Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman Pro distroyed


  • This topic is locked This topic is locked
6 replies to this topic

#1 jobs101

jobs101

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 15 February 2012 - 06:03 PM

Hi, I had a redirect virus and I used hitman pro. Now the computer will not boot up at all. The error that I am receiving is a **STOP. 0x0000007b (0x80786b58, 0x0000000d, 0x00000000, 0x00000000). The computer is a Hp Compaq PresarioCQ60 with windows 7 32bit system. I do not have a recovery disk. Also it does not matter if I try to boot in safe mode because I still get the same error. I have done the repair mode but I keep getting the same thing after the same blue screen with the same error numbers. When I try to do the system restore i get the error code 0x8000ffff. Please help.

Edited by jobs101, 15 February 2012 - 07:53 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:01 PM

Posted 16 February 2012 - 10:03 AM

Hello jobs101,

Welcome to Bleeping Computer.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 jobs101

jobs101
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 16 February 2012 - 09:02 PM

Thanks for the quick response. I have a windows 7 32bit ultimate disk. I am not sure what version of windows 7 is installed on the computer. I am not sure if this will help with what needs to be done to resolve the issue. I am able to boot up a USB drive with Linux on it. If I can get to the hard drive files and edit them if needed.


Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-02-2012
Ran by SYSTEM at 2012-02-16 20:56:55
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2008-09-23] (CyberLink Corp.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170520 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe /s [395528 2011-07-05] (StrikeForce Technologies Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [x]
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Owner\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [247144 2010-08-24] (TomTom)
HKU\Owner\...\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-02] (Google Inc.)
HKU\Owner\...\Policies\system: [DisableTaskMgr] 0
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [460872 2012-01-13] (Malwarebytes Corporation)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [262656 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

================================ Services (Whitelisted) ==================

3 GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [238328 2009-10-15] (WildTangent, Inc.)
2 IDVaultSvc; "C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe" [65096 2012-01-31] (White Sky, Inc.)
2 IntuitUpdateService; "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
2 N360; "C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [241734 2008-09-15] ()
2 TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92008 2010-08-24] (TomTom)
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx86.sys [820344 2011-11-30] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-02-03] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2012-02-03] (Symantec Corporation)
1 GIDv2; C:\Windows\System32\Drivers\GIDv2.sys [25232 2011-07-05] (StrikeForce Technologies, Inc.)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120211.002\IDSvix86.sys [368248 2011-12-15] (Symantec Corporation)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [112128 2008-06-29] (Intel® Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [20464 2011-12-10] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120213.002\NAVENG.SYS [86136 2011-11-14] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120213.002\NAVEX15.SYS [1576312 2011-11-14] (Symantec Corporation)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [123904 2008-06-10] (Realtek Corporation )
3 SRTSP; C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\N360\0502000.00D\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360\0502000.00D\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360\0502000.00D\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-07-27] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\N360\0502000.00D\Ironx86.SYS [136312 2010-11-15] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360\0502000.00D\SYMNETS.SYS [299640 2011-04-20] (Symantec Corporation)
3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated)
3 cpuz134; \??\C:\Users\Owner\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-16 20:56 - 2012-02-16 20:57 - 0000000 ____D C:\FRST
2012-02-15 13:19 - 2012-02-15 16:30 - 0000000 ____D C:\Users\All Users\HitmanPro
2012-02-15 13:19 - 2012-02-15 16:30 - 0000000 ____D C:\ProgramData\HitmanPro
2012-02-15 13:19 - 2012-02-15 13:19 - 0000000 ____D C:\Program Files\HitmanPro
2012-02-14 19:00 - 2012-02-15 18:17 - 0000000 ____D C:\e366325bafb0ce4862ece305
2012-02-14 17:50 - 2012-02-15 18:17 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-02-14 17:50 - 2012-02-15 18:17 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-02-14 17:50 - 2012-02-15 18:17 - 0000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-02-14 14:15 - 2012-02-15 18:17 - 0000000 ____D C:\Users\Owner\AppData\Roaming\GetRightToGo
2012-02-14 13:35 - 2012-02-15 18:17 - 0000000 ____D C:\Users\Owner\Downloads\hijackthis
2012-02-14 13:33 - 2012-02-14 13:33 - 0212849 ____A C:\Users\Owner\Downloads\hijackthis.zip
2012-02-13 17:45 - 2012-02-15 18:29 - 0000000 ____D C:\Program Files\CCleaner
2012-02-13 17:45 - 2012-02-13 17:45 - 0000965 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-02-13 17:43 - 2012-02-13 17:44 - 3587688 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup315.exe
2012-02-13 17:19 - 2012-02-15 18:27 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-02-13 17:18 - 2012-02-15 18:29 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-02-13 17:18 - 2012-02-15 18:26 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-13 17:18 - 2012-02-15 18:26 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-13 17:18 - 2012-02-13 17:18 - 0001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-13 17:18 - 2011-12-10 12:24 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-02-13 16:14 - 2012-02-15 18:29 - 0000000 ____D C:\Windows\System32\SPReview
2012-02-13 16:13 - 2012-02-15 18:29 - 0000000 ____D C:\53270ccf8afe78440d8d0b2c
2012-01-25 05:13 - 2012-01-25 05:13 - 0012578 ____A C:\Users\Owner\Desktop\hs_err_pid5592.log
2012-01-21 14:49 - 2012-01-21 14:49 - 0001984 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-01-20 14:08 - 2012-01-20 14:08 - 0000000 ____D C:\Users\Owner\Documents\My Digital Editions
2012-01-20 14:07 - 2012-01-20 14:07 - 0002124 ____A C:\Users\Public\Desktop\Adobe Digital Editions.lnk
2012-01-20 13:58 - 2012-01-20 13:58 - 0000000 ____D C:\Program Files\QuickTime

