Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Hitman Pro. Deleted MBR. Won't boot.


  • This topic is locked This topic is locked
3 replies to this topic

#1 JLondon999

JLondon999

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 30 January 2013 - 02:28 PM

I'm an IT person so pretty well versed with HW/SW.

Ran Hitman Pro after Malwarebytes as PC was displaying popup dialogue box immediately on boot. Windows 7 Pro 32bit. Hitman Pro appeared to clean and fix malware, deleted MBR. Wouldn't boot on restart. Startup Repair and System Restore failed. Looked to do a manual System Restore (c:\System Volume Information)...no restore folders found (Unhidden).

Performed - bootrec /rebuildBcd
Performed - bootrec /FixMBR
Performed - bootrec /FixBoot

Indicated successful, but still not able to boot.

Ran FRST and ListParts (since can't open hive). Results below. I'm at a loss and would prefer not to do a fresh install of the OS (and all the apps, etc.)

Saw this in the ListParts results - ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Any assistance and/or guidance is greatly appreciated.

** JL **
----------------------------------------

FRST Results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2013 02
Ran by SYSTEM at 30-01-2013 17:03:10
Running from G:\
(X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

ATTENTION: Unable to load Software hive.

HKU\Lois\...\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" [13105848 2012-12-14] (The Weather Channel)
HKU\Lois\...\Run: [AOL Fast Start] "C:\Program Files\AOL 9.5\AOL.EXE" -b [29520 2010-03-23] (AOL Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.250.0.12
Startup: C:\Users\Lois\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

==================== Services (Whitelisted) ===================

3 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-03-04] ()
2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [125496 2011-02-23] (Hewlett-Packard Company)
2 MBAMScheduler; "C:\Program Files\MalwarebytesRegistered\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\MalwarebytesRegistered\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-01-24] (Memeo)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-03-04] ()
2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [1119768 2010-09-28] (PDF Complete Inc)
2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)

==================== Drivers (Whitelisted) ====================

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [692272 2010-08-08] (Symantec Corporation)
3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [19688 2012-09-21] (Logitech Inc.)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2011-01-27] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102448 2011-01-27] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys [344112 2010-06-26] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110127.002\NAVENG.SYS [86008 2011-01-27] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110127.002\NAVEX15.SYS [1360760 2011-01-27] (Symantec Corporation)
3 OxPPort; C:\Windows\system32\drivers\OxPPort.sys [82048 2008-07-31] (OEM)
3 OxSer; C:\Windows\system32\drivers\OxSer.sys [83888 2009-09-15] (OEM)
3 SRTSP; C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1207020.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1207020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-12-18] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS [299640 2011-04-20] (Symantec Corporation)
3 vpcbus; C:\Windows\system32\drivers\vpchbus.sys [165376 2011-10-11] (Microsoft Corporation)
1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2011-10-11] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2011-10-11] (Microsoft Corporation)
1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [295128 2011-10-11] (Microsoft Corporation)
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
3 MBAMProtector; [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-01-30 16:57 - 2013-01-30 16:57 - 00000000 ____D C:\FRST
2013-01-17 16:38 - 2013-01-30 00:40 - 00000000 ____D C:\Users\All Users\Recovery
2013-01-17 13:09 - 2013-01-17 13:09 - 00000000 ____D C:\Users\All Users\Hitman Pro
2013-01-17 11:29 - 2013-01-17 11:30 - 00020351 ____A C:\Users\Lois\Documents\DJ2010,2011,20122013Breeding.xlsx
2013-01-17 07:00 - 2013-01-17 07:00 - 00409107 ____A C:\Users\Lois\Documents\IMG_0654.mov
2013-01-17 06:59 - 2013-01-17 06:59 - 02427495 ____A C:\Users\Lois\Documents\IMG_0653.mov
2013-01-17 06:58 - 2013-01-17 06:58 - 01549231 ____A C:\Users\Lois\Documents\IMG_0652.mov
2013-01-15 13:14 - 2013-01-15 13:15 - 00000000 ____D C:\Users\Lois\Documents\SKMBT_C36013011516560
2013-01-15 13:14 - 2013-01-15 13:14 - 00560566 ____A C:\Users\Lois\Documents\SKMBT_C36013011516560.zip
2013-01-12 15:48 - 2013-01-12 15:48 - 00034664 ____A C:\Users\Lois\Documents\winmail.zip
2013-01-12 15:48 - 2013-01-12 15:48 - 00000000 ____D C:\Users\Lois\Documents\winmail
2013-01-12 10:16 - 2013-01-12 10:16 - 00005913 ____A C:\Users\Lois\Documents\SurveyResults_20130111.zip
2013-01-12 10:16 - 2013-01-12 10:16 - 00000000 ____D C:\Users\Lois\Documents\SurveyResults_20130111
2013-01-09 13:52 - 2013-01-09 13:52 - 04995930 ____A C:\Users\Lois\Documents\BusinessCommunications1.10.13.zip
2013-01-09 13:52 - 2013-01-09 13:52 - 00000000 ____D C:\Users\Lois\Documents\BusinessCommunications1.10.13
2013-01-09 13:35 - 2013-01-09 13:35 - 02070240 ____A C:\Users\Lois\Documents\MayaSchool.zip
2013-01-09 13:35 - 2013-01-09 13:35 - 00000000 ____D C:\Users\Lois\Documents\MayaSchool
2013-01-08 09:42 - 2013-01-08 09:42 - 00002261 ____A C:\Users\Lois\Documents\image001.zip
2012-12-31 08:56 - 2012-12-31 08:58 - 00000000 ____D C:\Users\Lois\Documents\FINALConstitutionAvenuePurchaseAgreement122912
2012-12-31 08:56 - 2012-12-31 08:56 - 00041406 ____A C:\Users\Lois\Documents\FINALConstitutionAvenuePurchaseAgreement122912.zip
2012-12-31 08:54 - 2012-12-31 08:56 - 00000000 ____D C:\Users\Lois\Documents\FINALHannaAvenuePurchaseAgreement122912
2012-12-31 08:54 - 2012-12-31 08:54 - 00041999 ____A C:\Users\Lois\Documents\FINALHannaAvenuePurchaseAgreement122912.zip

