TechSpot

Windows has encountered a critical error and will restart in one minute windows 7

Solved
By kmorford
Sep 20, 2012
  1. Windows has encountered a critical error and will restart in one minute please save your work.
    windows 7 64-bit, work PC on domain.have tried windows repair, malwarebytes, housecall, backtrack5, and symantiec network managed client is installed.
    I was able to stop the shutdowns by making a shortcut on the desktop "shutdown -r" but nothing will run meaning no anti-virus no internet, no intranet, mt snap ins are all disabled, no win explorer nothing. my logs have all been deleted(not by me). I can get to safe mode with networking, but when I scan all I get is adware stuff nothing that would be causing this. I have found that if I leave my lan cable unplugged and use wi-fi it does not happen every time I reboot??? any help would be great...this one has got me baffled...
     
  2. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  3. kmorford

    kmorford TS Member Topic Starter Posts: 49

    Farbar Recovery Scan Tool (x64) Version: 20-09-2012
    Ran by SYSTEM at 2012-09-21 16:10:10
    Running from I:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2012
    Ran by SYSTEM at 21-09-2012 16:07:11
    Running from I:\
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden [2919992 2011-01-26] (Hewlett-Packard Company)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2828072 2011-09-15] (Synaptics Incorporated)
    HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [615584 2011-01-06] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379040 2011-01-06] (Atheros Commnucations)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
    HKLM-x32\...\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start [299576 2011-01-28] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-28] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
    HKLM-x32\...\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [76344 2011-02-10] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2010-08-10] (Symantec Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [305088 2011-04-25] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\moradm\...\Run: [Google Update] "C:\Users\moradm\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-10] (Google Inc.)
    HKU\moradm\...\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [1261512 2012-07-27] (Adobe Systems Incorporated)
    HKU\moradm\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
    Tcpip\Parameters: [DhcpNameServer] 172.16.2.1 172.16.2.3
    Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
    Startup: C:\Users\moradm\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Services (Whitelisted) ===================

    3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros)
    2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-08-10] (Symantec Corporation)
    2 CcmExec; C:\windows\CCM\CcmExec.exe [1684848 2012-02-20] (Microsoft Corporation)
    2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-08-10] (Symantec Corporation)
    4 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [605040 2012-02-20] (Microsoft Corporation)
    2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-11] (DigitalPersona, Inc.)
    2 DWMRCS; C:\Windows\SysWOW64\DWRCS.EXE -service [241688 2010-04-07] (DameWare Development LLC)
    2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [70280 2012-06-15] (CHENGDU YIWO Tech Development Co., Ltd)
    3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)
    2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [24712 2012-05-03] (CHENGDU YIWO Tech Development Co., Ltd)
    3 HP ProtectTools Service; "C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe" [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
    3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1094712 2011-04-05] (Hewlett-Packard Development Company L.P.)
    2 HPDayStarterService; "C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe" [133688 2011-01-28] (Hewlett-Packard Company)
    2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
    3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2010-09-07] (Symantec Corporation)
    3 lpasvc; "C:\Program Files\Microsoft Policy Platform\policyHost.exe" /service [50472 2011-12-06] (Microsoft Corporation)
    3 lppsvc; "C:\Program Files\Microsoft Policy Platform\policyHost.exe" /service [50472 2011-12-06] (Microsoft Corporation)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
    4 McAfee Endpoint Encryption Agent; "C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe" [1318912 2011-02-09] ()
    2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3249768 2010-11-12] (Symantec Corporation)
    3 smstsmgr; C:\windows\CCM\TSManager.exe /service [374640 2012-02-20] (Microsoft Corporation)
    4 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [428912 2010-11-17] (Symantec Corporation)
    2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [1839776 2010-11-08] (Symantec Corporation)
    2 TIRmtSvc; C:\WINDOWS\TIREMOTE\TIRemoteService.exe [210944 2012-05-04] (Numara Software, Inc.)
    2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-10] (ArcSoft, Inc.)
    4 XobniService; "C:\Program Files (x86)\Xobni\XobniService.exe" [62184 2011-03-07] (Xobni Corporation)
    3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

