RSHD C:\360SANDBOX
2016-08-12 04:10 - 2016-06-02 22:07 - 00000000 ____D C:\users\asus
2016-08-12 04:06 - 2016-06-02 22:07 - 00000000 ____D C:\users\Administrator
2016-08-07 22:04 - 2016-04-22 02:22 - 00221696 _____ (360.cn) C:\Windows\System32\Drivers\360Box.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00195712 _____ (360安全中心) C:\Windows\System32\Drivers\360SelfProtection.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00144384 _____ (360.cn) C:\Windows\System32\Drivers\360AntiHacker.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00074496 _____ (360.cn) C:\Windows\System32\Drivers\qutmipc.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00052224 _____ (360.cn) C:\Windows\System32\Drivers\360Camera.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00322688 _____ (360.cn) C:\Windows\System32\Drivers\qutmdrv.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00195072 _____ (360.cn) C:\Windows\System32\Drivers\BAPIDRV.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00083456 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00078208 _____ (360安全中心) C:\Windows\System32\Drivers\hookport.sys
2016-08-07 06:56 - 2014-04-21 20:37 - 00000000 ____D C:\Users\asus\AppData\LocalLow\57217810-E194-2A9B-F98E-DBA96CA40352
2016-08-07 06:40 - 2015-12-28 05:34 - 00000000 ____D C:\Users\asus\AppData\Roaming\vlc
2016-08-04 06:38 - 2014-04-16 19:54 - 00000000 ____D C:\Users\asus\AppData\Local\Packages
2016-08-03 06:33 - 2016-06-23 07:53 - 00224616 _____ C:\Windows\System32\Drivers\aswvmm.sys
2016-07-30 03:09 - 2016-05-31 02:45 - 00000000 ____D C:\Users\asus\Desktop\YX Ong
2016-07-28 06:33 - 2016-06-23 07:53 - 00438296 _____ C:\Windows\System32\Drivers\aswsp.sys
2016-07-28 06:21 - 2016-06-07 04:59 - 00000000 ___RD C:\Program Files\Skype
2016-07-28 06:21 - 2016-06-07 04:59 - 00000000 ____D C:\ProgramData\Skype
2016-07-24 03:53 - 2015-10-29 21:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-24 03:51 - 2014-04-21 18:57 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe
[2016-07-14 04:51] - [2016-06-30 20:19] - 4074160 ____A (Microsoft Corporation) B6113983ED77D6FE99BDEE461E7BE004

C:\Windows\System32\winlogon.exe
[2016-06-04 06:46] - [2016-04-22 20:14] - 0494592 ____A (Microsoft Corporation) 4A618D1B1D6D46B2FE635A85A3B10F3E

C:\Windows\System32\wininit.exe
[2016-06-04 06:45] - [2016-04-22 21:07] - 0192704 ____A (Microsoft Corporation) C3063049D15E3C93194463E0A7F213A5

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-06-04 06:45] - [2016-04-22 21:00] - 1273720 ____A (Microsoft Corporation) 588454298D5160155B522C58EFD81DC4

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 1933.15 MB
Available physical RAM: 1461.74 MB
Total Virtual: 1933.15 MB
Available Virtual: 1495.65 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:27.78 GB) (Free:5.91 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data1) (Fixed) (Total:465.76 GB) (Free:432.65 GB) NTFS
Drive e: () (Fixed) (Total:0.44 GB) (Free:0.18 GB) NTFS
Drive f: (SHAH) (Removable) (Total:3.63 GB) (Free:0.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: FF6160FC)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A8DC5C91)

Partition: GPT.

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 481A943F)

Partition: GPT.

========================================================
Disk: 3 (Size: 3.6 GB) (Disk ID: 00000000)

Partition: GPT.


LastRegBack: 2016-06-02 22:00

==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

From the recovery console select Command Prompt

At the prompt type the following command and press enter :

chkdsk c: /r

Wait for it to complete and then try a normal boot

Share this post


Link to post
Share on other sites

@Broni

The computer said that the chkdsk cannot run because the volume is in use by another process. Chkdsk may run if this volume is dismounted first. ALL OPENED HANDLES TO THIS VOLUME WOULD THEN BE INVALID. Would you like to force a dismount on this volume? (Y/N)

Should I type Y?

