Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

loops into repair


  • This topic is locked This topic is locked
28 replies to this topic

#1 bincode1010

bincode1010

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 18 September 2012 - 11:58 AM

Hello All,

I am trying to troubleshoot a HP Compaq Presario CQ60-410us with 3Gb(a 2Gb and 1Gb chip) ram, Windows 7 Service Pack

1 x86for a friend. They say there was some type of virus or malware on the machine. They scanned with Malware Bytes

logs indicate PUP.MyWebSearch. Im not sure if the problem I am trying to fix is a result of that attempt to cleanup.

Problem Event Name: StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7600.16385
Problem Signature 03: unknown
Problem Signature 04: 21200999
Problem Signature 05: AutoFailover
Problem Signature 06: 25
Problem Signature 07: 0x8e
OS Verison 6.1.7600.2.0.0.256.1
Locale ID: 1033

Ran Kaspersky rescue disk 10 and it found c:/prg files/televisionFanatic/bar/1.bin/64sknlcr.dll

Trojan:Packed.Win32.Krap.hc. Just loops into repair now. Ran memtest86 and found the 2Gb stick to be bad and just

left the good 1Gb stick but still does not boot.

Any input would be appreciated.

Thanks

Ken

Edited by hamluis, 18 September 2012 - 01:47 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 bincode1010

bincode1010
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 19 September 2012 - 01:31 PM

On speaking to my friend he said commercials would play on speakers and that he had to mute it. His AOL would get cut off. This started a couple weeks before it just would not start. Looking through the topics it kind of seems like the issue on this thread.

http://www.bleepingcomputer.com/forums/topic468468.html/page__pid__2839028#entry2839028

thank you,

Ken

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 33,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:36 AM

Posted 19 September 2012 - 08:32 PM

Welcome aboard Posted Image

Is the computer bootable in any mode?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#4 bincode1010

bincode1010
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 20 September 2012 - 11:37 AM

Thanks! Great site.

No. Safe mode gets to ci.dll and ends up in repair screen.

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 33,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:36 AM

Posted 20 September 2012 - 11:39 AM

I'll report this topic to appropriate malware helpers.
Hold on there.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif




#6 bincode1010

bincode1010
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 20 September 2012 - 11:50 AM

Thanks, greatly appreciated

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:36 AM

Posted 21 September 2012 - 12:48 PM

Hello Ken,

Welcome to the forum.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:36 AM

Posted 21 September 2012 - 12:51 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#9 bincode1010

bincode1010
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 21 September 2012 - 03:08 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-09-2012
Ran by SYSTEM at 21-09-2012 15:54:09
Running from G:\
Windows 7 Home Premium   (X86) OS Language: English(US) 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKU\Billy's PC\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [206112 2008-10-24] (Macrovision Corporation)
HKU\Billy's PC\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [x]
HKU\Billy's PC\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\Billy's PC\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Billy's PC\...\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.7\AOL.EXE" -b [42320 2011-12-14] (AOL Inc.)
HKU\Billy's PC\...\Run: [Advanced SystemCare 4] "C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe" [402832 2011-04-21] (IObit)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\Userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.250.0.12
Startup: C:\Users\Billy's PC\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 AdvancedSystemCareService; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [352656 2011-04-21] (IObit)
2 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [374184 2012-07-12] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files\LogMeIn\x86\RaMaint.exe" [136616 2012-07-12] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files\LogMeIn\x86\LogMeIn.exe" [390528 2010-12-17] (LogMeIn, Inc.)
2 N360; "C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\5.2.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [241734 2008-09-15] ()
2 TelevisionFanaticService; C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe [42504 2012-02-24] ()
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
2 MyWebSearchService; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [x]