    ==================== Drivers (Whitelisted) =====================

    1 archlp; C:\Windows\System32\Drivers\archlp.sys [136192 2010-07-07] ()
    3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-10] (ArcSoft, Inc.)
    3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
    1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2007-02-15] (DameWare)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
    3 epmntdrv; \??\C:\windows\system32\epmntdrv.sys [16776 2011-07-29] ()
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
    0 EUBKMON; C:\Windows\System32\Drivers\EUBKMON.sys [48776 2012-05-03] ()
    3 EuGdiDrv; \??\C:\windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
    3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation)
    3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
    0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
    3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120920.002\ENG64.SYS [126112 2012-09-13] (Symantec Corporation)
    3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120920.002\EX64.SYS [2084000 2012-09-13] (Symantec Corporation)
    3 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
    3 prepdrvr; \??\C:\windows\CCM\prepdrv.sys [26992 2012-02-20] (Microsoft Corporation)
    3 rzjoystk; C:\Windows\System32\Drivers\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
    3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
    3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1826048 2010-12-21] ()
    1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [449072 2010-09-17] (Symantec Corporation)
    3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2010-09-17] (Symantec Corporation)
    1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2010-09-17] (Symantec Corporation)
    3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2012-01-04] (Symantec Corporation)
    3 Teefer2; C:\Windows\System32\Drivers\Teefer2.sys [64048 2010-08-16] (Symantec Corporation)
    1 WPS; \??\C:\windows\system32\drivers\wpsdrvnt.sys [53808 2010-11-12] (Symantec Corporation)
    3 WpsHelper; C:\Windows\System32\Drivers\WpsHelper.sys [225328 2012-09-06] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-09-21 16:06 - 2012-09-21 16:07 - 00000000 ____D C:\FRST
    2012-09-20 16:26 - 2012-09-20 16:26 - 17483288 ____A (Microsoft Corporation) C:\Users\moradm\Downloads\Windows-KB890830-x64-V4.12.exe
    2012-09-20 16:21 - 2012-09-20 16:24 - 273991680 ____A C:\Users\moradm\Downloads\kav_rescue_10.iso
    2012-09-20 15:10 - 2012-09-20 15:10 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\moradm\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-20 15:10 - 2012-09-20 15:10 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-20 15:10 - 2012-09-20 15:10 - 00000000 ____D C:\Users\moradm\AppData\Roaming\Malwarebytes
    2012-09-20 15:10 - 2012-09-07 14:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-20 14:28 - 2012-09-20 14:28 - 00000000 ____D C:\Users\moradm\AppData\Roaming\QuickScan
    2012-09-20 13:26 - 2012-09-20 13:26 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\moradm\Downloads\tdsskiller (1).exe
    2012-09-20 13:23 - 2012-09-20 13:23 - 00012279 ____A C:\Users\moradm\Downloads\tdsskiller.exe
    2012-09-20 08:22 - 2012-09-20 17:07 - 00019899 ____A C:\Windows\WindowsUpdate.log
    2012-09-20 07:01 - 2012-09-20 07:01 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
    2012-09-20 07:01 - 2012-09-20 07:01 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-09-20 07:01 - 2012-08-21 01:12 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-09-20 07:00 - 2012-09-20 14:55 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-09-20 07:00 - 2012-09-20 07:00 - 00000000 ____D C:\Program Files\AVAST Software
    2012-09-20 06:57 - 2012-09-20 06:57 - 93654616 ____A C:\Users\moradm\Downloads\avast_free_antivirus_setup.exe
