Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 Laptop Won't Boot from Hard Drive


  • This topic is locked This topic is locked
4 replies to this topic

#1 cgronk

cgronk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 16 March 2012 - 12:32 PM

Basically having the same issue as http://www.bleepingcomputer.com/forums/topic419425.html
I have followed the first steps and ran frst64.exe on the laptop and need help with creating a fixlist.txt

Thanks in advance for your help,

Here is the FRST.txt:

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 16-03-2012 09:09:29
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-29] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" [766632 2009-07-10] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" [139944 2009-07-10] ()
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2011-06-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2010-09-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-18] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [417792 2009-11-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [141600 2009-11-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1484856 2010-06-30] (McAfee, Inc.)
HKLM-x32\...\Run: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [86184 2010-10-08] (Absolute Software)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [449584 2011-05-29] (Malwarebytes Corporation)
HKU\Jason.Jason-PC\...\Run: [Internet Security] C:\Users\Jason.Jason-PC\AppData\Roaming\isecurity.exe [x]
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2010-09-24] (Dell)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] ()
HKLM-x32\...\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [122176 2010-07-21] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 AbsoluteNotifier; "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe" [10408 2010-10-08] (Microsoft)
2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [144672 2009-08-28] (Apple Inc.)
2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [33448 2009-07-01] ()
2 dlea_device; C:\Windows\system32\dleacoms.exe -service [1054888 2009-07-01] ( )
2 dlea_device; C:\Windows\SysWow64\dleacoms.exe -service [602792 2009-07-01] ( )
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [651720 2009-12-03] (Macrovision Europe Ltd.)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-04] (Macrovision Corporation)
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [366640 2011-05-29] (Malwarebytes Corporation)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [509416 2010-04-15] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199032 2010-05-31] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [244840 2010-05-31] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [148520 2010-05-31] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
2 wlidsvc; "c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [62416 2010-05-31] (McAfee, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25912 2011-05-29] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121504 2010-05-31] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [189880 2010-05-31] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [440688 2010-05-31] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [528616 2010-05-31] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75288 2010-05-31] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [93840 2010-05-31] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [279752 2010-05-31] (McAfee, Inc.)
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-16 09:08 - 2012-03-16 09:09 - 0000000 ____D C:\FRST
2012-03-10 08:27 - 2012-03-10 08:27 - 0000000 ____D C:\Windows\Sun
2012-03-07 12:58 - 2012-03-07 12:58 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-02-20 16:33 - 2009-07-13 17:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

============ 3 Months Modified Files and Folders =============

2012-03-16 07:20 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-03-15 09:51 - 2011-06-08 14:11 - 0000000 ____D C:\users\Jason.Jason-PC
2012-03-15 09:50 - 2011-06-08 13:58 - 0000000 ____D C:\users\Admin
2012-03-15 09:50 - 2011-06-07 11:19 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-15 09:50 - 2010-10-17 08:41 - 0000000 ____D C:\Program Files (x86)\Absolute Software
2012-03-15 09:50 - 2010-09-08 18:38 - 0000000 ____D C:\Program Files\McAfee.com
2012-03-15 09:50 - 2009-12-03 09:30 - 0000000 ___HD C:\Users\All Users\McAfee
2012-03-15 09:50 - 2009-12-03 09:30 - 0000000 ___HD C:\ProgramData\McAfee
2012-03-15 09:50 - 2009-12-03 09:30 - 0000000 ___HD C:\Program Files\McAfee
2012-03-15 09:50 - 2009-12-03 09:30 - 0000000 ___HD C:\Program Files\Common Files\McAfee
2012-03-15 09:50 - 2009-12-03 09:30 - 0000000 ___HD C:\Program Files (x86)\McAfee
2012-03-15 09:50 - 2009-12-03 09:30 - 0000000 ____D C:\Program Files (x86)\McAfee.com
2012-03-15 09:50 - 2009-12-03 09:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-15 09:50 - 2009-12-03 09:15 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-03-15 09:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-10 08:27 - 2012-03-10 08:27 - 0000000 ____D C:\Windows\Sun
2012-03-10 08:16 - 2010-01-30 16:12 - 0089484 ___AH C:\Users\All Users\dleascan.log
2012-03-10 08:16 - 2010-01-30 16:12 - 0089484 ___AH C:\ProgramData\dleascan.log
2012-03-10 08:15 - 2009-12-03 10:56 - 3190050816 __ASH C:\hiberfil.sys
2012-03-07 12:58 - 2012-03-07 12:58 - 0000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-03-07 12:17 - 2011-06-08 13:58 - 0000000 ____D C:\Users\Admin\AppData\LocalLow
2012-02-25 07:37 - 2009-07-13 21:10 - 1094995 ____A C:\Windows\WindowsUpdate.log
2012-02-25 07:30 - 2009-12-12 12:18 - 0000072 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2012-02-25 07:30 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-25 07:30 - 2009-07-13 20:51 - 0084470 ____A C:\Windows\setupact.log
2012-02-25 07:10 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-25 07:10 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-20 16:32 - 2009-12-03 10:56 - 0487884 ____A C:\Windows\PFRO.log
2012-02-20 16:31 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-02-20 10:39 - 2009-07-13 18:34 - 0001398 _RASH C:\Windows\System32\Drivers\etc\hosts
2012-02-09 11:14 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-01-21 09:31 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-11 21:45 - 2010-01-02 18:10 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 4056.36 MB
Available physical RAM: 3246.73 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3242.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:155.35 GB) NTFS
3 Drive f: (WIN_7_HOMEPREMIUM) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF
4 Drive g: (IMAKEY) (Removable) (Total:7.52 GB) (Free:3.61 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 7712 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7711 MB 512 B

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G IMAKEY FAT32 Removable 7711 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-02-20 09:14

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:01 AM

Posted 20 March 2012 - 07:40 PM

Hi

sorry for the wait

please do the following:

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
2012-02-20 16:33 - 2009-07-13 17:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
cmd: bootrec /FixMbr
cmd: bootrec /fixboot

end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Now restart, please let me know if you can now boot normally

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 cgronk

cgronk
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 21 March 2012 - 12:02 PM

This worked like a charm.

Thank you,

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:01 AM

Posted 21 March 2012 - 04:23 PM

let's run a couple more scans to make certain all the malware is gone, please run the following;

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:01 AM

Posted 29 March 2012 - 09:45 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users