Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant boot in safemode, can't restore


  • This topic is locked This topic is locked
2 replies to this topic

#1 Richard Morris

Richard Morris

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 15 January 2013 - 11:16 AM

I've previously posted this in the windows 7 forum but I didn't get a response. I've now run frst64 which shows a few virus type problems so I'm posting this here.

Its a 64 bit HP laptop running windows 7.

A normal boot, crashed with a bsod during update 3 of 10707.
Safemode boot, crashed with a bsod.
I can't do a system restore as the C drive seems to not be enable for restorting, but there are a lot of restore points.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013
Ran by SYSTEM at 15-01-2013 15:28:50
Running from C:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [485672 2011-10-31] (CyberLink Corp.)
HKLM\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-29] (Hewlett-Packard Company)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE [1823672 2012-05-20] (Bandoo Media, inc)
HKLM\...\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart [3189360 2012-01-23] (Babylon Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\florence\...\Run: [Google Update] "C:\Users\florence\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-17] (Google Inc.)
HKU\florence\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual [620376 2011-12-29] (IObit)
HKU\florence\...\Run: [Facebook Update] "C:\Users\florence\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\florence\...\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray [8630272 2012-05-25] (Media Finder)
HKU\florence\...\Run: [RegDefRun] C:\Program Files (x86)\Auslogics\AusLogics Registry Defrag\reginfo.exe /r [113152 2008-03-08] (Auslogics)
HKU\florence\...\Policies\system: [DisableLockWorkstation] 0
HKU\florence\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM-x32\...\Winlogon: [Shell] [x ] ()
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll

==================== Services (Whitelisted) ===================

2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [497496 2011-12-29] (IObit)
2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2011-03-23] (Alcatel-Lucent)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [931640 2012-05-03] (Trusteer Ltd.)
2 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [109064 2012-04-24] (Wajam)

==================== Drivers (Whitelisted) =====================

3 AX88772B; C:\Windows\System32\Drivers\AX88772B.sys [98816 2010-05-21] (ASIX Electronics Corp.)
1 CLVirtualDrive; C:\Windows\System32\Drivers\CLVirtualDrive.sys [90096 2011-09-08] (CyberLink)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
1 RapportCerberus_43926; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-11-02] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2012-05-03] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2012-05-03] (Trusteer Ltd.)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-15 15:22 - 2013-01-15 15:22 - 00000000 ____D C:\FRST
2013-01-15 15:21 - 2013-01-15 15:04 - 01464233 ____A (Farbar) C:\FRST64.exe
2013-01-15 15:15 - 2012-05-30 12:39 - 00874278 ____A C:\FRST.exe

==================== One Month Modified Files and Folders =======

2013-01-15 15:22 - 2013-01-15 15:22 - 00000000 ____D C:\FRST
2013-01-15 15:12 - 2012-06-14 20:54 - 00000000 ____D C:\Users\All Users\Recovery
2013-01-15 15:04 - 2013-01-15 15:21 - 01464233 ____A (Farbar) C:\FRST64.exe
2013-01-10 01:58 - 2009-07-13 20:45 - 00037760 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-09 08:58 - 2012-04-02 00:10 - 00016294 ____A C:\Windows\PFRO.log

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points =========================

Restore point made on: 2012-07-20 10:39:33
Restore point made on: 2012-07-23 01:02:51
Restore point made on: 2012-07-23 11:22:44
Restore point made on: 2012-07-31 00:41:44
Restore point made on: 2012-08-30 07:07:41
Restore point made on: 2012-09-01 09:56:30
Restore point made on: 2012-09-01 13:32:11
Restore point made on: 2012-09-02 00:19:03
Restore point made on: 2012-10-15 04:47:22
Restore point made on: 2012-10-28 10:28:42
Restore point made on: 2012-10-28 10:34:52
Restore point made on: 2012-11-02 04:21:37
Restore point made on: 2012-11-05 08:35:14
Restore point made on: 2012-11-09 09:24:01
Restore point made on: 2012-11-13 12:31:24
Restore point made on: 2012-11-21 06:07:16
Restore point made on: 2012-12-09 06:12:15

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 1786.9 MB
Available physical RAM: 1344.23 MB
Total Pagefile: 1786.9 MB
Available Pagefile: 1339.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:217.2 GB) (Free:158.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:15.39 GB) (Free:1.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
5 Drive h: () (Removable) (Total:1.92 GB) (Free:0.07 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1968 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 217 GB 200 MB
Partition 3 Primary 15 GB 217 GB
Partition 4 Primary 103 MB 232 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 217 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 15 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1967 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 1967 MB Healthy

=========================================================

Last Boot: 2012-05-07 09:41

==================== End Of Log =============================

BC AdBot (Login to Remove)

 


#2 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:03:51 AM

Posted 15 January 2013 - 11:30 AM

I have reported this so someone should be with you shortly. Best of luck!

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,854 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:51 AM

Posted 15 January 2013 - 11:41 AM

Hello,

I have moved your initial topic to the Virus, Trojan, Spyware, and Malware Removal Logs as FRST logs are analyzed only there. In addition, I have reported your topic to those who specialize in malware caused non-booting computers. It may take a bit for you to get a reply. If HelpBot replies, please follow Step One so the helpers know you need assistance.

This topic is now closed and will be deleted later to avoid potential confusion.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users