Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't start up computer-window7, repair doesn't work, restore doesn't work


  • This topic is locked This topic is locked
6 replies to this topic

#1 jonbeeping

jonbeeping

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 06 May 2013 - 10:42 AM

hi, I know there are many in the forum who have the same problem as mine. 

 

my computer was running fine last friday. I tried to start it on saturday, it says it can't startup and need to repair startup. I did run the repair but still can't startup. I tried to use system restore to earlier dates, it still can't startup. The computer has trojan virus before and I tried the anti-malware from internet to kill them. seems that it create more problem for my PC. I have some important files in the computer that I wish I have archived. 

 

wonder if any one can help. thx in advance.


Edited by Orange Blossom, 07 May 2013 - 02:33 PM.
Moved from Win 7 to Am I Infected - Hamluis. Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:31 AM

Posted 06 May 2013 - 12:47 PM

I'll report this topic to appropriate helpers.

Hold on there...


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:31 PM

Posted 06 May 2013 - 02:18 PM

Hi and :welcome:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 jonbeeping

jonbeeping
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 06 May 2013 - 02:56 PM

thx so much for your quick offer for help. JSntgRvr. I followed your instruction and got this FRST64 info:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2013
Ran by SYSTEM on 06-05-2013 15:49:45
Running from I:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [333344 2008-08-18] (NVIDIA Corporation)
HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16335976 2009-10-30] (NVIDIA Corporation)
HKLM\...\RunOnce: [PCDrProfiler] "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r [136176 2009-06-26] (PC-Doctor, Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [224616 2009-02-06] (Microsoft Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [STO Backup Service] C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [184320 2009-07-01] ()
HKLM-x32\...\Run: [STO Launcher Service] C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe /run [381440 2009-07-01] ()
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun [614400 2009-09-23] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [HWTablet KeyPlus] C:\Windows\SysWOW64\HWKeyPlus.exe [53248 2008-06-03] ()
HKLM-x32\...\Run: [HWTablet Service] C:\Windows\SysWOW64\HWTabTray.exe [184320 2009-03-05] ()
HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2011-10-24] (Yuna Software)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-01-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Jacinthe\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Jacinthe\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-25] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Jacinthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Services (Whitelisted) =================
 
S2 HWSuperPowerTablet; C:\Windows\jwpen.exe [66560 2008-06-03] ()
S2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
S2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.2.0.13\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
S2 astcc; C:\Windows\SysWOW64\AstSrv.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
S2 DgiVecp; C:\Windows\SysWow64\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-04] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-04] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120316.002\IDSvia64.sys [488568 2012-03-09] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120316.020\ENG64.SYS [117880 2012-03-10] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120316.020\EX64.SYS [2048632 2012-03-10] (Symantec Corporation)
S0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [175648 2009-06-22] (NVIDIA Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-07-11] (Symantec Corporation)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2011-12-02] (Texas Instruments)
S3 VHWDrawing; C:\Windows\System32\DRIVERS\HWDrawing.sys [8320 2007-03-26] (Windows ® Codename Longhorn DDK provider)
S3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S2 HYRDBios; system32\DRIVERS\HYRDBios.sys [x]
S3 SRTSP; \SystemRoot\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS [x]
S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS [x]
S0 SymDS; system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA; system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 SymIRON; \SystemRoot\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS; \SystemRoot\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-05-06 15:49 - 2013-05-06 15:49 - 00000000 ____D C:\FRST
 
