Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to use farbar recovery tool


  • This topic is locked This topic is locked
12 replies to this topic

#1 mcnpauls

mcnpauls

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 21 August 2012 - 09:28 AM

Hi,

A friend advised me to get in touch.

I must confess I'm not very interested in computers, but here goes,:

after Microsoft Security Essentials told me to install and run Windows Defender Offline, and doing so, my computer won't reboot.

A friend told me farbar recoevry tool would fix it, so I've downloaded and run its scan following his instructions.

It all seems to have gone well and it's made a txt file onto a pendrive.

However, I've no idea what to do now.

Sorry for being clueless.

BC AdBot (Login to Remove)

 


#2 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:24 PM

Posted 21 August 2012 - 10:21 AM

Reported to unbootable computers thread by Roger

Not the first time I've seen this caused by Windows Defender Offline
It removes the Malware and needed files that were probably infected.

Roger

Edited by rotor123, 21 August 2012 - 10:27 AM.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:24 PM

Posted 21 August 2012 - 01:24 PM

:welcome:

Copy and paste the FRST.txt in a reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 mcnpauls

mcnpauls
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 21 August 2012 - 01:27 PM

Thanks for the replies, Rotor and JSntgRvr.

This is the FRST text from my pendrive:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 19-08-2012 01
Ran by SYSTEM at 21-08-2012 16:11:10
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-01-27] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [568888 2010-01-20] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1557160 2012-04-09] (Ask)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [59884088 2012-08-14] (Microsoft Corporation)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\usuario\...\Run: [quukan] C:\Users\usuario\quukan.exe /r [x]
HKU\usuario\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\usuario\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED [640888 2011-09-15] (BitTorrent, Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [262656 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

================================ Services (Whitelisted) ==================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [120832 2009-10-15] (Hewlett-Packard)
2 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [102968 2010-01-27] (Hewlett-Packard)
2 HPSLPSVC; C:\Users\usuario\AppData\Local\Temp\7zS7744\hpslpsvc32.dll [701288 2011-09-16] (Hewlett-Packard Co.)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [17920 2010-01-18] ()
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_0cefa6767c6211ec\STacSV.exe [229458 2010-02-26] (IDT, Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5340160 2010-03-10] (ATI Technologies Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-21 16:07 - 2012-08-21 16:07 - 00000000 ____D C:\FRST
2012-08-19 22:12 - 2012-08-20 00:00 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-08-14 17:02 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-14 17:02 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-14 17:02 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-14 17:02 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-14 17:02 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-14 17:02 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-14 17:02 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-14 17:02 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-14 17:02 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-14 17:02 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-14 17:02 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-14 17:02 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-14 17:02 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-14 17:02 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-14 15:27 - 2012-02-10 21:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-14 15:27 - 2012-02-10 21:41 - 00316928 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-14 14:16 - 2012-07-18 09:10 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-14 14:16 - 2012-05-04 23:44 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-14 14:15 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-14 14:15 - 2012-07-04 13:23 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-14 14:15 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-14 14:15 - 2012-05-13 20:37 - 00768512 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-05 06:30 - 2012-08-05 06:30 - 00002175 ____A C:\Users\Public\Desktop\WinZip.lnk
2012-08-05 06:29 - 2012-08-05 06:31 - 00000000 ____D C:\Users\All Users\WinZip
2012-08-05 06:29 - 2012-08-05 06:29 - 00000000 ____D C:\Program Files\WinZip
2012-08-05 06:24 - 2012-08-05 06:27 - 14210376 ____A C:\Users\usuario\Downloads\winzip150es.exe
2012-07-25 13:26 - 2012-07-25 13:26 - 00002225 ____A C:\Users\usuario\Downloads\uunrhrst.mp4
2012-07-25 07:09 - 2012-07-25 07:09 - 00000000 ____D C:\Users\usuario\Desktop\Nueva carpeta
2012-07-25 01:16 - 2012-07-25 13:12 - 303967462 ____A C:\Users\usuario\Downloads\uunrhrst.mp4.part