============ 3 Months Modified Files and Folders ===============

2012-02-15 18:29 - 2012-02-13 17:45 - 0000000 ____D C:\Program Files\CCleaner
2012-02-15 18:29 - 2012-02-13 17:18 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-02-15 18:29 - 2012-02-13 16:14 - 0000000 ____D C:\Windows\System32\SPReview
2012-02-15 18:29 - 2012-02-13 16:13 - 0000000 ____D C:\53270ccf8afe78440d8d0b2c
2012-02-15 18:29 - 2011-08-14 11:40 - 0000000 ____D C:\Windows\Minidump
2012-02-15 18:29 - 2009-11-29 18:30 - 0000000 ____D C:\users\Owner
2012-02-15 18:29 - 2009-11-24 18:20 - 0000000 ____D C:\Users\Owner\AppData\Local\QuickPlay
2012-02-15 18:29 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\wfp
2012-02-15 18:29 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-02-15 18:29 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\registration
2012-02-15 18:29 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\AppCompat
2012-02-15 18:29 - 2009-04-22 06:01 - 0000000 ____D C:\Users\All Users\Norton
2012-02-15 18:29 - 2009-04-22 06:01 - 0000000 ____D C:\ProgramData\Norton
2012-02-15 18:27 - 2012-02-13 17:19 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-02-15 18:26 - 2012-02-13 17:18 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-02-15 18:26 - 2012-02-13 17:18 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-02-15 18:17 - 2012-02-14 19:00 - 0000000 ____D C:\e366325bafb0ce4862ece305
2012-02-15 18:17 - 2012-02-14 17:50 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-02-15 18:17 - 2012-02-14 17:50 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-02-15 18:17 - 2012-02-14 17:50 - 0000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-02-15 18:17 - 2012-02-14 14:15 - 0000000 ____D C:\Users\Owner\AppData\Roaming\GetRightToGo
2012-02-15 18:17 - 2012-02-14 13:35 - 0000000 ____D C:\Users\Owner\Downloads\hijackthis
2012-02-15 16:30 - 2012-02-15 13:19 - 0000000 ____D C:\Users\All Users\HitmanPro
2012-02-15 16:30 - 2012-02-15 13:19 - 0000000 ____D C:\ProgramData\HitmanPro
2012-02-15 16:28 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-02-15 13:19 - 2012-02-15 13:19 - 0000000 ____D C:\Program Files\HitmanPro
2012-02-15 13:16 - 2010-05-11 16:39 - 0000000 ___HD C:\Users\Owner\AppData\Local\CrashDumps
2012-02-15 12:53 - 2009-11-29 19:09 - 2361806848 __ASH C:\hiberfil.sys
2012-02-14 13:33 - 2012-02-14 13:33 - 0212849 ____A C:\Users\Owner\Downloads\hijackthis.zip
2012-02-14 13:24 - 2009-11-29 21:24 - 0000000 ____D C:\Windows\Panther
2012-02-14 13:10 - 2011-07-26 17:09 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911077080-2444954971-838063898-1000UA.job
2012-02-14 13:10 - 2011-07-26 17:09 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3911077080-2444954971-838063898-1000Core.job
2012-02-14 13:10 - 2009-11-29 19:07 - 1934979 ____A C:\Windows\WindowsUpdate.log
2012-02-14 13:10 - 2009-07-13 20:39 - 36097953 ____A C:\Windows\setupact.log
2012-02-13 21:17 - 2009-09-06 14:09 - 0000322 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2012-02-13 17:45 - 2012-02-13 17:45 - 0000965 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-02-13 17:44 - 2012-02-13 17:43 - 3587688 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup315.exe
2012-02-13 17:18 - 2012-02-13 17:18 - 0001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-13 16:50 - 2009-11-29 18:28 - 0011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-13 16:50 - 2009-11-29 18:28 - 0011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-13 16:45 - 2009-11-29 19:15 - 0000284 ____A C:\Users\All Users\hpqp.ini
2012-02-13 16:45 - 2009-11-29 19:15 - 0000284 ____A C:\ProgramData\hpqp.ini
2012-02-13 16:43 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-13 15:41 - 2010-09-26 17:33 - 0000000 ___HD C:\Config.Msi
2012-02-13 15:41 - 2009-09-06 13:32 - 0000000 ____D C:\Users\Owner\AppData\LocalLow
2012-02-13 15:28 - 2009-11-29 18:52 - 0084700 ____A C:\Windows\PFRO.log
2012-02-08 03:54 - 2011-07-26 15:52 - 0000000 ____D C:\Windows\System32\Drivers\N360
2012-02-08 03:53 - 2011-07-26 15:53 - 0002753 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2012-02-03 17:41 - 2011-11-25 19:39 - 0000000 ____D C:\Users\Owner\Desktop\soccer pics
2012-02-03 17:34 - 2009-11-23 03:53 - 0000000 ___SD C:\Users\Public\Documents\My memory vault
2012-02-01 19:11 - 2011-07-24 18:37 - 0000000 ____D C:\Users\Owner\AppData\Local\ID Vault
2012-02-01 15:17 - 2011-07-24 18:36 - 0002179 ____A C:\Users\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
2012-02-01 15:17 - 2011-07-24 18:36 - 0002161 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2012-02-01 15:17 - 2011-07-24 18:36 - 0000000 ____D C:\Program Files\Constant Guard Protection Suite
2012-01-27 05:25 - 2009-07-13 20:53 - 0032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-25 05:13 - 2012-01-25 05:13 - 0012578 ____A C:\Users\Owner\Desktop\hs_err_pid5592.log
2012-01-21 15:12 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-01-21 14:49 - 2012-01-21 14:49 - 0001984 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-01-21 14:48 - 2010-11-11 03:43 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-01-21 14:48 - 2009-09-16 04:43 - 0000000 ____D C:\Users\Owner\AppData\Local\Adobe
2012-01-21 14:48 - 2009-04-22 07:02 - 0000000 ____D C:\Users\All Users\Adobe
2012-01-21 14:48 - 2009-04-22 07:02 - 0000000 ____D C:\ProgramData\Adobe
2012-01-21 14:48 - 2009-04-22 07:02 - 0000000 ____D C:\Program Files\Adobe
2012-01-20 14:08 - 2012-01-20 14:08 - 0000000 ____D C:\Users\Owner\Documents\My Digital Editions
2012-01-20 14:07 - 2012-01-20 14:07 - 0002124 ____A C:\Users\Public\Desktop\Adobe Digital Editions.lnk
2012-01-20 13:58 - 2012-01-20 13:58 - 0000000 ____D C:\Program Files\QuickTime
2012-01-20 13:58 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-01-18 16:23 - 2009-11-29 19:19 - 0005172 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-16 06:36 - 2011-07-02 09:10 - 0000000 ___HD C:\Users\Owner\AppData\Roaming\HpUpdate
2012-01-13 03:21 - 2009-12-08 19:39 - 52128560 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-11 04:51 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\rescache
2012-01-09 04:08 - 2011-07-28 04:39 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-01-08 16:14 - 2012-01-08 16:14 - 0000000 ____D C:\Windows\Hewlett-Packard
2012-01-08 08:44 - 2012-01-08 08:44 - 0000000 ____D C:\N360_BACKUP
2012-01-08 07:19 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-01-08 06:23 - 2012-01-08 06:21 - 111825819 ____A C:\Users\Owner\Downloads\Windows6.1-KB947821-v14-x86 (1).msu
2011-12-13 14:42 - 2011-12-13 14:42 - 0000000 ____D C:\Users\Owner\AppData\Roaming\Tific
2011-12-10 12:24 - 2012-02-13 17:18 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-01 20:43 - 2011-12-01 16:39 - 0023439 ____A C:\Users\Owner\Documents\math.docx