==================== One Month Modified Files and Folders =======
 
2013-05-06 15:49 - 2013-05-06 15:49 - 00000000 ____D C:\FRST
2013-05-06 10:26 - 2012-01-25 14:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-05-06 10:26 - 2012-01-25 14:48 - 00000000 ____D C:\ProgramData\Application Data\McAfee Security Scan
2013-05-06 10:26 - 2011-12-02 19:50 - 00000000 ____D C:\Users\Jacinthe\Application Data\Texas Instruments
2013-05-06 10:26 - 2011-12-02 19:50 - 00000000 ____D C:\Users\Jacinthe\AppData\Roaming\Texas Instruments
2013-05-06 10:26 - 2011-09-07 16:42 - 00000000 ____D C:\Users\Jacinthe\Application Data\Skype
2013-05-06 10:26 - 2011-09-07 16:42 - 00000000 ____D C:\Users\Jacinthe\AppData\Roaming\Skype
2013-05-06 10:26 - 2011-08-25 13:18 - 00000000 ____D C:\ProgramData\PMB Files
2013-05-06 10:26 - 2011-08-25 13:18 - 00000000 ____D C:\ProgramData\Application Data\PMB Files
2013-05-06 10:26 - 2010-07-30 07:36 - 00000000 ____D C:\users\Jacinthe
2013-05-06 10:26 - 2010-04-27 14:31 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Microsoft Help
2013-05-06 10:26 - 2010-04-27 14:31 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Application Data\Microsoft Help
2013-05-06 10:26 - 2010-04-27 14:31 - 00000000 ____D C:\Users\Jacinthe\AppData\Local\Microsoft Help
2013-05-06 10:26 - 2010-04-27 13:29 - 00000000 ____D C:\Users\Jacinthe\Application Data\GetRightToGo
2013-05-06 10:26 - 2010-04-27 13:29 - 00000000 ____D C:\Users\Jacinthe\AppData\Roaming\GetRightToGo
2013-05-06 10:26 - 2009-09-05 18:02 - 00000000 ____D C:\Users\Jacinthe\My Documents\software
2013-05-06 10:26 - 2009-09-05 18:02 - 00000000 ____D C:\Users\Jacinthe\Documents\software
2013-05-06 10:26 - 2009-09-05 06:58 - 00000000 ___RD C:\Users\Jacinthe\My Documents\Homework
2013-05-06 10:26 - 2009-09-05 06:58 - 00000000 ___RD C:\Users\Jacinthe\Documents\Homework
2013-05-06 10:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-05-06 10:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-06 10:26 - 2009-05-20 12:36 - 00000000 ____D C:\ProgramData\Norton
2013-05-06 10:26 - 2009-05-20 12:36 - 00000000 ____D C:\ProgramData\Application Data\Norton
2013-05-06 10:26 - 2009-05-20 11:40 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-06 10:26 - 2009-05-20 11:40 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-05-06 10:25 - 2011-06-19 18:05 - 00000000 ____D C:\Users\Jacinthe\Application Data\Real
2013-05-06 10:25 - 2011-06-19 18:05 - 00000000 ____D C:\Users\Jacinthe\AppData\Roaming\Real
2013-05-06 10:25 - 2010-11-08 14:57 - 00000000 ____D C:\Users\Jacinthe\Application Data\U3
2013-05-06 10:25 - 2010-11-08 14:57 - 00000000 ____D C:\Users\Jacinthe\AppData\Roaming\U3
2013-05-06 10:25 - 2010-10-22 18:07 - 00000000 ____D C:\Users\Jacinthe\Local Settings\S2PC
2013-05-06 10:25 - 2010-10-22 18:07 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Application Data\S2PC
2013-05-06 10:25 - 2010-10-22 18:07 - 00000000 ____D C:\Users\Jacinthe\AppData\Local\S2PC
2013-05-06 10:25 - 2009-09-05 18:17 - 00000000 ____D C:\Users\Jacinthe\Application Data\CyberLink
2013-05-06 10:25 - 2009-09-05 18:17 - 00000000 ____D C:\Users\Jacinthe\AppData\Roaming\CyberLink
2013-05-06 10:25 - 2009-09-05 06:40 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Mozilla
2013-05-06 10:25 - 2009-09-05 06:40 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Application Data\Mozilla
2013-05-06 10:25 - 2009-09-05 06:40 - 00000000 ____D C:\Users\Jacinthe\Application Data\Mozilla
2013-05-06 10:25 - 2009-09-05 06:40 - 00000000 ____D C:\Users\Jacinthe\AppData\Roaming\Mozilla
2013-05-06 10:25 - 2009-09-05 06:40 - 00000000 ____D C:\Users\Jacinthe\AppData\Local\Mozilla
2013-05-06 10:25 - 2009-09-03 19:09 - 00000000 ____D C:\Users\Jacinthe\Application Data\Adobe
2013-05-06 10:25 - 2009-09-03 19:09 - 00000000 ____D C:\Users\Jacinthe\AppData\Roaming\Adobe
2013-05-06 10:24 - 2011-09-07 16:42 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Google
2013-05-06 10:24 - 2011-09-07 16:42 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Application Data\Google
2013-05-06 10:24 - 2011-09-07 16:42 - 00000000 ____D C:\Users\Jacinthe\AppData\Local\Google
2013-05-06 10:24 - 2011-06-19 18:05 - 00000000 ____D C:\ProgramData\Real
2013-05-06 10:24 - 2011-06-19 18:05 - 00000000 ____D C:\ProgramData\Application Data\Real
2013-05-06 10:24 - 2009-09-07 14:33 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Application Data\Adobe
2013-05-06 10:24 - 2009-09-07 14:33 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Adobe
2013-05-06 10:24 - 2009-09-07 14:33 - 00000000 ____D C:\Users\Jacinthe\AppData\Local\Adobe
2013-05-06 10:24 - 2009-09-03 19:46 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Microsoft Games
2013-05-06 10:24 - 2009-09-03 19:46 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Application Data\Microsoft Games
2013-05-06 10:24 - 2009-09-03 19:46 - 00000000 ____D C:\Users\Jacinthe\AppData\Local\Microsoft Games
2013-05-06 10:24 - 2009-09-03 17:38 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Hewlett-Packard
2013-05-06 10:24 - 2009-09-03 17:38 - 00000000 ____D C:\Users\Jacinthe\Local Settings\Application Data\Hewlett-Packard
2013-05-06 10:24 - 2009-09-03 17:38 - 00000000 ____D C:\Users\Jacinthe\AppData\Local\Hewlett-Packard
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2011-12-14 21:41:45
Restore point made on: 2011-12-15 20:17:43
Restore point made on: 2011-12-22 12:56:55
Restore point made on: 2011-12-23 14:06:17
Restore point made on: 2011-12-29 19:16:19
Restore point made on: 2011-12-30 19:19:02
Restore point made on: 2012-01-01 12:03:32
Restore point made on: 2012-01-07 07:26:29
Restore point made on: 2012-01-08 16:14:22
Restore point made on: 2012-01-11 21:02:54
Restore point made on: 2012-01-13 19:48:08
Restore point made on: 2012-01-15 11:25:17
Restore point made on: 2012-01-21 16:43:07
Restore point made on: 2012-01-28 10:08:33
Restore point made on: 2012-01-29 16:19:30
Restore point made on: 2012-01-30 15:57:47
Restore point made on: 2012-01-31 22:06:18
Restore point made on: 2012-02-02 10:50:39
Restore point made on: 2012-02-06 18:05:14
Restore point made on: 2012-02-06 18:13:31
Restore point made on: 2012-02-06 18:35:20
Restore point made on: 2012-02-06 19:29:50
Restore point made on: 2012-02-08 18:34:26
Restore point made on: 2012-02-15 17:41:06
Restore point made on: 2012-02-15 23:24:43
Restore point made on: 2012-02-16 17:57:20
Restore point made on: 2012-02-16 20:08:57
Restore point made on: 2012-02-20 10:19:38
Restore point made on: 2012-02-24 18:23:48
Restore point made on: 2012-02-26 16:11:46
Restore point made on: 2012-02-26 17:14:56
Restore point made on: 2012-03-03 21:12:06
Restore point made on: 2012-03-05 21:35:31
Restore point made on: 2012-03-06 16:13:03
Restore point made on: 2012-03-06 22:54:25
Restore point made on: 2012-03-11 00:00:51
Restore point made on: 2012-03-14 18:00:30
Restore point made on: 2012-03-16 19:20:05
Restore point made on: 2012-03-17 16:46:21
 