==================== Drivers (Whitelisted) ====================

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [821920 2012-06-18] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-06-02] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-06-02] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120711.001\IDSvix86.sys [382624 2012-06-18] (Symantec Corporation)
2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2008-08-11] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2008-08-11] (LogMeIn, Inc.)
2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2008-08-11] (LogMeIn, Inc.)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120711.018\NAVENG.SYS [87928 2012-07-09] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120711.018\NAVEX15.SYS [1589752 2012-07-09] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360\0502020.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360\0502020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-19] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360\0502020.003\SYMNETS.SYS [299640 2011-04-20] (Symantec Corporation)
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
4 LMIRfsClientNP;  [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-09-17 08:22 - 2012-09-17 12:14 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-09-11 19:35 - 2012-09-20 12:45 - 00000000 ____D C:\FRST
2012-09-04 11:01 - 2012-09-04 11:02 - 06207488 ____N C:\Users\Billy's PC\Documents\USANewYorkOldPhoto's.pps
2012-09-03 12:27 - 2012-09-03 12:27 - 00002800 ____N C:\{4C95E4C7-0AF9-44DF-97E4-3AA72A8E8965}
2012-08-22 06:50 - 2012-08-22 06:50 - 00000928 ____N C:\{29FF308A-35D1-42CE-B9C0-CEA8389C0747}

==================== 3 Months Modified Files ==================

2012-09-04 11:02 - 2012-09-04 11:01 - 06207488 ____N C:\Users\Billy's PC\Documents\USANewYorkOldPhoto's.pps
2012-09-03 12:27 - 2012-09-03 12:27 - 00002800 ____N C:\{4C95E4C7-0AF9-44DF-97E4-3AA72A8E8965}
2012-08-22 06:50 - 2012-08-22 06:50 - 00000928 ____N C:\{29FF308A-35D1-42CE-B9C0-CEA8389C0747}
2012-08-19 13:50 - 2012-08-19 13:50 - 00000928 ____N C:\{1CE5548F-B83A-43AD-888B-80F80B5B4642}
2012-08-08 11:24 - 2012-08-08 11:24 - 00055335 ____N C:\Users\Billy's PC\Documents\PSEGeneralClerkVMF.zip
2012-07-24 16:37 - 2012-07-24 16:36 - 00002192 ____N C:\{9C85C467-EEEA-4BE7-BD97-7739AFFC1326}
2012-07-22 10:48 - 2012-07-22 10:47 - 00080297 ____N C:\Users\Billy's PC\Documents\PTP.zip
2012-07-22 09:35 - 2012-07-22 09:35 - 10361344 ____N C:\Users\Billy's PC\Documents\Best_of_2012.pps
2012-07-14 04:02 - 2012-07-14 04:02 - 00002192 ____N C:\{D654017D-37C2-4289-9578-45E68130C255}
2012-07-12 20:12 - 2012-07-12 20:12 - 16543438 ____N C:\Users\Billy's PC\Downloads\otk2010v214.zip
2012-07-12 20:06 - 2010-01-15 07:50 - 00115440 _____ C:\Users\Billy's PC\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-12 19:08 - 2012-07-12 19:08 - 00024576 ____N (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-07-12 18:59 - 2010-01-15 09:12 - 01711092 ____N C:\Windows\WindowsUpdate.log
2012-07-12 18:42 - 2011-05-23 06:52 - 00000894 ____N C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-12 18:34 - 2012-03-30 07:04 - 00000830 ____N C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-12 17:59 - 2012-07-12 17:59 - 00001161 ____N C:\Users\Public\Desktop\Quick Care.lnk
2012-07-12 17:59 - 2012-07-12 17:59 - 00001139 ____N C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
2012-07-12 17:52 - 2011-06-06 16:12 - 00002246 ____N C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-12 17:48 - 2012-07-12 17:48 - 00000893 ____N C:\Users\Public\Desktop\BitTorrent.lnk
2012-07-12 16:45 - 2010-01-15 08:31 - 00011104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-12 16:45 - 2010-01-15 08:31 - 00011104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-12 16:42 - 2011-05-23 06:52 - 00000890 ____N C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-12 16:35 - 2010-01-15 07:50 - 00000284 _____ C:\Users\All Users\hpqp.ini
2012-07-12 16:33 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2012-07-12 16:33 - 2009-07-13 20:39 - 14760636 ____N C:\Windows\setupact.log
2012-07-12 16:21 - 2009-07-13 20:53 - 00032640 ____N C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-12 16:04 - 2012-07-12 16:04 - 00146240 ____N C:\Windows\Minidump\071212-59607-01.dmp
2012-07-12 16:03 - 2012-03-14 13:03 - 371916435 ____N C:\Windows\MEMORY.DMP
2012-07-12 15:58 - 2010-01-15 09:00 - 00672980 ____N C:\Windows\PFRO.log
2012-07-12 10:52 - 2010-03-12 10:37 - 00087456 ____N (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-12 10:52 - 2010-03-12 10:37 - 00083392 ____N (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-12 10:52 - 2010-03-12 10:37 - 00030624 ____N (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-11 11:34 - 2012-03-30 07:04 - 00426184 ____N (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-11 11:34 - 2011-05-17 13:45 - 00070344 ____N (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-09 11:13 - 2012-07-09 11:13 - 00135472 ____N C:\Windows\Minidump\070912-59904-01.dmp
2012-06-27 08:03 - 2012-06-27 08:02 - 00146224 ____N C:\Windows\Minidump\062712-52182-01.dmp
2012-06-24 10:36 - 2012-06-24 10:36 - 00000928 ____N C:\{5AEF25FD-E0D7-494A-8816-8D5F7A19F0AC}
2012-06-24 10:22 - 2012-06-24 10:21 - 00146240 ____N C:\Windows\Minidump\062412-45396-01.dmp