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3003.2 MB
Available physical RAM: 2550.57 MB
Total Pagefile: 3001.47 MB
Available Pagefile: 2551.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.56 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:138.13 GB) (Free:74.62 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (GRMCULFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
4 Drive f: (FLASH DRIVE) (Removable) (Total:3.76 GB) (Free:0.17 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 2048 KB
Disk 1 Online 3853 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 138 GB 1024 KB
Partition 2 Primary 10 GB 138 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 138 GB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 10 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3853 MB 16 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FLASH DRIVE FAT32 Removable 3853 MB Healthy


==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-02-13 20:38

======================= End Of Log ==========================

Edited by jobs101, 16 February 2012 - 09:36 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:01 PM

Posted 17 February 2012 - 04:08 AM

The log tells us enough. :thumbup2:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [262656 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [460872 2012-01-13] (Malwarebytes Corporation)
cmd: bootrec /FixMbr
TDL4: custom:26000022
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

#5 jobs101

jobs101
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 17 February 2012 - 04:16 PM

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 15-02-2012
Ran by SYSTEM at 2012-02-17 15:04:16 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware Value deleted successfully.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

Restarted the computer and everything is fixed. The computer is starting normally. Thanks

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:01 PM

Posted 17 February 2012 - 04:22 PM

Great. :thumbup2:

Do you need assistance with the rest or you can take it from here?

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:01 PM

Posted 22 February 2012 - 02:08 PM

You are most welcome. :)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users