==================== Memory info =========================== 
 
Percentage of memory in use: 19%
Total physical RAM: 3838.38 MB
Available physical RAM: 3098.68 MB
Total Pagefile: 3478.67 MB
Available Pagefile: 3070.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:684.47 GB) (Free:527.4 GB) NTFS (Disk=1 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:14.16 GB) (Free:2 GB) NTFS (Disk=1 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: (OS) (Fixed) (Total:917.97 GB) (Free:817.13 GB) NTFS (Disk=0 Partition=2)
Drive g: (HP_RECOVERY) (Fixed) (Total:13.44 GB) (Free:1.65 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive i: (ASLANDESIGN) (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
 
====================================================================
Disk: 0 (Size: 932 GB) (Disk ID: 951E1A9F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
 
====================================================================
Disk: 1 (Size: 699 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=14 GB) - (Type=07 NTFS)
 
====================================================================
Disk: 2 (Size: 977 MB) (Disk ID: 6F20736B)
Partition 1: (Not Active) - (Size=544 GB) - (Type=72)
Partition 2: (Not Active) - (Size=923 GB) - (Type=65)
Partition 3: (Not Active) - (Size=923 GB) - (Type=79)
Partition 4: (Not Active) - (Size=27 MB) - (Type=0D)
 
 
Last Boot: 2012-03-10 16:58
 
==================== End Of Log ============================


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:31 PM

Posted 07 May 2013 - 11:54 AM

There seems to be more than one hard drives with boot components in the computer.

Open notepad. Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive, next to FRST, as fixlist.txt
 
start
cmd: bcdedit /enum all /v 
end
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 11 May 2013 - 10:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/493688 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 11 May 2013 - 10:46 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users