unable to get into safe mode, suspect moneypak

[Thoth7]

Working on a cleanup for a laptop that came in with a note saying it was a moneypak ransomware screen. I am unable to get into safe mode / safe mode w/command prompt without the machine restarting instantly. Oddly, booting normally sort of works (there is a normal desktop, no locked screem w/ ransom message), but it is incredibly slow and if any internet connection is made (ethernet or wifi) Explorer hard locks and the machine must be shut down via power switch.

 

I will be unable to respond for about 16-18 hours (time to go home), but I will check back first thing in the morning (CST) and will be able to be actively checking and responding then. Thanks in advance for any help you can give. Talk to you soon.

 

frst64 log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01

Ran by SYSTEM on MININT-Q87V5JK on 12-02-2014 16:37:56

Running from E:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

 

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)

HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)

HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-07-12] ()

HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)

HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-09-16] (VIA)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware (reboot)] - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] - -

HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)

HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\EE\...\Run: [Desktop Software] - C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe [1025320 2009-04-23] (SupportSoft, Inc.)

IFEO\OLT.exe: [Debugger] svchost.exe

 

==================== Services (Whitelisted) =================

 

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)

S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)

S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.)

S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.)

S2 MOBK400backup; C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe [231224 2010-06-01] (McAfee, Inc.)

S2 Office Depot PC Support Agent; C:\Program Files (x86)\Office Depot PC Support Agent\esService.exe [933784 2012-02-24] (Support.com, Inc.)

S2 Winmgmt; C:\Users\EE\AppData\Local\Temp\Low\j8z0th7t.zvv [60540 2014-01-25] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.)

S2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.)

S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.)

S2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.)

S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)

S2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.)

S1 MOBK400Filter; C:\Windows\System32\DRIVERS\MOBK400.sys [66040 2010-06-01] (Mozy, Inc.)

S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-11] ()

S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-01-23] (support.com, Inc)

S3 tmlwf; 

S3 tmwfp; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-12 16:37 - 2014-02-12 16:37 - 00000000 ____D () C:\FRST

2014-02-12 09:08 - 2014-02-12 09:13 - 00000000 ____D () C:\Users\EE\Desktop\New folder

2014-02-11 05:49 - 2014-02-11 05:49 - 00524168 _____ () C:\Windows\Minidump\021114-24819-01.dmp

2014-01-26 07:22 - 2014-01-26 07:22 - 00000262 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{C114BAFD-BBA9-4A43-9449-8A1E00854625}.job

2014-01-22 09:50 - 2013-09-23 11:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys

2014-01-15 06:38 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys

2014-01-15 06:38 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys

2014-01-15 06:38 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys

2014-01-15 06:38 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys

2014-01-15 06:38 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys

2014-01-15 06:38 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys

2014-01-15 06:38 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys

2014-01-15 06:37 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2014-01-15 06:37 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

 

==================== One Month Modified Files and Folders =======

 

2014-02-12 16:37 - 2014-02-12 16:37 - 00000000 ____D () C:\FRST

2014-02-12 10:17 - 2009-07-13 21:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-02-12 10:16 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-12 10:16 - 2009-07-13 20:51 - 00042866 _____ () C:\Windows\setupact.log

2014-02-12 09:22 - 2009-07-13 20:45 - 00010240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-12 09:22 - 2009-07-13 20:45 - 00010240 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-12 09:13 - 2014-02-12 09:08 - 00000000 ____D () C:\Users\EE\Desktop\New folder

2014-02-11 05:51 - 2011-02-19 10:35 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-02-11 05:50 - 2010-04-02 23:03 - 00001690 _____ () C:\Windows\System32\ServiceFilter.ini

2014-02-11 05:49 - 2014-02-11 05:49 - 00524168 _____ () C:\Windows\Minidump\021114-24819-01.dmp

2014-02-11 05:49 - 2011-05-25 11:56 - 520709111 _____ () C:\Windows\MEMORY.DMP

2014-02-11 05:49 - 2011-05-25 11:56 - 00000000 ____D () C:\Windows\Minidump

2014-02-11 05:49 - 2010-05-18 17:25 - 00101344 _____ () C:\Windows\PFRO.log

2014-02-09 07:39 - 2011-02-19 10:35 - 00000000 ____D () C:\Program Files\Common Files\McAfee

