Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 unable to start


  • This topic is locked This topic is locked
10 replies to this topic

#1 jenny17

jenny17

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 21 February 2015 - 09:01 AM

Hi there,

 

Requesting for your assistance please.

Windows 7 failed to start as it just keeps on restarting.

 

I have tried to do a Startup Repair and System Restore but still no luck:

 

The Windows Repair Problem Signature
Problem Event Name: Startup Repair Offline
Problem Signature 1: 6.1.7600.16385
Problem Signature 2: 6.1.7600.16385
Problem Signature 3: Unknown
Problem Signature 4: 21200150
Problem Signature 5: AutoFailover
Problem Signature 6: 20
Problem Signature 7: BadDriver
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

 

 

I have executed Farbar Recovery Scan Tool via cmd and here's what I've got:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01
Ran by SYSTEM on MININT-VOS27NI on 07-02-2015 16:08:35
Running from F:\
Platform: Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [251248 2010-06-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2145000 2010-03-29] (ESET)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2008-05-26] (Apple Inc.)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2009-07-13] (Microsoft Corporation)
HKU\Mel\...\Run: [stin] => wscript.exe //B "C:\Users\Mel\AppData\Local\Temp\stin.vbs" <===== ATTENTION
HKU\Mel\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Mel\...\Run: [iMesh] => "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" --lightmode
HKU\Mel\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [288048 2013-12-02] (BitTorrent, Inc.)
HKU\Mel\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\Mel\...\Run: [Facebook Update] => C:\Users\Mel\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-06] (Facebook Inc.)
HKU\Mel\...\Run: [SoftonicAssistant] => C:\Users\Mel\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe [1829832 2014-11-11] ()
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nero Burning ROM 2014 v15.0.01300 ML Incl Crack + Key [TorDigger].lnk
ShortcutTarget: Nero Burning ROM 2014 v15.0.01300 ML Incl Crack + Key [TorDigger].lnk -> C:\ProgramData\{26bf9399-cc4b-5ea6-26bf-f9399cc44e67}\Nero Burning ROM 2014 v15.0.01300 ML Incl Crack + Key [TorDigger].exe ()
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Music Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 24c54e38; c:\Program Files\DeltaFix\DeltaFix.dll [4182016 2015-01-02] () <==== ATTENTION
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33560 2010-03-29] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810120 2010-03-29] (ESET)
S2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [70848 2014-04-01] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [22016 2013-06-22] (Apache Software Foundation)
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [10923520 2013-06-22] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [134024 2010-03-29] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [114984 2010-03-29] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96896 2010-03-29] (ESET)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [376832 2009-12-15] (Realtek Semiconductor Corporation                           )
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181432 2012-06-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
S0 uagp35; C:\Windows\System32\DRIVERS\sisagpx.sys [58400 2009-08-01] (Silicon Integrated Systems Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 16:08 - 2015-02-07 16:08 - 00000000 ____D () C:\FRST
2015-02-04 12:27 - 2015-02-06 17:28 - 00000020 _____ () C:\Users\Mel\AppData\Roaming\appdataFr3.bin
2015-01-20 23:01 - 2015-01-21 00:24 - 00000000 ____D () C:\Users\Mel\Desktop\Art App Sound Group 4
2015-01-20 20:11 - 2015-01-20 20:11 - 00001288 _____ () C:\Users\Mel\Downloads\dianne.sql
2015-01-20 20:11 - 2015-01-20 20:11 - 00001179 _____ () C:\Users\Mel\Downloads\login(2).sql
2015-01-20 20:09 - 2015-01-20 21:03 - 00000000 ____D () C:\Users\Mel\Desktop\ecom
2015-01-20 20:07 - 2015-01-20 20:07 - 00001293 _____ () C:\Users\Mel\Downloads\abigail.sql
2015-01-20 20:07 - 2015-01-20 20:07 - 00001182 _____ () C:\Users\Mel\Downloads\login(1).sql
2015-01-20 17:38 - 2015-01-20 17:38 - 00001286 _____ () C:\Users\Mel\Downloads\aljon (2).sql
2015-01-20 17:38 - 2015-01-20 17:38 - 00001179 _____ () C:\Users\Mel\Downloads\login (1).sql
2015-01-20 17:29 - 2015-01-20 17:29 - 00001286 _____ () C:\Users\Mel\Downloads\aljon (1).sql
2015-01-20 17:29 - 2015-01-20 17:29 - 00001179 _____ () C:\Users\Mel\Downloads\login.sql
2015-01-20 17:28 - 2015-01-20 17:29 - 00001286 _____ () C:\Users\Mel\Downloads\aljon.sql
2015-01-20 08:00 - 2015-01-20 08:00 - 00001250 _____ () C:\Users\Mel\Downloads\joash (1).sql
2015-01-20 07:55 - 2015-01-20 07:55 - 00001250 _____ () C:\Users\Mel\Downloads\joash.sql
