Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Repair virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 Dc Will

Dc Will

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 11 February 2012 - 05:30 PM

Hello - I am new to posting in this forum, though I have come here for help in the past and came away with great results, so I am wondering if I can get some help with an issue my laptop is having.

I have looked through the forums and came across a couple of threads that seem to be discussing the issue I am having with my laptop.

The first post at http://www.bleepingcomputer.com/forums/topic411964.html seems to describe what I am going through on my laptop.


I followed these directions:


To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Any help on what to do next would be greatly appreciated.

Thanks

Scan result of Farbar Recovery Scan Tool Version: 11-02-2012
Ran by SYSTEM at 2012-02-11 16:04:53
Running from G:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The request could not be performed because of an I/O device error.

Attention: System hive is missing.

========================== Registry (Whitelisted) =============

Attention: Software hive is missing.

HKU\Daniel\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Daniel\...\Run: [Google Update] "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-01-12] (Google Inc.)
HKU\Daniel\...\Run: [Spyware Doctor] C:\Users\Daniel\Desktop\sdsetup_revwire207[1].exe -min [x]
HKU\Daniel\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [x]
HKU\Daniel\...\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [x]
HKU\Daniel\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x ] ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-11 13:17 - 2012-02-11 16:05 - 0000000 ____D C:\FRST
2012-02-10 09:39 - 2012-02-10 09:39 - 0000000 ____D C:\Users\Daniel\Downloads\Attachments_2012_02_10
2012-02-06 18:59 - 2012-02-06 18:59 - 0000000 ____D C:\Users\Daniel\Downloads\Attachments_2012_02_6
2012-02-04 15:45 - 2012-02-04 15:45 - 0001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-02-04 15:45 - 2012-02-04 15:45 - 0001696 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-02-04 15:44 - 2012-02-04 15:45 - 0000000 ____D C:\Program Files\iTunes
2012-02-04 15:44 - 2012-02-04 15:45 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-04 15:44 - 2012-02-04 15:44 - 0000000 ____D C:\Program Files\iPod
2012-02-02 11:45 - 2012-02-02 12:35 - 0245902 ____A C:\Users\Daniel\Desktop\MGT 451 gagne presentation.pptx
2012-01-30 21:05 - 2012-01-30 21:05 - 0013243 ____A C:\Users\Daniel\Desktop\SWOT.docx
2012-01-26 15:12 - 2012-01-26 15:12 - 0459978 ____A C:\Users\Daniel\Desktop\0158352_Williams.rtf
2012-01-25 14:07 - 2011-11-16 22:53 - 0515968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-25 14:07 - 2011-11-16 08:43 - 0442368 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2012-01-25 14:07 - 2011-11-16 08:42 - 0347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-25 14:07 - 2011-11-16 08:42 - 0094720 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-25 14:07 - 2011-11-16 08:41 - 1689600 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-25 14:07 - 2011-11-16 08:24 - 0077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-25 14:07 - 2011-11-16 08:23 - 0377344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2012-01-25 14:07 - 2011-11-16 08:23 - 0278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-25 14:07 - 2011-11-16 06:34 - 0011264 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-20 16:00 - 2012-01-27 12:09 - 0010923 ____A C:\Users\Daniel\Desktop\SB 12 info.docx
2012-01-18 18:41 - 2012-02-05 21:42 - 0000000 ____D C:\Users\Daniel\Desktop\MGT 390
2012-01-18 18:41 - 2012-01-18 18:41 - 0000000 ____D C:\Users\Daniel\Desktop\MGT 311
2012-01-18 18:40 - 2012-02-10 19:58 - 0000000 ____D C:\Users\Daniel\Desktop\MGT 452
2012-01-18 18:40 - 2012-02-09 21:11 - 0000000 ____D C:\Users\Daniel\Desktop\MGT 451
2012-01-18 18:40 - 2012-01-26 09:54 - 0000000 ____D C:\Users\Daniel\Desktop\MGT 462
2012-01-18 18:40 - 2012-01-23 15:44 - 0000000 ____D C:\Users\Daniel\Desktop\MGT 492
2012-01-16 08:53 - 2012-01-16 08:53 - 0001919 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-01-16 08:53 - 2012-01-16 08:53 - 0001919 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-01-13 16:11 - 2012-01-13 16:11 - 0011094 ____A C:\Users\Daniel\Desktop\BOOKS FOR SPRING 2012 SEMESTER.docx