    2012-09-20 06:34 - 2012-09-20 06:34 - 00003120 ____A C:\Windows\KB41227.log
    2012-09-20 06:32 - 2012-09-21 12:42 - 00001624 ____A C:\Windows\setupact.log
    2012-09-20 06:32 - 2012-09-20 14:55 - 00001834 ____A C:\Windows\PFRO.log
    2012-09-20 06:32 - 2012-09-20 06:32 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-20 06:27 - 2012-09-20 06:27 - 00413864 ____A C:\Users\moradm\Documents\cc_20120920_092744.reg
    2012-09-20 06:26 - 2012-09-20 06:26 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-09-20 06:26 - 2012-09-20 06:26 - 00000000 ____D C:\Program Files\CCleaner
    2012-09-18 17:49 - 2012-09-18 17:49 - 02406064 ____A (Trend Micro Inc.) C:\Users\moradm\Downloads\HousecallLauncher64 (1).exe
    2012-09-18 08:03 - 2012-09-05 07:21 - 210565120 ____A C:\Users\moradm\Desktop\DeployMedia_x64_20120905.iso
    2012-09-18 06:15 - 2012-09-18 06:15 - 00000791 ____A C:\Users\moradm\Documents\pim_installmgr.log
    2012-09-18 06:03 - 2012-09-18 06:15 - 00000000 ____D C:\Users\moradm\AppData\Roaming\pim
    2012-09-18 06:02 - 2012-09-18 06:02 - 28144392 ____A (PTC) C:\Users\moradm\Desktop\setup (2).exe
    2012-09-18 06:01 - 2012-09-18 06:02 - 28144392 ____A (PTC) C:\Users\moradm\Downloads\setup (2).exe
    2012-09-12 06:13 - 2012-09-12 06:13 - 00102400 ____A C:\Windows\RegBootClean.exe
    2012-09-12 05:52 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
    2012-09-12 05:51 - 2012-09-12 05:51 - 02002944 ____A (Trend Micro Inc.) C:\Users\moradm\Downloads\HousecallLauncher.exe
    2012-09-11 18:18 - 2012-09-20 14:42 - 01194207 ____A C:\Users\moradm\AppData\Local\census.cache
    2012-09-11 18:17 - 2012-09-20 14:42 - 00147790 ____A C:\Users\moradm\AppData\Local\ars.cache
    2012-09-11 18:03 - 2012-09-11 18:03 - 02406064 ____A (Trend Micro Inc.) C:\Users\moradm\Downloads\HousecallLauncher64.exe
    2012-09-11 18:03 - 2012-09-11 18:03 - 00000036 ____A C:\Users\moradm\AppData\Local\housecall.guid.cache
    2012-09-11 13:35 - 2012-09-20 06:10 - 00000000 ____D C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
    2012-09-11 13:35 - 2012-09-11 13:35 - 00000000 ____D C:\Program Files\Enigma Software Group
    2012-09-11 12:26 - 2012-09-11 12:26 - 00001266 ____A C:\Users\moradm\Desktop\shutdown.exe.lnk
    2012-09-11 10:31 - 2012-09-20 15:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-11 10:31 - 2012-09-11 10:31 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-06 17:48 - 2012-09-06 17:48 - 05207411 ____A C:\Users\moradm\Downloads\DuskDawn.themepack
    2012-09-06 17:45 - 2012-09-06 17:45 - 15850235 ____A C:\Users\moradm\Downloads\MagicLandscapesMichaelBreitung.themepack
    2012-09-06 17:45 - 2012-09-06 17:45 - 04878968 ____A C:\Users\moradm\Downloads\NengGaoMountain.themepack
    2012-09-06 17:45 - 2012-09-06 17:45 - 04393694 ____A C:\Users\moradm\Downloads\LakeJiaming.themepack
    2012-09-06 15:46 - 2012-09-06 15:46 - 00000000 ____D C:\ExamView1
    2012-09-06 07:35 - 2012-09-05 11:09 - 189151232 ____A C:\Users\moradm\Desktop\ERD_Commander_2005_v5.0_BOOT_CD.iso
    2012-09-05 10:10 - 2012-09-05 10:10 - 00000000 ____A C:\Users\moradm\Downloads\MDOP-Diagnostic-Recovery-Toolset.pptx.crdownload
    2012-09-05 09:24 - 2012-09-05 11:09 - 189151232 ____A C:\Users\moradm\Downloads\ERD_Commander_2005_v5.0_BOOT_CD.iso
    2012-09-05 09:22 - 2012-09-05 09:22 - 00000000 ____D C:\Users\moradm\AppData\Local\CRE
    2012-09-05 05:58 - 2012-09-05 05:58 - 00000000 ____D C:\Users\moradm\AppData\Roaming\Autodesk
    2012-09-05 05:58 - 2012-09-05 05:58 - 00000000 ____D C:\Users\All Users\Autodesk
    2012-09-04 15:23 - 2012-09-04 15:23 - 00005743 ____A C:\Users\moradm\Documents\Jamie Sullivan Homework for.odt
    2012-08-30 08:50 - 2012-08-30 08:50 - 00000000 ____D C:\Users\moradm\Documents\Fax
    2012-08-24 13:51 - 2012-08-27 06:23 - 06643638 ____A C:\Users\moradm\Documents\RaineMorford.bmp