2015-01-20 07:03 - 2015-01-20 07:03 - 00001289 _____ () C:\Users\Mel\Downloads\rafael.sql
2015-01-20 02:27 - 2015-01-20 02:27 - 00447219 _____ () C:\Users\Mel\Downloads\colorway.3.2.9.zip
2015-01-19 19:33 - 2015-01-19 19:33 - 00095143 _____ () C:\Users\Mel\Desktop\Royal Entrance.wma
2015-01-19 19:31 - 2015-01-19 19:31 - 00086143 _____ () C:\Users\Mel\Desktop\Footsteps.wma
2015-01-19 19:09 - 2015-01-19 19:35 - 00000000 ____D () C:\Users\Mel\Desktop\New folder
2015-01-19 16:52 - 2015-01-19 16:52 - 00710437 _____ () C:\Users\Mel\Desktop\Bang bang.wma
2015-01-19 16:49 - 2015-01-19 16:49 - 00764353 _____ () C:\Users\Mel\Desktop\Problem.wma
2015-01-19 16:45 - 2015-01-19 16:45 - 02138729 _____ () C:\Users\Mel\Desktop\Bahala na.wma
2015-01-19 15:19 - 2015-01-24 06:21 - 09886305 _____ () C:\Users\Mel\Desktop\Billy Crawford and Vhong Navarro dance again on 'Showtime'.mp4
2015-01-19 14:18 - 2015-01-21 07:06 - 00000000 ____D () C:\Users\Mel\Desktop\ART APP SOUND EFFECTS
2015-01-19 13:49 - 2015-02-07 14:36 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Adobe
2015-01-19 13:46 - 2015-01-19 13:46 - 00000000 ____D () C:\Users\Mel\Desktop\Pogi aljon
2015-01-19 13:06 - 2015-01-19 13:06 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2015-01-19 12:48 - 2015-01-19 12:48 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2015-01-19 12:46 - 2015-01-19 13:09 - 00000000 ____D () C:\Users\Mel\Desktop\new
2015-01-19 09:44 - 2015-01-19 09:44 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-19 09:44 - 2015-01-19 09:44 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-19 09:44 - 2015-01-19 09:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-19 09:44 - 2015-01-19 09:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-19 09:23 - 2015-01-19 09:24 - 00243440 _____ () C:\Users\Mel\Downloads\Firefox Setup Stub 35.0.1.exe
2015-01-19 09:04 - 2014-05-03 13:44 - 36019739 _____ (Hervé Leclerc (HeL) ) C:\Users\Mel\Desktop\Wampserver2.4-x86.exe
2015-01-19 08:57 - 2015-02-07 14:36 - 00000000 ____D () C:\wamp
2015-01-19 05:00 - 2015-01-19 05:02 - 02931206 _____ () C:\Users\Mel\Downloads\marketing on the web.pptx
2015-01-18 13:58 - 2015-01-18 14:55 - 00000000 ____D () C:\Users\Mel\Desktop\Photos
2015-01-18 12:13 - 2015-01-18 12:14 - 01574343 _____ () C:\Users\Mel\Downloads\Romantic-Opera-Discussion-Tom.pptx
2015-01-18 12:12 - 2015-01-18 12:13 - 00803906 _____ () C:\Users\Mel\Downloads\Vocal Music of Romantic Period.pptx
2015-01-18 11:07 - 2015-02-07 14:36 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Adobe-BackupByDreamweaverPortable
2015-01-18 11:07 - 2015-01-18 11:07 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-17 19:37 - 2015-01-17 19:37 - 00581632 _____ () C:\Users\Mel\Downloads\e3-chap-13.ppt
2015-01-13 00:15 - 2015-01-13 00:15 - 00000000 ___HD () C:\ProgramData\yahoo!
2015-01-12 21:23 - 2015-02-07 14:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-12 21:23 - 2015-01-12 21:23 - 00000000 ____D () C:\Users\Mel\AppData\Local\Adobe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 14:36 - 2015-01-03 04:37 - 00000000 ____D () C:\Users\Mel\Desktop\Dream Weaver Portable
2015-02-07 14:36 - 2013-12-02 13:52 - 00000000 ____D () C:\Users\Mel\AppData\Local\Pokki
2015-02-07 14:36 - 2012-05-13 21:12 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\uTorrent
2015-02-07 14:36 - 2012-05-13 19:48 - 00000000 ____D () C:\users\Mel
2015-02-07 14:36 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\wfp
2015-02-07 14:36 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\registration
2015-02-07 14:36 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-21 07:13 - 2013-09-19 21:10 - 00000000 ____D () C:\Users\Mel\AppData\Local\WMTools Downloaded Files
2015-01-20 01:47 - 2012-11-10 23:56 - 00000000 ____D () C:\Users\Mel\Desktop\Gr. 1 Teacher's Guide
2015-01-19 22:48 - 2012-05-15 04:17 - 00060928 _____ () C:\Users\Mel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-19 22:40 - 2012-05-13 19:52 - 00730320 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-19 21:43 - 2009-07-13 20:39 - 00247136 _____ () C:\Windows\setupact.log
2015-01-19 20:57 - 2013-09-11 03:09 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Skype
2015-01-19 19:10 - 2009-07-13 20:34 - 00016944 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 19:10 - 2009-07-13 20:34 - 00016944 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 19:05 - 2012-05-14 08:28 - 01681285 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 19:03 - 2015-01-02 20:07 - 00000000 ____D () C:\Users\Mel\AppData\Local\SoftonicAssistant
2015-01-19 09:45 - 2012-05-17 02:42 - 00000000 ____D () C:\Users\Mel\AppData\Local\Mozilla
2015-01-12 23:56 - 2012-05-14 09:11 - 00000000 ____D () C:\Windows.old
2015-01-12 20:42 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-12 07:55 - 2015-01-03 04:46 - 00000000 ____D () C:\Users\Mel\Desktop\Wamp
 