============ 3 Months Modified Files and Folders =============

2012-02-11 16:05 - 2012-02-11 13:17 - 0000000 ____D C:\FRST
2012-02-10 21:01 - 2009-09-15 13:03 - 0098198 ____A C:\Users\All Users\HPWALog.txt
2012-02-10 21:01 - 2009-09-15 13:03 - 0098198 ____A C:\Users\All Users\Application Data\HPWALog.txt
2012-02-10 21:01 - 2009-09-15 13:03 - 0098198 ____A C:\ProgramData\HPWALog.txt
2012-02-10 21:01 - 2009-07-20 01:57 - 1371546 ____A C:\Windows\WindowsUpdate.log
2012-02-10 21:00 - 2006-11-02 07:22 - 0003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-10 21:00 - 2006-11-02 07:22 - 0003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-10 20:35 - 2011-06-06 20:58 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-10 20:22 - 2010-01-12 23:41 - 0000912 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085193003-2702605659-3585679905-1000UA.job
2012-02-10 19:58 - 2012-01-18 18:40 - 0000000 ____D C:\Users\Daniel\Desktop\MGT 452
2012-02-10 17:00 - 2011-06-06 20:58 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-10 09:39 - 2012-02-10 09:39 - 0000000 ____D C:\Users\Daniel\Downloads\Attachments_2012_02_10
2012-02-10 05:50 - 2009-12-19 15:18 - 0000000 ____D C:\Program Files (x86)\Motorola Media Link
2012-02-10 05:50 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-09 21:12 - 2006-11-02 07:42 - 0032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-09 21:11 - 2012-01-18 18:40 - 0000000 ____D C:\Users\Daniel\Desktop\MGT 451
2012-02-09 18:58 - 2010-04-08 16:25 - 0000000 ___HD C:\Users\Daniel\Local Settings\CrashDumps
2012-02-09 18:58 - 2010-04-08 16:25 - 0000000 ___HD C:\Users\Daniel\Local Settings\Application Data\CrashDumps
2012-02-09 18:58 - 2010-04-08 16:25 - 0000000 ___HD C:\Users\Daniel\AppData\Local\CrashDumps
2012-02-09 12:20 - 2009-10-22 10:36 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-02-09 07:47 - 2010-01-12 23:41 - 0000860 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2085193003-2702605659-3585679905-1000Core.job
2012-02-08 09:36 - 2010-10-10 23:52 - 0006836 ____A C:\Users\Daniel\Local Settings\d3d9caps.dat
2012-02-08 09:36 - 2010-10-10 23:52 - 0006836 ____A C:\Users\Daniel\Local Settings\Application Data\d3d9caps.dat
2012-02-08 09:36 - 2010-10-10 23:52 - 0006836 ____A C:\Users\Daniel\AppData\Local\d3d9caps.dat
2012-02-07 14:06 - 2010-08-18 15:31 - 0000000 ___HD C:\Users\Daniel\Application Data\HpUpdate
2012-02-07 14:06 - 2010-08-18 15:31 - 0000000 ___HD C:\Users\Daniel\AppData\Roaming\HpUpdate
2012-02-07 08:17 - 2009-10-27 21:21 - 0000000 ___HD C:\Users\Daniel\Application Data\Skype
2012-02-07 08:17 - 2009-10-27 21:21 - 0000000 ___HD C:\Users\Daniel\AppData\Roaming\Skype
2012-02-06 18:59 - 2012-02-06 18:59 - 0000000 ____D C:\Users\Daniel\Downloads\Attachments_2012_02_6
2012-02-05 21:42 - 2012-01-18 18:41 - 0000000 ____D C:\Users\Daniel\Desktop\MGT 390
2012-02-04 15:45 - 2012-02-04 15:45 - 0001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-02-04 15:45 - 2012-02-04 15:45 - 0001696 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-02-04 15:45 - 2012-02-04 15:44 - 0000000 ____D C:\Program Files\iTunes
2012-02-04 15:45 - 2012-02-04 15:44 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-02-04 15:44 - 2012-02-04 15:44 - 0000000 ____D C:\Program Files\iPod
2012-02-02 12:35 - 2012-02-02 11:45 - 0245902 ____A C:\Users\Daniel\Desktop\MGT 451 gagne presentation.pptx
2012-02-02 10:53 - 2008-01-20 19:26 - 1165192 ____A C:\Windows\PFRO.log