==================== One Month Modified Files and Folders ========

2013-01-30 16:57 - 2013-01-30 16:57 - 00000000 ____D C:\FRST
2013-01-30 00:40 - 2013-01-17 16:38 - 00000000 ____D C:\Users\All Users\Recovery
2013-01-20 16:37 - 2012-10-23 14:17 - 00000000 ____D C:\users\Guest
2013-01-20 16:37 - 2012-10-23 10:59 - 00000000 ____D C:\Program Files\Hitman Pro 3.5
2013-01-20 16:37 - 2012-08-24 17:24 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-01-20 16:37 - 2012-03-02 15:06 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-01-20 16:37 - 2012-01-23 16:40 - 00000000 ____D C:\Program Files\MalwarebytesRegistered
2013-01-20 16:37 - 2011-12-18 13:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-01-20 16:37 - 2011-12-18 13:46 - 00000000 ____D C:\users\Administrator
2013-01-20 16:37 - 2011-12-18 13:14 - 00000000 ____D C:\Program Files\AOL 9.5
2013-01-20 16:37 - 2011-12-18 13:13 - 00000000 ____D C:\Download
2013-01-20 16:37 - 2011-12-18 12:11 - 00000000 ____D C:\users\Lois
2013-01-20 16:37 - 2011-10-11 10:59 - 00000000 ____D C:\Users\All Users\Norton
2013-01-20 16:37 - 2011-10-11 10:36 - 00000000 ____D C:\Windows\System32\Macromed
2013-01-20 16:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-01-20 16:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-01-20 16:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2013-01-20 16:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat
2013-01-17 16:26 - 2012-10-23 10:41 - 00000000 ____D C:\Program Files\HitmanPro
2013-01-17 16:23 - 2009-07-13 18:37 - 00000000 ___HD C:\Windows\System32\LogFiles
2013-01-17 13:09 - 2013-01-17 13:09 - 00000000 ____D C:\Users\All Users\Hitman Pro
2013-01-17 12:44 - 2011-12-19 14:09 - 00000000 ___HD C:\Users\Lois\AppData\Local\CrashDumps
2013-01-17 11:30 - 2013-01-17 11:29 - 00020351 ____A C:\Users\Lois\Documents\DJ2010,2011,20122013Breeding.xlsx
2013-01-17 11:30 - 2011-12-18 12:14 - 00000000 ___HD C:\Users\Lois\AppData\Local\PDFC
2013-01-17 07:00 - 2013-01-17 07:00 - 00409107 ____A C:\Users\Lois\Documents\IMG_0654.mov
2013-01-17 06:59 - 2013-01-17 06:59 - 02427495 ____A C:\Users\Lois\Documents\IMG_0653.mov
2013-01-17 06:58 - 2013-01-17 06:58 - 01549231 ____A C:\Users\Lois\Documents\IMG_0652.mov
2013-01-15 13:15 - 2013-01-15 13:14 - 00000000 ____D C:\Users\Lois\Documents\SKMBT_C36013011516560
2013-01-15 13:14 - 2013-01-15 13:14 - 00560566 ____A C:\Users\Lois\Documents\SKMBT_C36013011516560.zip
2013-01-15 07:06 - 2011-10-11 10:47 - 00000000 ___HD C:\Users\All Users\PDFC
2013-01-12 15:48 - 2013-01-12 15:48 - 00034664 ____A C:\Users\Lois\Documents\winmail.zip
2013-01-12 15:48 - 2013-01-12 15:48 - 00000000 ____D C:\Users\Lois\Documents\winmail
2013-01-12 10:16 - 2013-01-12 10:16 - 00005913 ____A C:\Users\Lois\Documents\SurveyResults_20130111.zip
2013-01-12 10:16 - 2013-01-12 10:16 - 00000000 ____D C:\Users\Lois\Documents\SurveyResults_20130111
2013-01-09 13:52 - 2013-01-09 13:52 - 04995930 ____A C:\Users\Lois\Documents\BusinessCommunications1.10.13.zip
2013-01-09 13:52 - 2013-01-09 13:52 - 00000000 ____D C:\Users\Lois\Documents\BusinessCommunications1.10.13
2013-01-09 13:35 - 2013-01-09 13:35 - 02070240 ____A C:\Users\Lois\Documents\MayaSchool.zip
2013-01-09 13:35 - 2013-01-09 13:35 - 00000000 ____D C:\Users\Lois\Documents\MayaSchool
2013-01-08 09:42 - 2013-01-08 09:42 - 00002261 ____A C:\Users\Lois\Documents\image001.zip
2013-01-08 09:42 - 2012-06-24 14:02 - 00000000 ____D C:\Users\Lois\Documents\image001
2013-01-01 05:12 - 2012-04-09 11:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-01 05:12 - 2011-12-18 13:16 - 01910898 ____A C:\Windows\WindowsUpdate.log
2013-01-01 05:12 - 2009-07-13 18:04 - 00000571 ____A C:\Windows\win.ini
2012-12-31 08:58 - 2012-12-31 08:56 - 00000000 ____D C:\Users\Lois\Documents\FINALConstitutionAvenuePurchaseAgreement122912
2012-12-31 08:56 - 2012-12-31 08:56 - 00041406 ____A C:\Users\Lois\Documents\FINALConstitutionAvenuePurchaseAgreement122912.zip
2012-12-31 08:56 - 2012-12-31 08:54 - 00000000 ____D C:\Users\Lois\Documents\FINALHannaAvenuePurchaseAgreement122912
2012-12-31 08:54 - 2012-12-31 08:54 - 00041999 ____A C:\Users\Lois\Documents\FINALHannaAvenuePurchaseAgreement122912.zip
2012-12-31 04:04 - 2011-12-19 14:17 - 00000052 ____A C:\Windows\System32\DOErrors.log