The following is the attachment of the photo that the cmd prompt.

14717970021901003126219.jpg

Edited by YX Ong

Share this post


Link to post
Share on other sites

@Broni

This is the fresh FRST log that you want.

________________________________________________________________________

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2016 01
Ran by SYSTEM on MININT-90D2CNI (22-08-2016 11:52:17)
Running from f:\
Platform: WIN_10 (X86) Language: English (United States)
Boot Mode: Recovery
ATTENTION: Could not load system hive.
The operation completed successfully.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Winlogon: [Userinit] 
HKU\Administrator\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515072 2015-10-29] (Microsoft Corporation)
HKU\asus\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23496872 2016-05-16] (Google)
HKU\asus\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6690008 2016-05-13] (Piriform Ltd)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-18 20:28 - 2016-08-18 20:28 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2016-08-18 04:19 - 2016-08-18 04:19 - 00000000 _____ C:\Windows\Minidump\081816-11843-01.dmp
2016-08-18 04:18 - 2016-08-18 04:18 - 00000000 _____ C:\Windows\Minidump\081816-13000-01.dmp
2016-08-18 02:20 - 2016-08-18 02:20 - 00000000 _____ C:\Windows\Minidump\081816-11828-01.dmp
2016-08-18 02:19 - 2016-08-18 02:19 - 00000000 _____ C:\Windows\Minidump\081816-13515-01.dmp
2016-08-16 22:53 - 2016-08-16 22:53 - 00000000 _____ C:\Windows\Minidump\081716-11812-01.dmp
2016-08-16 22:52 - 2016-08-16 22:52 - 00000000 _____ C:\Windows\Minidump\081716-13500-01.dmp
2016-08-16 22:33 - 2016-08-16 22:33 - 00000000 _____ C:\Windows\Minidump\081716-12515-01.dmp
2016-08-16 22:32 - 2016-08-16 22:32 - 00000000 _____ C:\Windows\Minidump\081716-13375-01.dmp
2016-08-16 14:25 - 2016-08-22 11:52 - 00000000 ____D C:\FRST
2016-08-15 23:23 - 2016-08-15 23:23 - 00000000 _____ C:\Windows\Minidump\081616-12062-01.dmp
2016-08-15 23:22 - 2016-08-15 23:22 - 00000000 _____ C:\Windows\Minidump\081616-12437-01.dmp
2016-08-15 22:03 - 2016-08-15 22:03 - 00000000 _____ C:\Windows\Minidump\081616-29812-01.dmp
2016-08-15 22:02 - 2016-08-15 22:02 - 00000000 _____ C:\Windows\Minidump\081616-27609-01.dmp
2016-08-15 21:55 - 2016-08-15 21:55 - 00000000 _____ C:\Windows\Minidump\081616-28062-01.dmp
2016-08-15 21:53 - 2016-08-15 21:53 - 00000000 _____ C:\Windows\Minidump\081616-27796-01.dmp
2016-08-15 21:49 - 2016-08-15 21:49 - 00000000 _____ C:\Windows\Minidump\081616-28328-01.dmp
2016-08-15 21:48 - 2016-08-15 21:48 - 00000000 _____ C:\Windows\Minidump\081616-29296-01.dmp
2016-08-15 21:41 - 2016-08-15 21:42 - 00000000 ___HD C:\$Windows.~BT
2016-08-15 21:38 - 2016-08-15 21:55 - 00000000 ___HD C:\$SysReset
2016-08-15 16:55 - 2016-08-15 21:55 - 00000000 _____ C:\Recovery.txt
2016-08-15 16:53 - 2016-08-21 22:35 - 01441792 _____ C:\BitLockerWinRELog.etl
2016-08-15 06:11 - 2016-08-15 06:11 - 00000000 ____D C:\Windows\Minidump
2016-08-15 06:11 - 2016-08-15 06:11 - 00000000 _____ C:\Windows\Minidump\081516-30421-01.dmp
2016-08-15 06:09 - 2016-08-15 06:09 - 00003072 _____ C:\Windows\System32\umstartup.etl
2016-08-15 05:30 - 2016-08-18 04:19 - 222349157 _____ C:\Windows\MEMORY.DMP
2016-08-15 05:28 - 2016-08-15 05:29 - 00165424 _____ C:\Windows\ntbtlog.txt
