Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown log in problem


  • This topic is locked This topic is locked
6 replies to this topic

#1 chrose

chrose

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 25 December 2012 - 04:10 PM

Hello experts. My sons laptop started having a problem in June or so. When the computer is started up it will go to the sign in screen and a few seconds later it will go to the blue screen and then start to reboot. I have done a couple of system restores and diagnostics with no luck. Hopefully the FRSt log will help. I am looking forward (hoping your expertise) to resolve the problem. Thank you and happy holidays!



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 24-12-2012 20:52:13
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] ()
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [3151512 2012-05-01] (Symantec Corporation)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 [318096 2009-08-03] (Carbonite, Inc.)
HKLM-x32\...\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [197928 2009-12-18] (Seagate LLC)
HKLM-x32\...\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [79112 2011-06-01] ()
HKLM-x32\...\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent [144608 2010-04-16] (Memeo Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Kyle\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Kyle\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Kyle\...\Run: [Jump Desktop] C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe [x]
HKU\Kyle\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-13] (Google Inc.)
HKU\Kyle\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Kyle\...\Run: [EPSON Stylus Photo R280 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\Windows\TEMP\E_S9928.tmp" /EF "HKCU" [213504 2007-04-13] (SEIKO EPSON CORPORATION)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HPMonitor.exe.lnk
ShortcutTarget: HPMonitor.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe (Hewlett-Packard)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\hpwjd.exe.lnk
ShortcutTarget: hpwjd.exe.lnk -> C:\ProgramData\HP Mouse Suite Config\hpwjd.exe (Hewlett-Packard )
Startup: C:\Users\All Users\Start Menu\Programs\Startup\hpwmsd.exe.lnk
ShortcutTarget: hpwmsd.exe.lnk -> C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe (Hewlett-Packard )
Startup: C:\Users\Kyle\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ===================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [4710040 2012-05-01] (Symantec Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)
1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-05-31] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-16] (Symantec Corporation)
3 HP8207_8307; C:\Windows\System32\Drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120618.004\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120621.002\ENG64.SYS [120440 2012-06-21] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120621.002\EX64.SYS [2068600 2012-06-21] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1307010.005\SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1307010.005\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NAVx64\1307010.005\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [1092728 2012-03-28] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-24] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [190072 2012-03-28] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [405624 2012-03-28] (Symantec Corporation)
3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [16896 2007-04-19] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2007-04-19] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [29696 2007-04-19] (LG Electronics Inc.)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-02] (CyberLink Corp.)
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-25 00:18 - 2012-12-25 00:18 - 00274760 ____A C:\Windows\Minidump\122512-85691-01.dmp
2012-12-25 00:18 - 2012-12-24 17:41 - 00000000 ____D C:\Windows\Minidump
2012-12-25 00:17 - 2012-12-24 17:40 - 244490364 ____A C:\Windows\MEMORY.DMP
2012-12-24 23:27 - 2009-07-13 17:14 - 00020480 ____A C:\Windows\svchost.exe
2012-12-24 23:26 - 2012-12-24 23:26 - 00274760 ____A C:\Windows\Minidump\122512-22401-01.dmp
2012-12-24 22:29 - 2012-12-24 22:29 - 00270464 ____A C:\Windows\Minidump\122512-22261-01.dmp
2012-12-24 21:32 - 2012-12-24 21:32 - 00270464 ____A C:\Windows\Minidump\122512-71183-01.dmp
2012-12-24 20:51 - 2012-12-24 20:51 - 00000000 ____D C:\FRST
2012-12-24 20:33 - 2012-12-24 20:33 - 00274760 ____A C:\Windows\Minidump\122412-20389-01.dmp
2012-12-24 19:35 - 2012-12-24 19:35 - 00270464 ____A C:\Windows\Minidump\122412-21294-01.dmp
2012-12-24 18:37 - 2012-12-24 18:38 - 00270464 ____A C:\Windows\Minidump\122412-20670-01.dmp
2012-12-24 17:41 - 2012-12-24 17:41 - 00270464 ____A C:\Windows\Minidump\122412-69342-01.dmp