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3839.3 MB
Available physical RAM: 3290.72 MB
Total Pagefile: 3837.58 MB
Available Pagefile: 3291.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.62 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:223.49 GB) (Free:164.15 GB) NTFS
2 Drive e: (HP_RECOVERY) (Fixed) (Total:9.29 GB) (Free:1.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (2012.05.04_2001) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
4 Drive g: (PACNJ) (Removable) (Total:1.87 GB) (Free:1.83 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1960 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 3BD784FE

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 223 GB 101 MB
Partition 3 Primary 9 GB 223 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 223 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 9 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 5A678EC6

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1910 MB 16 KB

=========================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G PACNJ FAT Removable 1910 MB Healthy

=========================================================

Last Boot: 2013-01-14 10:37

==================== End Of Log ============================


ListParts Results:

ListParts by Farbar Version: 16-01-2013
Ran by SYSTEM (administrator) on 30-01-2013 at 17:08:28
Windows 7 (X86)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3839.3 MB
Available physical RAM: 3309.93 MB
Total Pagefile: 3837.58 MB
Available Pagefile: 3310.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.54 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:223.49 GB) (Free:164.15 GB) NTFS
2 Drive e: (HP_RECOVERY) (Fixed) (Total:9.29 GB) (Free:1.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (2012.05.04_2001) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
4 Drive g: (PACNJ) (Removable) (Total:1.87 GB) (Free:1.83 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1960 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 3BD784FE

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 223 GB 101 MB
Partition 3 Primary 9 GB 223 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 223 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 9 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: 5A678EC6

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1910 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G PACNJ FAT Removable 1910 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
path \bootmgr
description Windows Boot Manager
locale en-US
inherit {globalsettings}
extendedinput Yes
default {default}
resumeobject {0f69840e-355b-11e0-853c-0018716eb820}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {8c135060-29bc-11e1-866a-e069959666d5}

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {8c135060-29bc-11e1-866a-e069959666d5}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {0f69840e-355b-11e0-853c-0018716eb820}
nx OptIn

Windows Boot Loader
-------------------
identifier {8c135060-29bc-11e1-866a-e069959666d5}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{8c135061-29bc-11e1-866a-e069959666d5}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{8c135061-29bc-11e1-866a-e069959666d5}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {0f69840e-355b-11e0-853c-0018716eb820}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
custom:26000022 Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {8c135061-29bc-11e1-866a-e069959666d5}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi


****** End Of Log ******

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 PM

Posted 31 January 2013 - 06:14 PM

Hi and welcome to the forum.

Please let me know if you are still there and need assistance.

#3 JLondon999

JLondon999
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 31 January 2013 - 08:50 PM

I followed other posts and threads with similar problem and performed a fix with FRST as follows:

TDL4: custom:26000022 <===== ATTENTION!

Was able to boot after this fix, ran Malwarebytes, performed security updates, etc. All seems OK now. You guys do a great job!! Knowledgable, clear, concise...and very patient.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:27 PM

Posted 01 February 2013 - 03:31 AM

Well done indeed and glad it is resolved.:)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users