Some content of TEMP:
====================
C:\Users\Mel\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Mel\AppData\Local\Temp\Delta.exe
C:\Users\Mel\AppData\Local\Temp\DeltaTB.exe
C:\Users\Mel\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Mel\AppData\Local\Temp\oct1779.tmp.exe
C:\Users\Mel\AppData\Local\Temp\oct5CB4.tmp.exe
C:\Users\Mel\AppData\Local\Temp\octB3EA.tmp.exe
C:\Users\Mel\AppData\Local\Temp\propsys.dll
C:\Users\Mel\AppData\Local\Temp\SimBundD.exe
C:\Users\Mel\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\Mel\AppData\Local\Temp\WSSetup.exe
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-01-19 23:18:43
 
==================== Memory info =========================== 
 
Percentage of memory in use: 19%
Total physical RAM: 1917.17 MB
Available physical RAM: 1540.48 MB
Total Pagefile: 1917.17 MB
Available Pagefile: 1539.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1957 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:78.12 GB) (Free:12.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:70.92 GB) (Free:55.86 GB) NTFS
Drive f: (GAK-C) (Removable) (Total:3.73 GB) (Free:0.37 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 9A9A9A9A)
Partition 1: (Active) - (Size=78.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=70.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C5E2771D)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
 
 
LastRegBack: 2015-01-19 23:12
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 PM

Posted 21 February 2015 - 10:32 AM

Hello jenny17 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

 

 

Startup: C:\Users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nero Burning ROM 2014 v15.0.01300 ML Incl Crack + Key [TorDigger].lnk
ShortcutTarget: Nero Burning ROM 2014 v15.0.01300 ML Incl Crack + Key [TorDigger].lnk -> C:\ProgramData\{26bf9399-cc4b-5ea6-26bf-f9399cc44e67}\Nero Burning ROM 2014 v15.0.01300 ML Incl Crack + Key [TorDigger].exe ()

 

This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

 

 

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

 

----------------------------------------------------------------------------------

 

Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box...

