Farbar Recovery Scan Tool Not Compatible

Hi,
My computer started crashing on load and during safemode boot up after running ComboFix to remove a rootkit... At the time I wasn't able to run TDSSKiller for an unknown reason and after ComboFix looked like it was successful, the computer ended up not starting. I've run everything under the sun to try and fix this problem then I heard of Farbar's Recovery Scan Tool... Loaded it on a flash drive, whipped it over to the laptop, and low and behold....

This version of C:\FRST64.exe is not compatible with the version of WIndows you're running. Check your computer's system information to se whether you need a ..................

Anyway, it is a 64bit operating system that is installed and I had tried to 32bit program and neither worked... I attempted to download it again without success....

The system looks like it reboots just as it blinks from the starting windows screen to the logon screen...

Any help would be great.
Thank you

Hi,

Let me ask someone to help you

good luck

If formatting isn't an option and you had a windows disk you could boot into recovery mode and see if sfc works in recovery console.

SFC System file checker will scan protected files and replace them if they are corrupt.

1) Load recovery console
2) Open the command line
3) type SFC /verifyonly

If files are found to be corrupt then step 4
4) type SFC /scannow

Make sure you have the windows dvd and don't turn off the power.

If you can't get sfc to work in recovery mode then you can log in to the system user. (I'm assuming your using windows 7)

1) Load recovery console
2) CD to Windows\system32 directory
3) rename magnify.exe to magnify2.exe and create a copy of cmd.exe and name it magnify.exe
4) restart the machine and at the user login screen look at the bottom left and ease of access then select the magnifier and click apply.
5) cmd.exe will open up instead and inside of it type SFC /verifyonly
Again if that doesn't work then log in as the system user step 6:
6) type explorer.exe and you will be logged in as the system user.

Hope this helps, and from recovery console you should also run chkdsk.
1) Open command line
2) type chkdsk /f
3) wait for it to complete

Both FRST and ComboFix are malware tools...problems with or after use of malware tools are not the province of this forum since this is not a malware forum.

Your topic has been placed on the BC Unbootable (due to malware) List and someone with expertise in malware should be assisting you shortly.

I suggest that you do nothing until one of the BC malware personnel respond to this topic.

Louis

Hello,

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

• Insert your USB drive
• Press Start > My Computer > right click your USB drive > choose Format > Quick format
• Double click the unetbootin-xpud-windows-latest.exe that you just downloaded
• Press Run then OK
• Select the DiskImage option then click the browse button located on the right side of the textbox field.
• Browse to and select the xpud-0.9.2.iso file you downloaded
• Verify the correct drive letter is selected for your USB device then click OK
• It will install a little bootable OS on your USB device
• Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
• After it has completed do not choose to reboot the clean computer simply close the installer
• Next download http://noahdfear.net/downloads/xPUD_userinit_fix to your USB (without a file extension, you may have to right click on the link and click on Save Target As, and make sure that "All Files" is selected)
• Remove the USB and insert it in the sick computer
• Boot the Sick computer
• Press F12 right as the computer is initially starting up, and choose to boot from the USB
• Follow the prompts
• A Welcome to xPUD screen will appear
• Press File
• Expand mnt
• sda1,2...usually corresponds to your hard drive
• sdb1 is likely your USB
• Click on sdb1 (this is your USB drive)
• Confirm that you see xPUD_userinit_fix on your USB drive (sdb1)
• Double click on xPUD_userinit_fix
• After it has finished a report will be located on your USB drive named UserinitReport.txt
• Click on the Home tab, click on Power Off, and then click on Turn Off
• Remove the USB drive and insert back in your working computer and navigate to UserinitReport.txt
  
  Please note - all text entries are case sensitive

Please copy and paste the UserinitReport.txt for my review.

Hi,

I downloaded xPud and attempted to run on the sick computer. It comes up with the language select screen and after selecting English it comes up with loading boot/xpud........... and has a lot of dots, then it moves onto the next screen but never comes on. The screen stays blank... Nothing comes up? I tried it several times.

Is there another version of linux live that I could use? or a way to make this one work?

I have a HP Pavilion dv4 2010 model...

Thanks

Have you tried to run a startup repair (from the recovery environment)?

Yes, I have tried system repair, chkdsk, bootrec /fix and all that... I've also done sfc /scannow and browsed through the ntbtlog.log without success.. There are errors in the ntbtlog loading about 5 files, but I've checked and none of them are corupt, at least sfc says so.

Thanks

Can you post me the ntbtlog.txt file?

Did startup repair successfully complete?

Yes, the Startup repair did make it all the way through. It did take its time on the chkdsk, and did not show any errors at the end.
Attached is the ntbtlog.... Theres a few safemode startups and a few normal attempts.

Hi again,

In the recovery environment open a command prompt and type notepad and press enter.

Click File > Open. Manually look for c:\windows\system32\drivers\serial.sys
Is this file present?

Yes, all the ones that came up with errors are present in the drivers folder. I have replaced the serial.sys with the one found on the X: drive (winRE) partition to no avail. Thanks

At the command prompt type regedit and press enter.

Highlight the HKEY_LOCAL_MACHINE hive in the left panel and click File > Load Hive. Navigate to c:\windows\system32\config\system and click Open. Give the hive the name TEST.

You will now see TEST under HKEY_LOCAL_MACHINE. Expand it and high light the Select key. Let me know what value is present after Current. If you're not sure which value I mean, just list everything present in the Select key (you'll see its values in the right panel when you highlight Select in the left panel).

When done, highlight the TEST hive again, and click File > Unload hive (it is very important you do this!).

Current (1)
Default (1)
Failed (0)
LastKnownGood (2)

Please repeat these steps:

At the command prompt type regedit and press enter.

Highlight the HKEY_LOCAL_MACHINE hive in the left panel and click File > Load Hive. Navigate to c:\windows\system32\config\system and click Open. Give the hive the name TEST.

You will now see TEST under HKEY_LOCAL_MACHINE.

Under TEST select ControlSet001.
Under Controlset001 select Services. Look in the services list for Serial and let me know if it is there.

If you shut down the computer, please be sure to unload the TEST hive as indicated!