Jump to content
Sign in to follow this  
LovelessUchiha

Programs won't run, can't even run antivirus or system restore

Recommended Posts

My computer shutdown on its own, I restarted it and I now cannot open ANY programs. I can't run any antivirus from my computer or from a flash drive. I can click my files and all that. But no processes can be run. Internet searches are not helpful. I wanted to avoid a system restore but ended up backing some of my files incase, after much frustration I gave up and was going to restart to manufacturer settings but I can't even run the system restore. Can anyone help me with this?

I can't even access the internet from my computer, so I can't download any new programs to help clean it up.

Share this post


Link to post
Share on other sites

Hello LovelessUchiha! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

We need a USB Flash drive to transfer some files. Please immunize your USB Flash drive before connect it with the infected PC.

www.pandasecurity.com/homeusers/downloads/usbvaccine/

What is the operating system of the infected PC?

Share this post


Link to post
Share on other sites

I am in my event viewer but I am not sure exactely where the logs are that I need to copy/paste. I have seen others post their logs and nothing looks like what I see people posting. I'm sorry, I have never looked at my logs before.

I am running Windows 7.

Share this post


Link to post
Share on other sites

Don't worry, just follow my instructions.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Share this post


Link to post
Share on other sites

Thank you!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-10-2012

Ran by SYSTEM at 07-10-2012 18:21:04

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446760 2012-01-06] (Garmin)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)

HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)

HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)

HKLM-x32\...\Run: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]

HKU\Loveless\...\Run: [Akamai NetSession Interface] "C:\Users\Loveless\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)

HKU\Loveless\...\Run: [Google Update] "C:\Users\Loveless\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-23] (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

==================== Services (Whitelisted) ===================

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll [4537664 2012-09-10] (Akamai Technologies, Inc.)

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira Operations GmbH & Co. KG)

2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations GmbH & Co. KG)

3 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-10-26] (Lavasoft Limited)

2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)

2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [267488 2011-07-27] ()

==================== Drivers (Whitelisted) =====================

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-05-08] (Avira GmbH)

1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-05-08] (Avira GmbH)

1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-09-16] (Avira GmbH)

3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-10-16] ()

3 dump_wmimmc; \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [x]

3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

3 X6va001; \??\C:\Users\Loveless\AppData\Local\Temp\0018181.tmp [x]

3 X6va003; \??\C:\Users\Loveless\AppData\Local\Temp\003CFCE.tmp [x]

3 X6va005; \??\C:\Users\Loveless\AppData\Local\Temp\005FB8C.tmp [x]

3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-10-07 15:10 - 2012-10-07 15:10 - 00000000 ____D C:\FRST

2012-10-07 14:39 - 2012-05-31 09:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-10-07 09:16 - 2009-07-13 17:39 - 00427008 ____A (Microsoft Corporation) C:\Windows\regedit.com

2012-10-07 09:14 - 2012-10-07 09:10 - 00002127 ____A C:\Users\Loveless\Desktop\win7-regfix.reg

2012-10-07 07:35 - 2012-10-07 14:22 - 00000168 ____A C:\Windows\setupact.log

2012-10-07 07:35 - 2012-10-07 07:35 - 00000000 ____A C:\Windows\setuperr.log

2012-10-07 06:59 - 2012-10-07 06:59 - 00000000 ____D C:\Users\Guest\AppData\Local\Microsoft Games

2012-10-07 06:58 - 2012-10-07 06:58 - 00000000 ___RD C:\Users\Guest\Podcasts

2012-10-07 06:57 - 2012-10-07 06:58 - 00000000 ____D C:\users\Guest

2012-10-07 06:57 - 2012-10-07 06:57 - 00000020 __ASH C:\Users\Guest\ntuser.ini

2012-10-07 06:57 - 2010-11-23 23:41 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia

2012-10-06 17:36 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-10-06 16:05 - 2012-10-07 09:25 - 00000000 ____D C:\Windows\pss

2012-10-06 09:56 - 2012-10-06 13:54 - 00006464 ____A C:\Users\Loveless\AppData\Local\chromeupdate.crx