2012-01-31 04:44 - 2009-11-14 23:47 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-30 21:05 - 2012-01-30 21:05 - 0013243 ____A C:\Users\Daniel\Desktop\SWOT.docx
2012-01-30 19:05 - 2009-09-15 13:18 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-01-27 12:09 - 2012-01-20 16:00 - 0010923 ____A C:\Users\Daniel\Desktop\SB 12 info.docx
2012-01-26 15:12 - 2012-01-26 15:12 - 0459978 ____A C:\Users\Daniel\Desktop\0158352_Williams.rtf
2012-01-26 09:54 - 2012-01-18 18:40 - 0000000 ____D C:\Users\Daniel\Desktop\MGT 462
2012-01-23 15:44 - 2012-01-18 18:40 - 0000000 ____D C:\Users\Daniel\Desktop\MGT 492
2012-01-22 21:08 - 2011-10-12 16:52 - 0000000 ____D C:\Users\Daniel\Application Data\uTorrent
2012-01-22 21:08 - 2011-10-12 16:52 - 0000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent
2012-01-22 13:47 - 2009-09-15 12:55 - 0000000 ___HD C:\users\Daniel
2012-01-18 18:41 - 2012-01-18 18:41 - 0000000 ____D C:\Users\Daniel\Desktop\MGT 311
2012-01-18 17:07 - 2009-09-16 12:25 - 0000000 ____D C:\Users\Daniel\My Documents\Daniel
2012-01-18 17:07 - 2009-09-16 12:25 - 0000000 ____D C:\Users\Daniel\Documents\Daniel
2012-01-16 08:53 - 2012-01-16 08:53 - 0001919 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-01-16 08:53 - 2012-01-16 08:53 - 0001919 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-01-16 08:53 - 2009-01-13 09:23 - 0000000 ___HD C:\Users\All Users\Application Data\Adobe
2012-01-16 08:53 - 2009-01-13 09:23 - 0000000 ___HD C:\Users\All Users\Adobe
2012-01-16 08:53 - 2009-01-13 09:23 - 0000000 ___HD C:\ProgramData\Adobe
2012-01-16 08:53 - 2009-01-13 09:23 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-01-16 08:52 - 2009-09-27 13:34 - 0000000 ___HD C:\Users\Daniel\Local Settings\Application Data\Adobe
2012-01-16 08:52 - 2009-09-27 13:34 - 0000000 ___HD C:\Users\Daniel\Local Settings\Adobe
2012-01-16 08:52 - 2009-09-27 13:34 - 0000000 ___HD C:\Users\Daniel\AppData\Local\Adobe
2012-01-13 16:11 - 2012-01-13 16:11 - 0011094 ____A C:\Users\Daniel\Desktop\BOOKS FOR SPRING 2012 SEMESTER.docx
2012-01-11 20:19 - 2006-11-02 04:35 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-01-11 20:14 - 2006-11-02 04:46 - 0721976 ____A C:\Windows\System32\PerfStringBackup.INI
2011-12-25 16:17 - 2009-09-15 12:56 - 0000000 ___HD C:\Users\Daniel\AppData\LocalLow
2011-12-22 17:27 - 2011-11-10 17:34 - 0014107 ____A C:\Users\Daniel\My Documents\Install STAR WARS The Old Republic.log
2011-12-22 17:27 - 2011-11-10 17:34 - 0014107 ____A C:\Users\Daniel\Documents\Install STAR WARS The Old Republic.log
2011-12-22 17:12 - 2009-09-15 14:30 - 0000000 ___RD C:\Users\Daniel\Desktop\Unused Desktop Items
2011-12-22 17:03 - 2011-12-22 17:03 - 0000000 ____D C:\Users\Daniel\Local Settings\SWTOR
2011-12-22 17:03 - 2011-12-22 17:03 - 0000000 ____D C:\Users\Daniel\Local Settings\Application Data\SWTOR
2011-12-22 17:03 - 2011-12-22 17:03 - 0000000 ____D C:\Users\Daniel\AppData\Local\SWTOR
2011-12-22 15:57 - 2011-12-22 15:57 - 0001282 ____A C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2011-12-22 15:57 - 2011-12-22 15:57 - 0001282 ____A C:\Users\All Users\Desktop\Star Wars - The Old Republic.lnk
2011-12-22 15:03 - 2011-12-22 15:03 - 0008817 ____A C:\Users\Daniel\My Documents\Uninstall STAR WARS The Old Republic.log
2011-12-22 15:03 - 2011-12-22 15:03 - 0008817 ____A C:\Users\Daniel\Documents\Uninstall STAR WARS The Old Republic.log