============ 3 Months Modified Files ========================

2012-08-15 15:34 - 2011-03-25 04:32 - 01881067 ____A C:\Windows\WindowsUpdate.log
2012-08-15 14:50 - 2012-06-28 11:00 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-15 11:42 - 2012-07-04 04:49 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForusuario.job
2012-08-15 10:50 - 2012-06-28 11:00 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-15 04:53 - 2011-10-05 08:58 - 00000052 ____A C:\Windows\System32\DOErrors.log
2012-08-14 17:38 - 2009-07-13 20:34 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-14 17:38 - 2009-07-13 20:34 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-14 17:30 - 2012-03-03 15:39 - 00105142 ____A C:\Windows\setupact.log
2012-08-14 17:30 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-14 17:30 - 2009-07-13 20:33 - 00411240 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-14 17:08 - 2012-05-25 08:42 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-08-14 17:06 - 2012-05-25 08:40 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 13:43 - 2009-09-06 15:02 - 00005418 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-05 06:30 - 2012-08-05 06:30 - 00002175 ____A C:\Users\Public\Desktop\WinZip.lnk
2012-08-05 06:27 - 2012-08-05 06:24 - 14210376 ____A C:\Users\usuario\Downloads\winzip150es.exe
2012-08-04 04:06 - 2009-07-13 20:53 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-25 13:26 - 2012-07-25 13:26 - 00002225 ____A C:\Users\usuario\Downloads\uunrhrst.mp4
2012-07-25 13:12 - 2012-07-25 01:16 - 303967462 ____A C:\Users\usuario\Downloads\uunrhrst.mp4.part
2012-07-18 09:10 - 2012-08-14 14:16 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-14 02:53 - 2012-07-14 02:53 - 00143192 ____A C:\Windows\Minidump\071412-32697-01.dmp
2012-07-14 02:53 - 2012-03-05 00:33 - 283496410 ____A C:\Windows\MEMORY.DMP
2012-07-11 17:08 - 2009-07-13 18:04 - 00000513 ____A C:\Windows\win.ini
2012-07-04 13:26 - 2012-08-14 14:15 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:23 - 2012-08-14 14:15 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:23 - 2012-08-14 14:15 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-06-28 16:52 - 2012-08-14 17:02 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 16:27 - 2012-08-14 17:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 16:16 - 2012-08-14 17:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 16:09 - 2012-08-14 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 16:09 - 2012-08-14 17:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 16:08 - 2012-08-14 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 16:07 - 2012-08-14 17:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 16:06 - 2012-08-14 17:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 16:04 - 2012-08-14 17:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 16:04 - 2012-08-14 17:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 16:01 - 2012-08-14 17:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 16:01 - 2012-08-14 17:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 16:00 - 2012-08-14 17:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 15:57 - 2012-08-14 17:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 11:02 - 2012-06-28 11:02 - 00002170 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-06-28 10:58 - 2012-06-28 10:58 - 00739824 ____A (Google Inc.) C:\Users\usuario\Downloads\GoogleEarthSetup.exe
2012-06-08 20:46 - 2012-07-10 12:53 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-07 13:04 - 2012-06-07 13:04 - 00143192 ____A C:\Windows\Minidump\060712-29281-01.dmp
2012-06-06 10:59 - 2012-06-06 10:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX
2012-06-05 21:09 - 2012-07-10 12:53 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:09 - 2012-07-10 12:53 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-02 14:19 - 2012-06-21 02:12 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 02:12 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 02:12 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 02:11 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 02:11 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 02:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 02:11 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 05:19 - 2012-06-21 02:11 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:12 - 2012-06-21 02:11 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:51 - 2012-07-10 12:53 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:51 - 2012-07-10 12:53 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:50 - 2012-07-10 12:53 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:48 - 2012-07-10 12:53 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:47 - 2012-07-10 12:53 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 2810.9 MB
Available physical RAM: 2249.6 MB
Total Pagefile: 2809.18 MB
Available Pagefile: 2261.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.86 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:280.5 GB) (Free:167.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:17.29 GB) (Free:2.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (STORE N GO) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Núm Disco Estado TamaĄo Disp Din Gpt
---------- ---------- ------- ------- --- ---
Disco 0 En línea 298 GB 0 B
Disco 1 En línea 3824 MB 0 B

Saliendo de DiskPart...


Last Boot: 2012-08-17 11:56

======================= End Of Log ==========================

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:24 PM

Posted 21 August 2012 - 01:33 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:24 PM

Posted 21 August 2012 - 01:43 PM

Download MBRFix from here.

Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix.exe to the USB drive.

Also download the enclosed file and save it in the USB drive.

Insert the USB drive into the ailing computer.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.

Edited by JSntgRvr, 21 August 2012 - 01:48 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 mcnpauls

mcnpauls
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 22 August 2012 - 06:11 AM

Many thanks, again, JSntgRvr, I shall try this now.

#8 mcnpauls

mcnpauls
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 22 August 2012 - 06:25 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 19-08-2012 01
Ran by SYSTEM at 2012-08-22 13:21:14 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
HKEY_USERS\usuario\Software\Microsoft\Windows\CurrentVersion\Run\\quukan Value deleted successfully.

La operación se completó correctamente.
La operación se completó correctamente.
MBRDUMP.txt is made successfully.

==== End of Fixlog ==

Attached Files



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:24 PM

Posted 22 August 2012 - 10:49 AM

Still unable to boot in Normal or Safe mode? How many hard drives are installed?

Edited by JSntgRvr, 22 August 2012 - 10:56 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 mcnpauls

mcnpauls
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 22 August 2012 - 11:59 AM

Still unable to boot in Normal or Safe mode? How many hard drives are installed?


Still not booting windows, no. I'm not sure about the hrad-drives, but I suppose it's only got 1? the built in one, no?

#11 mcnpauls

mcnpauls
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 22 August 2012 - 12:32 PM

Update - sorry, ignore last post, the computer has booted perfectly!

How can I thank you, repay you, buy you a beer?

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:24 PM

Posted 22 August 2012 - 12:39 PM

Lets scan the computer.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:24 PM

Posted 21 September 2012 - 07:55 PM

Due to the lack of feedback this Topic is closed. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users