2012-09-26 03:03 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe

2012-09-22 05:49 - 2012-08-24 10:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-09-22 05:49 - 2012-08-24 10:05 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-09-22 05:49 - 2012-08-24 10:05 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-09-22 05:49 - 2012-08-24 10:03 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-09-22 05:49 - 2012-08-24 10:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-09-22 05:49 - 2012-08-24 10:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-09-22 05:49 - 2012-08-24 10:03 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-09-22 05:49 - 2012-08-24 10:02 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-09-22 05:49 - 2012-08-24 10:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-09-22 05:49 - 2012-08-24 10:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-09-22 05:49 - 2012-08-24 08:57 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-09-22 05:49 - 2012-08-24 08:57 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-09-22 05:49 - 2012-08-24 08:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-09-22 05:49 - 2012-08-24 08:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-09-22 05:49 - 2012-08-24 08:57 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-09-22 05:49 - 2012-08-24 08:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-09-22 05:49 - 2012-08-24 08:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-09-22 05:49 - 2012-08-24 08:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-09-22 05:49 - 2012-08-24 08:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-09-22 05:49 - 2012-08-24 08:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-09-22 05:49 - 2012-08-24 07:59 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-09-22 05:49 - 2012-08-24 07:20 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-09-12 02:13 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-09-12 02:13 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-09-12 02:13 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-09-12 02:13 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-09-12 02:13 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-09-12 02:13 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-09-12 02:13 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

2012-09-07 15:28 - 2012-09-07 15:46 - 00000000 ____D C:\Users\Loveless\Downloads\The.Tall.Man.2012.HDRip.XviD-HS

==================== 3 Months Modified Files ==================

2012-10-07 15:17 - 2010-11-23 23:14 - 01737706 ____A C:\Windows\WindowsUpdate.log

2012-10-07 15:09 - 2012-05-02 11:45 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2288801755-3289631723-4083887882-1000UA.job

2012-10-07 14:34 - 2011-06-01 19:17 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-10-07 14:32 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-07 14:32 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-07 14:24 - 2011-06-01 19:17 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-10-07 14:22 - 2012-10-07 07:35 - 00000168 ____A C:\Windows\setupact.log

2012-10-07 14:22 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-07 14:21 - 2011-10-16 09:59 - 00037999 ____A C:\aaw7boot.log

2012-10-07 09:10 - 2012-10-07 09:14 - 00002127 ____A C:\Users\Loveless\Desktop\win7-regfix.reg

2012-10-07 09:06 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI

2012-10-07 07:35 - 2012-10-07 07:35 - 00000000 ____A C:\Windows\setuperr.log

2012-10-07 06:57 - 2012-10-07 06:57 - 00000020 __ASH C:\Users\Guest\ntuser.ini

2012-10-06 13:54 - 2012-10-06 09:56 - 00006464 ____A C:\Users\Loveless\AppData\Local\chromeupdate.crx

2012-10-06 10:16 - 2011-01-29 18:45 - 06529024 ____A C:\Users\Loveless\Documents\My Money.mny

2012-10-04 11:48 - 2012-04-11 08:46 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-10-04 11:48 - 2011-05-19 08:12 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-10-04 11:46 - 2012-02-06 16:41 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForLoveless.job

2012-10-04 03:09 - 2012-05-02 11:45 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2288801755-3289631723-4083887882-1000Core.job

2012-10-03 10:26 - 2011-10-23 07:42 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat

2012-10-03 10:26 - 2011-10-23 07:42 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat

2012-09-30 16:39 - 2011-01-30 17:46 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2012-09-27 18:11 - 2012-05-02 11:47 - 00002512 ____A C:\Users\Loveless\Desktop\Google Chrome.lnk

2012-09-22 10:19 - 2011-03-01 14:25 - 00000354 ____A C:\Windows\Tasks\HPCeeScheduleForLOVELESSUCHIHA$.job

2012-09-13 15:07 - 2012-08-11 10:27 - 00012844 ____A C:\Users\Loveless\Desktop\language.dat

2012-09-13 00:00 - 2011-01-31 03:27 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-08-29 15:27 - 2010-11-24 02:24 - 00646358 ____A C:\Windows\PFRO.log

2012-08-28 19:49 - 2012-08-28 19:49 - 00002109 ____A C:\Users\Public\Desktop\Conquer Online 2.0.lnk