2014-01-26 07:22 - 2014-01-26 07:22 - 00000262 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{C114BAFD-BBA9-4A43-9449-8A1E00854625}.job

2014-01-25 16:47 - 2013-11-20 06:02 - 00215200 _____ () C:\Windows\IE11_main.log

2014-01-25 16:47 - 2010-04-02 22:28 - 01191340 _____ () C:\Windows\WindowsUpdate.log

2014-01-25 16:19 - 2010-09-11 13:49 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C114BAFD-BBA9-4A43-9449-8A1E00854625}

2014-01-16 07:02 - 2009-07-13 21:13 - 00726444 _____ () C:\Windows\System32\PerfStringBackup.INI

2014-01-16 06:57 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-01-16 06:56 - 2009-07-13 20:45 - 00343312 _____ () C:\Windows\System32\FNTCACHE.DAT

2014-01-16 06:37 - 2013-08-17 09:22 - 00000000 ____D () C:\Windows\System32\MRT

2014-01-16 06:33 - 2010-05-18 18:36 - 86054176 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

Restore point made on: 2013-12-30 06:31:24

Restore point made on: 2013-12-31 06:39:35

Restore point made on: 2014-01-01 06:56:05

Restore point made on: 2014-01-02 06:28:00

Restore point made on: 2014-01-03 04:56:09

Restore point made on: 2014-01-04 06:53:03

Restore point made on: 2014-01-05 07:41:30

Restore point made on: 2014-01-06 05:26:48

Restore point made on: 2014-01-07 06:31:23

Restore point made on: 2014-01-08 06:31:37

Restore point made on: 2014-01-09 06:31:00

Restore point made on: 2014-01-10 06:38:31

Restore point made on: 2014-01-11 08:52:36

Restore point made on: 2014-01-12 13:15:09

Restore point made on: 2014-01-13 06:31:27

Restore point made on: 2014-01-14 06:29:22

Restore point made on: 2014-01-15 06:29:20

Restore point made on: 2014-01-16 06:32:47

Restore point made on: 2014-01-17 06:22:57

Restore point made on: 2014-01-18 07:49:28

Restore point made on: 2014-01-19 07:44:53

Restore point made on: 2014-01-20 06:37:59

Restore point made on: 2014-01-21 06:33:12

Restore point made on: 2014-01-22 06:26:40

Restore point made on: 2014-01-23 06:29:46

Restore point made on: 2014-01-24 06:26:17

Restore point made on: 2014-01-25 07:22:32

Restore point made on: 2014-01-25 16:46:11

 

==================== Memory info =========================== 

 

Percentage of memory in use: 15%

Total physical RAM: 4061.09 MB

Available physical RAM: 3434.86 MB

Total Pagefile: 4059.29 MB

Available Pagefile: 3433.79 MB

Total Virtual: 8192 MB

Available Virtual: 8191.87 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:451.11 GB) (Free:401.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (GSP1RMCHPXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

Drive e: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 76692CA8)

Partition 1: (Not Active) - (Size=15 GB) - (Type=1C)

Partition 2: (Active) - (Size=451 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=2 GB) - (Type=0E)

 

 

LastRegBack: 2013-08-25 07:07

 

==================== End Of Log ============================

[Thoth7]

A bit strange, but potentially useful - after some tinkering, I was able to get *some* use of the machine while connected to the internet, but any program I try to run fails to start with a "failed to load dependencies" error.

[kevinf80]

Can you create Kaspersky Rescue CD on a spare system and run on the sick laptop..

 

STEP A:

 

Download and create a bootable Kaspersky Rescue Disk CD

 

1. Download the Kaspersky Rescue Disk ISOimage from below.

 

 KASPERSKY RESCUE DISK DOWNLOAD LINK (This link will open a new page from where you can download Kaspersky Rescue Disk ISO)

 

2. Download ImgBurn, a software that will help us create this bootable disk. (If you already have necessary software, use that)

 

 IMGBURN DOWNLOAD LINK (This link will open a new page from where you can download ImgBurn)

3. You can now insert your blank DVD/CD in your burner.

 

4. Install ImgBurn by following the prompts and then start this program.

 

5. Click on the Write image file to disc button.

 

6. Under 'Source' click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso)

 

7. Click on the big Write button.

 

8. The disc creation process will now start and it will take around 5-10 minutes to complete.

 

 

STEP B:

 

Configure the computer to boot from CD-ROM

 

On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD.