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 955.2 MB
Available physical RAM: 544.37 MB
Total Pagefile: 955.2 MB
Available Pagefile: 550.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.87 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:138.13 GB) (Free:96.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (KINGSTON) (Removable) (Total:1.92 GB) (Free:1.23 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          149 GB  2048 KB         
  Disk 1    No Media           0 B      0 B         
  Disk 2    Online         1968 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            138 GB  1024 KB
  Partition 2    Primary             10 GB   138 GB

=========================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C                NTFS   Partition    138 GB  Healthy            

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D   RECOVERY     NTFS   Partition     10 GB  Healthy          

=========================================================

Partitions of Disk 2:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1967 MB    16 KB

=========================================================

Disk: 2
Partition 1
Type  : 0E
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   KINGSTON     FAT    Removable   1967 MB  Healthy            

=========================================================

Last Boot: 2012-07-14 07:24

==================== End Of Log ============================

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:36 AM

Posted 21 September 2012 - 03:23 PM

Please download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix application to the USB drive.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
HKU\Billy's PC\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [x]
C:\Program Files\MyWebSearch
2 MyWebSearchService; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [x]
SaveMbr: Drive=0
end

Now please enter System Recovery Options and select "Command Prompt".

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post its contents in your reply. It will also produce another file, MBRDUMP.txt, on the flash drive that although it may look a text file, it is a hex file. You must attach this report on your reply instead of posting its contents.

#11 bincode1010

bincode1010
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 22 September 2012 - 01:24 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-09-2012
Ran by SYSTEM at 2012-09-22 02:14:55 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
HKEY_USERS\Billy's PC\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin Value deleted successfully.
C:\Program Files\MyWebSearch moved successfully.
MyWebSearchService service deleted successfully.
MBRDUMP.txt is made successfully.

==== End of Fixlog ====Attached File  MBRDUMP.txt   512bytes   8 downloads

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:36 AM

Posted 22 September 2012 - 01:51 AM

The MBR is clean.

Please restart the computer. Then watch what happens on the screen and describe it for me. I would like to know how far the system goes and in what stage the system stops booting. That would help me to get an idea about what might be the issue.

#13 bincode1010

bincode1010
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 22 September 2012 - 02:14 AM

Started in safe mode and boots until ci.dll then goes into startup repair

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:36 AM

Posted 22 September 2012 - 02:19 AM

Please note that I didn't ask you to start in Safe Mode.

Please read my post carefully and be my eyes as I can't see what you see on the screen when you start the system.

#15 bincode1010

bincode1010
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 22 September 2012 - 02:30 AM

Starting windows
Then
Windows is loading files...
Then startup repair
Startup repair is checking your system for problems...
Then
Starup repair cannot repair this computer automatically




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users