2011-12-19 18:12 - 2011-12-19 18:11 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-12-19 18:11 - 2011-12-19 18:11 - 0001758 ____A C:\Users\Public\Desktop\QuickTime.lnk
2011-12-19 18:11 - 2011-12-19 18:11 - 0001758 ____A C:\Users\All Users\Desktop\QuickTime.lnk
2011-12-14 01:44 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\rescache
2011-12-14 01:28 - 2006-11-02 07:21 - 0318048 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-14 01:09 - 2009-01-13 09:16 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-14 01:09 - 2009-01-13 09:16 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2011-12-14 01:09 - 2009-01-13 09:16 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-13 20:32 - 2009-09-15 14:50 - 0000000 ___HD C:\Users\Daniel\Application Data\Apple Computer
2011-12-13 20:32 - 2009-09-15 14:50 - 0000000 ___HD C:\Users\Daniel\AppData\Roaming\Apple Computer
2011-12-13 10:54 - 2011-12-13 10:54 - 0000162 ___AH C:\Users\Daniel\Desktop\~$hap012.rtf
2011-12-12 23:39 - 2011-10-26 14:22 - 0011704 ____A C:\Users\Daniel\Desktop\Mgt_classes_left.docx
2011-12-10 15:55 - 2011-12-04 19:40 - 0014032 ____A C:\Users\Daniel\Desktop\2K12 move list.docx
2011-12-07 18:20 - 2011-12-07 18:20 - 0000000 ____D C:\Program Files\Bonjour
2011-12-07 18:20 - 2011-12-07 18:20 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-12-06 08:55 - 2009-09-18 13:28 - 0000000 ___HD C:\Users\Daniel\Application Data\Real
2011-12-06 08:55 - 2009-09-18 13:28 - 0000000 ___HD C:\Users\Daniel\AppData\Roaming\Real
2011-12-06 08:54 - 2011-12-06 08:54 - 0198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2011-12-06 08:54 - 2011-12-06 08:54 - 0000877 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2011-12-06 08:54 - 2011-12-06 08:54 - 0000877 ____A C:\Users\All Users\Desktop\RealPlayer.lnk
2011-12-06 08:54 - 2011-05-29 20:01 - 0000000 ____D C:\Program Files (x86)\real
2011-12-06 08:54 - 2009-09-18 13:28 - 0000000 ___HD C:\Users\All Users\Real
2011-12-06 08:54 - 2009-09-18 13:28 - 0000000 ___HD C:\Users\All Users\Application Data\Real
2011-12-06 08:54 - 2009-09-18 13:28 - 0000000 ___HD C:\ProgramData\Real
2011-12-06 08:53 - 2011-12-06 08:53 - 0272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2011-12-06 08:53 - 2011-12-06 08:53 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2011-12-06 08:53 - 2011-12-06 08:53 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2011-12-02 07:38 - 2011-08-07 14:04 - 0007680 ____A C:\Users\Daniel\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-02 07:38 - 2011-08-07 14:04 - 0007680 ____A C:\Users\Daniel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-02 07:38 - 2011-08-07 14:04 - 0007680 ____A C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-01 23:23 - 2010-01-02 10:33 - 0000000 ___HD C:\Users\Daniel\Application Data\Audacity
2011-12-01 23:23 - 2010-01-02 10:33 - 0000000 ___HD C:\Users\Daniel\AppData\Roaming\Audacity
2011-11-30 16:00 - 2011-05-25 19:29 - 0002651 ____A C:\Users\Daniel\Desktop\Word 2007.lnk
2011-11-27 16:05 - 2011-06-01 13:59 - 0002619 ____A C:\Users\Daniel\Desktop\PowerPoint 2007.lnk
2011-11-25 08:25 - 2012-01-11 09:03 - 0451072 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-11-23 05:57 - 2011-12-13 16:30 - 2764800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-19 10:34 - 2011-11-19 10:34 - 0000000 ____D C:\Users\Daniel\Local Settings\Conduit