IF this doesn't happen then you'll need to configure your computer to boot for a CD like you'll see below.

 

 Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

 

2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device.

 

3. Insert your Kaspersky Rescue Disk and restart your computer.

 

STEP C:

 

Boot your computer from Kaspersky Rescue Disk

 

1. Your computer will now boot from the Kaspersky Rescue Disk,and you'll be asked to press any key to proceed with this process

 

 

 

 

2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard.

 

 

 

 

3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER.

 

 

 

 

4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard.

 

5. Once the actions described above have been performed, the Kasprsky operating system will start.

 

STEP D:

 

Launch Kaspersky WindowsUnlocker to remove the malicious registry changes

 

This ransomware trojan has modified your Windows system registry so that when you're trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk.

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker.

 

 

 

 

IF you can't find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard.

 

2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode.

 

 

 

 

STEP E:

 

Scan your system with Kaspersky Rescue Disk

 

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update.

 

 

 

 

2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated.

 

 

 

 

3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan.

 

 

 

 

4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side.

 

 

 

 

5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed.

 

 

 

 

6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer.

 

7. When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.

 

Kevin

[Thoth7]

The interface for the rescue disk is a little different, but I think I've managed to figure out what I need to do to follow your steps. Trying to update the database keeps failing and lists the database as "corrupt" rather than "out of date", with a last updated date of over 4 years ago. Trying to re-download the ISO and make a new rescue disk in the hopes that that corrects the issue. Will report back after I get the ScanObject log.

[Thoth7]

Running object scan now, but there was no option to scan the c drive - just Disk Boot Sectors, Hidden Startup Objects, sda1, and sda 2. Is there some configuration setting I am missing to enable scanning c:\?

[Thoth7]

After rebooting into normal mode, there was no record or log from Kaspersky.

 

All attempts to connect the machine to our normal remote tech support folks fails with a "the dependency service or group failed to start" message. I tried opening a command prompt from the normal mode desktop to reset the TCP/IP stack (most common answer related to that error message on searches), but of course, I can't run those commands without starting the command prompt as an admin, and attempting to start the command prompt as an admin just returns the same error message (dependency or service failed).

 

Feeling well and truly stuck here.

 

I'm going to see if I can reset back to a recent restore point using a win7 install disc to get into the recovery tools, and see if that allows me to get anything going. If anyone out there has another suggestion, I'm more than happy to try, and very thankful for the help!

[kevinf80]

Ok the first FRST log you post gives a registry back up dated 25/8/2013, this is the last full registry back up held by the system. We can use that Backup with a FRST fix run via the Recovery Environment..

 

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the original log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

When that completes boot system to normal mode and see how it responds..

fixlist.txt

[Thoth7]

Got it:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2014 01

Ran by SYSTEM at 2014-02-13 17:44:21 Run:1

Running from E:\

Boot Mode: Recovery

==============================================

 

Content of fixlist:

*****************

Start

LastRegBack: 2013-08-25 07:07

End

*****************

 

DEFAULT hive was successfully copied to System32\config\HiveBackup

DEFAULT hive was successfully restored from registry back up.

SAM hive was successfully copied to System32\config\HiveBackup

SAM hive was successfully restored from registry back up.

SECURITY hive was successfully copied to System32\config\HiveBackup

SECURITY hive was successfully restored from registry back up.

SOFTWARE hive was successfully copied to System32\config\HiveBackup

SOFTWARE hive was successfully restored from registry back up.

SYSTEM hive was successfully copied to System32\config\HiveBackup

SYSTEM hive was successfully restored from registry back up.

 

==== End of Fixlog ====

[Thoth7]

Boot worked, remote login tool is up and running and my remote techs are starting their preflight routine. You just saved my day, and the day of my client. Thank you!

[kevinf80]

You`ve lost me off now, are you saying all is good, you want no more actions from me?

[Thoth7]

Sorry, that came out a bit jumbled it seems Yes, everything seems to be at the point where my normal fix routines can take over. Thanks again - if you've ever in this neck of the woods (Minneapolis, MN, USA), I owe you a tasty meal

[kevinf80]

Ok thanks for the update and the meal offer, maybe take you up on that offer sometime....

 

take care,

 

Kevin...

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!