==================== One Month Modified Files and Folders =======

2012-12-25 04:15 - 2011-12-29 13:43 - 00000000 ____D C:\Windows\System32\Drivers\NAVx64
2012-12-25 04:15 - 2011-03-13 16:57 - 00000000 ____D C:\Program Files (x86)\Google
2012-12-25 04:15 - 2010-09-28 14:43 - 00000000 ____D C:\Windows\SysWOW64\Seagate
2012-12-25 04:15 - 2010-05-23 20:01 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\Audacity
2012-12-25 04:15 - 2010-04-25 18:02 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\uTorrent
2012-12-25 04:15 - 2010-02-07 00:50 - 00000000 ____D C:\Users\All Users\Norton
2012-12-25 04:15 - 2009-10-30 20:36 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-25 04:15 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2012-12-25 04:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-25 04:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-12-25 04:03 - 2012-08-28 21:04 - 00000000 ____D C:\Users\Kyle\AppData\Roaming\vlc
2012-12-25 04:03 - 2012-08-27 20:07 - 00000000 ____D C:\Users\Kyle\Downloads\Art By Numbers-Reticence The Musical-2012-KzT
2012-12-25 04:03 - 2010-06-09 15:44 - 00000000 ____D C:\Users\Kyle\AppData\Local\AIM
2012-12-25 04:03 - 2010-02-07 01:12 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-12-25 00:18 - 2012-12-25 00:18 - 00274760 ____A C:\Windows\Minidump\122512-85691-01.dmp
2012-12-24 23:26 - 2012-12-24 23:26 - 00274760 ____A C:\Windows\Minidump\122512-22401-01.dmp
2012-12-24 22:29 - 2012-12-24 22:29 - 00270464 ____A C:\Windows\Minidump\122512-22261-01.dmp
2012-12-24 21:32 - 2012-12-24 21:32 - 00270464 ____A C:\Windows\Minidump\122512-71183-01.dmp
2012-12-24 20:51 - 2012-12-24 20:51 - 00000000 ____D C:\FRST
2012-12-24 20:33 - 2012-12-24 20:33 - 00274760 ____A C:\Windows\Minidump\122412-20389-01.dmp
2012-12-24 19:35 - 2012-12-24 19:35 - 00270464 ____A C:\Windows\Minidump\122412-21294-01.dmp
2012-12-24 19:35 - 2010-04-25 12:06 - 00000000 ____D C:\users\Kyle
2012-12-24 18:38 - 2012-12-24 18:37 - 00270464 ____A C:\Windows\Minidump\122412-20670-01.dmp
2012-12-24 17:41 - 2012-12-25 00:18 - 00000000 ____D C:\Windows\Minidump
2012-12-24 17:41 - 2012-12-24 17:41 - 00270464 ____A C:\Windows\Minidump\122412-69342-01.dmp
2012-12-24 17:41 - 2011-02-23 21:29 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForKyle.job
2012-12-24 17:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-24 17:41 - 2009-07-13 20:51 - 00506154 ____A C:\Windows\setupact.log
2012-12-24 17:40 - 2012-12-25 00:17 - 244490364 ____A C:\Windows\MEMORY.DMP

ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-06-21 11:44:35
Restore point made on: 2012-07-11 12:38:45
Restore point made on: 2012-08-02 16:10:29
Restore point made on: 2012-08-16 21:58:46

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3836.2 MB
Available physical RAM: 3148.58 MB
Total Pagefile: 3834.34 MB
Available Pagefile: 3142.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:448.04 GB) (Free:227.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:17.42 GB) (Free:2.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (GARDCO) (Removable) (Total:1.96 GB) (Free:1.96 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 103 MB
Disk 1 Online 2020 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 448 GB 200 MB
Partition 3 Primary 17 GB 448 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 448 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 17 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 2015 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G GARDCO FAT32 Removable 2015 MB Healthy

=========================================================

Last Boot: 2012-08-17 23:54

==================== End Of Log =============================

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:39 AM

Posted 26 December 2012 - 11:11 AM

Hello chrose,

Welcome to the forum.

The system is infected. We will remove the infection, boot normally and bring the system back to full functionality. Please refrain from doing any fix or making any changes to the system from now on until we are done unless you decide you can do the rest on your own. Thank you.

Please just let me know if you are still there and require assistance.

#3 chrose

chrose
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 26 December 2012 - 11:17 AM

Farbar thank you so much. Yes I am still here and still require assistance. I shall not touch a thing until you tell me so.

Thanks!

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:39 AM

Posted 26 December 2012 - 11:27 AM

We will remove the main infection and boot the system with the following fix.

  • Please download Listparts and save it to your flash drive.You have x64 version.
  • Download Attached File  fix.txt   118bytes   6 downloads
    Save it to your flash drive.
  • Please download Attached File  fixlist.txt   136bytes   6 downloads
    Save it to your flash drive.
  • Boot to System Recovery Options and select "Command Prompt".

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it later on to your reply. You may close the tool.
  • While still in the recovery environment run ListParts by typing g:\listparts64 in the command prompt and pressing Enter.
    Click Fix. Close the pop up after the fix is done.
  • Please restart, let it boot normally and tell me how it went.


#5 chrose

chrose
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 26 December 2012 - 02:30 PM

Je bent een genie en ik dank u en wensen u een gezond Gelukkig Nieuwjaar!

This is all that the fixlog.txt said.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-25 17:11:44 Run:2
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value not found.
C:\Windows\svchost.exe moved successfully.

==== End of Fixlog ====

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:39 AM

Posted 26 December 2012 - 03:36 PM

Ik wens je ook een gelukkig nieuw jaar.:)

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:39 AM

Posted 02 January 2013 - 12:41 PM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users