2011-11-19 10:34 - 2011-11-19 10:34 - 0000000 ____D C:\Users\Daniel\Local Settings\Application Data\Conduit
2011-11-19 10:34 - 2011-11-19 10:34 - 0000000 ____D C:\Users\Daniel\AppData\Local\Conduit
2011-11-19 10:34 - 2011-11-19 10:34 - 0000000 ____D C:\Users\AppData\LocalLow
2011-11-19 10:34 - 2011-11-19 10:34 - 0000000 ____D C:\Program Files (x86)\Conduit
2011-11-19 10:34 - 2011-11-19 10:34 - 0000000 ____D C:\Program Files (x86)\AF-HSS
2011-11-19 10:19 - 2011-11-19 10:12 - 0000000 ____D C:\Users\Daniel\Application Data\Easy Thumbnails
2011-11-19 10:19 - 2011-11-19 10:12 - 0000000 ____D C:\Users\Daniel\AppData\Roaming\Easy Thumbnails
2011-11-18 12:55 - 2012-01-11 09:03 - 1585152 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-18 12:55 - 2012-01-11 09:03 - 1167984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-18 10:07 - 2012-01-11 09:02 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-18 09:47 - 2012-01-11 09:02 - 0066560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-16 22:53 - 2012-01-25 14:07 - 0515968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2011-11-16 08:43 - 2012-01-25 14:07 - 0442368 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2011-11-16 08:42 - 2012-01-25 14:07 - 0347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2011-11-16 08:42 - 2012-01-25 14:07 - 0094720 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2011-11-16 08:41 - 2012-01-25 14:07 - 1689600 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2011-11-16 08:24 - 2012-01-25 14:07 - 0077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2011-11-16 08:23 - 2012-01-25 14:07 - 0377344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2011-11-16 08:23 - 2012-01-25 14:07 - 0278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2011-11-16 06:34 - 2012-01-25 14:07 - 0011264 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2011-11-15 16:56 - 2011-11-15 16:54 - 0000000 ____D C:\Users\Daniel\Application Data\ImgBurn
2011-11-15 16:56 - 2011-11-15 16:54 - 0000000 ____D C:\Users\Daniel\AppData\Roaming\ImgBurn
2011-11-15 16:39 - 2011-11-15 16:39 - 0001706 ____A C:\Users\Public\Desktop\ImgBurn.lnk
2011-11-15 16:39 - 2011-11-15 16:39 - 0001706 ____A C:\Users\All Users\Desktop\ImgBurn.lnk
2011-11-15 16:39 - 2011-11-15 16:38 - 0000000 ____D C:\Program Files (x86)\ImgBurn
2011-11-15 10:32 - 2011-11-15 10:32 - 0037888 ____A (AnchorFree Inc) C:\Windows\System32\Drivers\taphss.sys
2011-11-14 15:08 - 2011-11-14 15:08 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-14 15:08 - 2011-06-09 09:00 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4062.25 MB
Available physical RAM: 3489.31 MB
Total Pagefile: 3737.71 MB
Available Pagefile: 3461.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:220.31 GB) (Free:130.91 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (DATA) (Fixed) (Total:232.88 GB) (Free:204.94 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:12.58 GB) (Free:1.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (CAITLAN WIL) (Removable) (Total:1.92 GB) (Free:1.92 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 1024 KB
Disk 1 Online 233 GB 0 B
Disk 2 Online 1968 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 220 GB 1024 KB
Partition 2 Primary 13 GB 220 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 220 GB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E RECOVERY NTFS Partition 13 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 1024 KB