2016-08-15 00:28 - 2016-08-15 05:29 - 00307112 _____ C:\Windows\System32\FNTCACHE.DAT
2016-08-11 05:08 - 2016-08-11 05:08 - 04516102 _____ C:\Users\asus\Desktop\2016_Citi_Rewards_Catalogue.pdf
2016-08-11 04:32 - 2016-08-11 04:32 - 00001186 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-08-08 23:02 - 2016-08-08 23:02 - 00402783 _____ C:\Users\asus\Downloads\PMBDSF_20160728_CII0700000099991-01.pdf
2016-08-07 06:39 - 2016-08-07 06:39 - 00740664 _____ C:\Users\asus\Downloads\George Lamberis Lamberis George tumblr_iMEaY2TVAbi.mp4
2016-08-04 06:37 - 2016-08-04 06:37 - 00006144 _____ C:\Users\asus\Desktop\CIMBClicks_Trx_History.xls
2016-08-01 23:32 - 2016-08-01 23:32 - 00260452 _____ C:\Users\asus\Desktop\Payment Receipt.pdf
2016-08-01 23:20 - 2016-08-04 06:04 - 00023236 _____ C:\Users\asus\Desktop\Senarai Nama ke LSB.pdf
2016-08-01 23:14 - 2016-08-01 23:14 - 00008755 _____ C:\Users\asus\Desktop\Laporan Mingguan Petang 270716.pdf
2016-08-01 23:13 - 2016-08-01 23:13 - 00008757 _____ C:\Users\asus\Desktop\Laporan Mingguan Petang 130716.pdf
2016-08-01 23:12 - 2016-08-01 23:12 - 00008793 _____ C:\Users\asus\Desktop\Laporan Mingguan Pagi 270716.pdf
2016-08-01 23:11 - 2016-08-01 23:11 - 00008977 _____ C:\Users\asus\Desktop\Laporan Mingguan Pagi 130716.pdf
2016-08-01 05:09 - 2016-08-01 05:09 - 00080711 _____ C:\Users\asus\Desktop\eStatement20160728.pdf
2016-07-28 06:32 - 2016-06-23 07:52 - 00319248 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2016-07-25 05:12 - 2016-07-25 05:12 - 00258966 _____ C:\Users\asus\Downloads\Payment Receipt.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-15 17:19 - 2016-06-03 14:00 - 00000000 ___DC C:\Windows\Panther
2016-08-15 17:04 - 2015-10-29 21:47 - 00000000 ____D C:\Windows\INF
2016-08-15 05:29 - 2015-10-29 21:13 - 00786432 ___SH C:\Windows\System32\config\BBI
2016-08-12 07:23 - 2015-06-29 06:25 - 144884648 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-08-12 07:22 - 2015-10-29 21:39 - 00000000 ____D C:\Windows\CbsTemp
2016-08-12 07:18 - 2015-09-07 06:29 - 00000000 ____D C:\ProgramData\360Quarant
2016-08-12 06:45 - 2015-10-29 21:48 - 00000000 ____D C:\Windows\AppReadiness
2016-08-12 06:43 - 2015-10-29 21:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-12 06:21 - 2016-04-22 02:22 - 00000000 ____D C:\Users\asus\AppData\LocalLow\360WD
2016-08-12 05:42 - 2016-04-22 02:22 - 00000000 ____D C:\Users\asus\AppData\Roaming\360safe
2016-08-12 05:39 - 2016-06-07 05:00 - 00000000 ____D C:\Users\asus\AppData\Roaming\Skype
2016-08-12 04:34 - 2016-06-02 22:00 - 00000000 ____D C:\Windows\System32\SleepStudy
2016-08-12 04:28 - 2015-10-29 21:48 - 00000000 ____D C:\Windows\System32\NDF
2016-08-12 04:28 - 2015-09-14 07:22 - 00000000 ___RD C:\Users\asus\Google Drive
2016-08-12 04:25 - 2015-09-05 23:59 - 00879220 _____ C:\Windows\System32\PerfStringBackup.INI
2016-08-12 04:19 - 2016-06-03 22:11 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-08-12 04:18 - 2015-09-06 00:05 - 00000000 __SHD C:\Users\asus\IntelGraphicsProfiles
2016-08-12 04:11 - 2016-04-22 02:22 - 00000000 _RSHD C:\360SANDBOX
2016-08-12 04:10 - 2016-06-02 22:07 - 00000000 ____D C:\users\asus
2016-08-12 04:06 - 2016-06-02 22:07 - 00000000 ____D C:\users\Administrator