Attached Images

 

Ashampoo_Snap_20140927_13h17m38s_001_Far

 

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 2:

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 jenny17

jenny17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 21 February 2015 - 08:56 PM

Hi Yilmaz, 

 

Thanks for helping me on this and rest assured that I won't engaged to those kind of applications anymore.

However it is hard for me to follow your instructions as Windows 7 won't able to start normally as it just keeps on restarting.

 

I run FRST via cmd and did not see "Addition.txt", only 2 checkbox are available under Optional Scan (List BCD and Drivers MD5). 

 

Please advise.

Thanks!



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 PM

Posted 22 February 2015 - 08:13 AM

Hi Yilmaz, 

 

Thanks for helping me on this and rest assured that I won't engaged to those kind of applications anymore.

However it is hard for me to follow your instructions as Windows 7 won't able to start normally as it just keeps on restarting.

 

I run FRST via cmd and did not see "Addition.txt", only 2 checkbox are available under Optional Scan (List BCD and Drivers MD5). 

 

Please advise.

Thanks!

Okay,thank you.

well, do you can others processes,step1 and 2 ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 jenny17

jenny17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 22 February 2015 - 08:50 AM

I tried and here's what I got:

 

3 consecutive errors encountered after executing mbar-1.09.1.1004.exe via cmd:

  • ""%UserDesktop%\mbar\mbar.cmd" "%UserDesktop%\mbar"". The system cannot find the file specified
  • The program can't start because VERSION.dll is missing from your computer. Try reinstalling the program to fix this problem.
  • The program can't start because API-MS-WIN-Service-CoreL1-1-0.dll is missing from your computer. Try reinstalling the program to fix this problem.

 

Error encountered after executing RogueKiller.exe via cmd:

  • The program can't start because OPENGL32.dll is missing from you computer. Try reinstalling the program to fix this problem


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 PM

Posted 22 February 2015 - 11:41 AM

Hi jenny17,

 

Run sfc /scannow from Elevated Command

  • Click Start and Type cmd
  • Right click on cmd.jpg and select runasadministrator.jpg
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Type the following at the Command Prompt and press Enter
    • sfc /scannow
  • Upon completion, if you are notified corrupted files were found and repaired please do the following
  • Navigate to the following location, zip the file and attach it to your response

    C:\Windows\Logs\CBS\CBS.log
  • If sfc /scannow detected corrupted files please reboot your computer to see if you notice any difference

Then reboot and let me know how it is.
 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 jenny17

jenny17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 22 February 2015 - 02:05 PM

Hi Yilmaz,

 

Please note that I can't boot windows 7 normally as it keeps on resetting. So instead of Start and Type cmd. I go to Repair Your Computer > Command Prompt

 

I typed: sfc /scannow but always getting "There is a system repair pending which requires reboot to complete. Restart Window and run sfc again."

 

Then I typed: SFC /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\Windows\  and received: "Windows Resource Protection did not find any integrity violations"



#8 jenny17

jenny17
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:32 PM

Posted 22 February 2015 - 02:22 PM

After doing SFC /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\Windows\ result still the same. Windows 7 still failed to boot normally and keeps on restarting.



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 PM

Posted 22 February 2015 - 06:26 PM

Hi jenny17,

 

This problem started when? Before,did you use Adwcleaner,Junkware Removal Tool and Erunt softwares

 

Step 1:

Please go to: VirusTotal

  • On the page you'll find a "Choose File" button.
  • Click on the Choose File button.
  • In the Choose File to Upload window which opens, copy and paste this into the File Name box.

C:\Users\Mel\AppData\Local\Temp\stin.vbs
C:\Program Files\Music Toolbar\Datamngr\apcrtldr.dll
C:\Program Files\DeltaFix\DeltaFix.dll

  • Next, click the Open button.
  • Then click the "Scan It!" button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now

Once scanned, copy and paste the link to the results page in your next reply.

Step 2:
Please run Farbar Service Scanner.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 3:

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 PM

Posted 26 February 2015 - 04:19 PM

Hello ,

 

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:32 PM

Posted 01 March 2015 - 05:35 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users