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 233 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1968 MB 16 KB

Disk: 2
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G CAITLAN WIL FAT Removable 1968 MB Healthy


======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   21.21KB   1 downloads


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:02 AM

Posted 11 February 2012 - 07:32 PM

Hello Dc Will,

Welcome to this forum.

I'm afraid I've got bad news. We might not able to restore this system as I see from the log something or someone has removed some important registry components and the backups.

Could you tell me what was the initial issue and what are the steps taken and who removed those components?

#3 Dc Will

Dc Will
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 11 February 2012 - 08:03 PM

I see now that the result from the scan I did came back with less information than in the other thread I referenced in my original post. I have no idea why these components are missing.

As for the initial issue with my laptop, I'm just going to copy and paste from the thread I mentioned, as the problem he/she described was exactly what I was experiencing.


1st screen: It will flash the HP Logo, as it normally does
2nd screen: Displays "Starting Windows". It also flashes the WINDOWS LOGO.
3rd screen: At the bottom of the screen, a progress bar flashes and it states "Windows is loading files"
4th screen: "Microsoft Corporation " dislpalys, with a progress bar.


5th screen: Pop-up/dialogue box: [has a standard,blue windows background]
_______________________________________________________________________________________________
|TITLE: "STARTUP REPAIR": Startup Repair |
| |
|TEXT: "If problems are found, Startup Repair windows will fix them automatically. Your |
|computer may restart several times during this process. No changes will be made to your |
|personal files or information. This might take several minutes." |
| |
| "Searching for problems" [shown w/progress bar] |
| |
_________________________________________________________________________________________________



6th screen: Pop-up/dialogue box:
_______________________________________________________________________________________________
|"STARTUP REPAIR: Startup Repair cannot repair this computer automatically" |
|"Sending more information can help Microsoft create solutions. |
| |
| -> Send information about this problem (recommended) [button] |
| -> Don't Send [button] |
| -> "View problem details" [drop-down arrow/button] |
________________________________________________________________________________________________



or sometimes this screen.....
_________________________________________________________________________________________________
|"STARTUP REPAIR": "Windows cannot repair this computer automatically" |
|"If you have recently attached a device to this computer, such as a camera or a portable music |
|player, romove it and restart your computer. If you continue to see this message, contact your|
|system administrator manufacturer for assistance." |
| |
| "Click Finish to exit and shut down your computer." |
| |
| |
| View diagnostic and repair details [link] |
| View advanced options for system recovery and support [link] |
| |
| |
| FINSH[button] CANCEL[button] |



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:02 AM

Posted 11 February 2012 - 08:10 PM

I'm sorry. I don't get the picture. I can't see what is done to this system and what or who has removed those components. You may restore the system to factory installation or reformat and reinstall Windows.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:02 AM

Posted 12 February 2012 - 01:51 PM

Another option is to try the system restore from System Recovery Options.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:02 AM

Posted 17 February 2012 - 06:38 AM

This thread will now be closed.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users