2016-08-07 22:04 - 2016-04-22 02:22 - 00221696 _____ (360.cn) C:\Windows\System32\Drivers\360Box.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00195712 _____ (360安全中心) C:\Windows\System32\Drivers\360SelfProtection.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00144384 _____ (360.cn) C:\Windows\System32\Drivers\360AntiHacker.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00074496 _____ (360.cn) C:\Windows\System32\Drivers\qutmipc.sys
2016-08-07 22:04 - 2016-04-22 02:22 - 00052224 _____ (360.cn) C:\Windows\System32\Drivers\360Camera.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00322688 _____ (360.cn) C:\Windows\System32\Drivers\qutmdrv.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00195072 _____ (360.cn) C:\Windows\System32\Drivers\BAPIDRV.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00083456 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys
2016-08-07 22:04 - 2016-04-22 02:21 - 00078208 _____ (360安全中心) C:\Windows\System32\Drivers\hookport.sys
2016-08-07 06:56 - 2014-04-21 20:37 - 00000000 ____D C:\Users\asus\AppData\LocalLow\57217810-E194-2A9B-F98E-DBA96CA40352
2016-08-07 06:40 - 2015-12-28 05:34 - 00000000 ____D C:\Users\asus\AppData\Roaming\vlc
2016-08-04 06:38 - 2014-04-16 19:54 - 00000000 ____D C:\Users\asus\AppData\Local\Packages
2016-08-03 06:33 - 2016-06-23 07:53 - 00224616 _____ C:\Windows\System32\Drivers\aswvmm.sys
2016-07-30 03:09 - 2016-05-31 02:45 - 00000000 ____D C:\Users\asus\Desktop\YX Ong
2016-07-28 06:33 - 2016-06-23 07:53 - 00438296 _____ C:\Windows\System32\Drivers\aswsp.sys
2016-07-28 06:21 - 2016-06-07 04:59 - 00000000 ___RD C:\Program Files\Skype
2016-07-28 06:21 - 2016-06-07 04:59 - 00000000 ____D C:\ProgramData\Skype
2016-07-24 03:53 - 2015-10-29 21:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-24 03:51 - 2014-04-21 18:57 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe
[2016-07-14 04:51] - [2016-06-30 20:19] - 4074160 ____A (Microsoft Corporation) B6113983ED77D6FE99BDEE461E7BE004

C:\Windows\System32\winlogon.exe
[2016-06-04 06:46] - [2016-04-22 20:14] - 0494592 ____A (Microsoft Corporation) 4A618D1B1D6D46B2FE635A85A3B10F3E

C:\Windows\System32\wininit.exe
[2016-06-04 06:45] - [2016-04-22 21:07] - 0192704 ____A (Microsoft Corporation) C3063049D15E3C93194463E0A7F213A5

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-06-04 06:45] - [2016-04-22 21:00] - 1273720 ____A (Microsoft Corporation) 588454298D5160155B522C58EFD81DC4

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 1933.15 MB
Available physical RAM: 1465.38 MB
Total Virtual: 1933.15 MB
Available Virtual: 1497.06 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:27.78 GB) (Free:6 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data1) (Fixed) (Total:465.76 GB) (Free:432.65 GB) NTFS
Drive e: () (Fixed) (Total:0.44 GB) (Free:0.18 GB) NTFS
Drive f: (MCARD) (Removable) (Total:7.37 GB) (Free:5.45 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: FF6160FC)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A8DC5C91)

Partition: GPT.

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 481A943F)

Partition: GPT.

========================================================
Disk: 3 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT.


LastRegBack: 2016-06-02 22:00

==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...