2012-08-25 12:31 - 2012-08-25 12:30 - 00000173 ____A C:\Windows\EQ3D.ini

2012-08-24 10:05 - 2012-09-22 05:49 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-24 10:05 - 2012-09-22 05:49 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-24 10:05 - 2012-09-22 05:49 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-24 10:03 - 2012-09-22 05:49 - 09056256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-24 10:03 - 2012-09-22 05:49 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-24 10:03 - 2012-09-22 05:49 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-24 10:03 - 2012-09-22 05:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-24 10:02 - 2012-09-22 05:49 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-24 10:02 - 2012-09-22 05:49 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-24 10:02 - 2012-09-22 05:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-24 08:57 - 2012-09-22 05:49 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-24 08:57 - 2012-09-22 05:49 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-24 08:57 - 2012-09-22 05:49 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-24 08:57 - 2012-09-22 05:49 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-08-24 08:57 - 2012-09-22 05:49 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-24 08:57 - 2012-09-22 05:49 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-24 08:56 - 2012-09-22 05:49 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-24 08:56 - 2012-09-22 05:49 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-24 08:56 - 2012-09-22 05:49 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-24 08:56 - 2012-09-22 05:49 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-24 07:59 - 2012-09-22 05:49 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-24 07:20 - 2012-09-22 05:49 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-22 10:12 - 2012-09-12 02:13 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-08-22 10:12 - 2012-09-12 02:13 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-08-22 10:12 - 2012-09-12 02:13 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-08-22 10:12 - 2012-09-12 02:13 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-08-21 16:23 - 2012-08-21 16:23 - 01807872 ____A C:\Users\Loveless\Desktop\TS010078947.dot

2012-08-21 13:01 - 2012-09-26 03:03 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe

2012-08-14 17:46 - 2009-07-13 20:45 - 00289384 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-14 17:37 - 2012-08-14 17:37 - 00000929 ____A C:\Users\Public\Desktop\Zune.lnk

2012-08-12 19:59 - 2009-07-13 21:08 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-12 13:17 - 2012-08-12 13:17 - 00000020 __ASH C:\Users\Mcx1-LOVELESSUCHIHA\ntuser.ini

2012-08-12 13:17 - 2012-07-10 19:01 - 00000258 _RASH C:\Users\All Users\ntuser.pol

2012-08-05 17:09 - 2012-08-05 17:09 - 00498688 ____A C:\Users\Loveless\Desktop\default.osr

2012-08-03 13:45 - 2012-08-03 13:45 - 00020828 ____A C:\Users\Loveless\Downloads\EZ Drummer KeyGen.rar

2012-08-02 09:58 - 2012-09-12 02:13 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-08-02 08:57 - 2012-09-12 02:13 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-07-31 06:27 - 2010-04-12 16:59 - 05997696 ____A C:\Users\Loveless\Desktop\ogplauncher.exe

2012-07-29 17:00 - 2011-10-30 05:56 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2012-07-18 10:15 - 2012-08-14 14:50 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

ATTENTION: ========> Check for possible partition/boot infection:

C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-01 21:07:21

Restore point made on: 2012-09-12 15:39:06

Restore point made on: 2012-09-13 00:00:14

Restore point made on: 2012-09-19 20:20:48

Restore point made on: 2012-09-20 02:39:06

Restore point made on: 2012-09-23 00:00:25

Restore point made on: 2012-09-27 00:00:51

Restore point made on: 2012-10-02 17:17:58

Restore point made on: 2012-10-04 12:40:43

Restore point made on: 2012-10-06 17:32:11

Restore point made on: 2012-10-06 17:48:24

Restore point made on: 2012-10-07 14:39:11

==================== Memory info ===========================

Percentage of memory in use: 15%

Total physical RAM: 5887.29 MB

Available physical RAM: 4981.88 MB

Total Pagefile: 5885.43 MB

Available Pagefile: 4957.44 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:918.17 GB) (Free:293.6 GB) NTFS

2 Drive e: (HP_RECOVERY) (Fixed) (Total:13.24 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive g: () (Removable) (Total:3.72 GB) (Free:3.71 GB) FAT32

9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 3815 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 918 GB 101 MB

Partition 3 Primary 13 GB 918 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 918 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E HP_RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3814 MB 8 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G FAT32 Removable 3814 MB Healthy

=========================================================

Last Boot: 2012-10-07 08:14

==================== End Of Log =============================

Share this post


Link to post
Share on other sites

Thanks!

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [] [x]
C:\Windows\svchost.exe
cmd: bootrec /FixMbr
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Share this post


Link to post
Share on other sites

I am having trouble. I saved the text on the flashdrive. But when I entered the System Recovery the only option with Command Prompt was Safe mode with Command Prompt. I went into it and typed FRST64 and it told me this was not recognized. I must be doing the wrong thing, I have looked around and can't find where I am supposed to be.

While I was typing this a popup appeared from my antivirus, I checked and everything seems clickable again and I can now perform virus scans.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.