    ==================== 3 Months Modified Files ==================

    2012-09-21 12:43 - 2012-01-03 10:04 - 00000112 ____A C:\Windows\System32\config\netlogon.ftl
    2012-09-21 12:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-21 12:42 - 2012-09-20 06:32 - 00001624 ____A C:\Windows\setupact.log
    2012-09-21 10:12 - 2011-07-25 00:40 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
    2012-09-20 17:07 - 2012-09-20 08:22 - 00019899 ____A C:\Windows\WindowsUpdate.log
    2012-09-20 16:55 - 2012-01-10 14:42 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-131294493-1449412943-965413785-16775UA.job
    2012-09-20 16:26 - 2012-09-20 16:26 - 17483288 ____A (Microsoft Corporation) C:\Users\moradm\Downloads\Windows-KB890830-x64-V4.12.exe
    2012-09-20 16:24 - 2012-09-20 16:21 - 273991680 ____A C:\Users\moradm\Downloads\kav_rescue_10.iso
    2012-09-20 16:20 - 2012-08-08 06:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-20 16:14 - 2009-07-13 21:13 - 00787500 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-20 16:01 - 2009-07-13 20:45 - 00020944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-20 16:01 - 2009-07-13 20:45 - 00020944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-20 15:56 - 2012-01-04 22:17 - 00000582 ____A C:\Windows\SMSCFG.ini
    2012-09-20 15:10 - 2012-09-20 15:10 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\moradm\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-20 15:10 - 2012-09-20 15:10 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-20 14:55 - 2012-09-20 06:32 - 00001834 ____A C:\Windows\PFRO.log
    2012-09-20 14:42 - 2012-09-11 18:18 - 01194207 ____A C:\Users\moradm\AppData\Local\census.cache
    2012-09-20 14:42 - 2012-09-11 18:17 - 00147790 ____A C:\Users\moradm\AppData\Local\ars.cache
    2012-09-20 13:26 - 2012-09-20 13:26 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\moradm\Downloads\tdsskiller (1).exe
    2012-09-20 13:23 - 2012-09-20 13:23 - 00012279 ____A C:\Users\moradm\Downloads\tdsskiller.exe
    2012-09-20 12:20 - 2012-08-08 06:17 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-20 12:20 - 2012-01-04 13:52 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-20 08:51 - 2012-01-03 10:07 - 00003266 _RASH C:\Users\moradm\ntuser.pol
    2012-09-20 07:01 - 2012-09-20 07:01 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
    2012-09-20 07:01 - 2012-09-20 07:01 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-09-20 06:57 - 2012-09-20 06:57 - 93654616 ____A C:\Users\moradm\Downloads\avast_free_antivirus_setup.exe
    2012-09-20 06:34 - 2012-09-20 06:34 - 00003120 ____A C:\Windows\KB41227.log
    2012-09-20 06:34 - 2012-01-03 10:07 - 00111216 ____A C:\Users\moradm\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-20 06:32 - 2012-09-20 06:32 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-20 06:32 - 2009-07-13 20:45 - 00421160 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-20 06:27 - 2012-09-20 06:27 - 00413864 ____A C:\Users\moradm\Documents\cc_20120920_092744.reg
    2012-09-20 06:26 - 2012-09-20 06:26 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-09-19 11:55 - 2012-01-10 14:42 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-131294493-1449412943-965413785-16775Core.job
    2012-09-18 17:49 - 2012-09-18 17:49 - 02406064 ____A (Trend Micro Inc.) C:\Users\moradm\Downloads\HousecallLauncher64 (1).exe
    2012-09-18 17:08 - 2012-01-05 07:57 - 00002008 ___AH C:\Users\moradm\Documents\Default.rdp
    2012-09-18 13:09 - 2012-01-31 17:12 - 00003604 ____A C:\Users\moradm\AppData\Roaming\evpro32.prf
    2012-09-18 06:15 - 2012-09-18 06:15 - 00000791 ____A C:\Users\moradm\Documents\pim_installmgr.log
    2012-09-18 06:02 - 2012-09-18 06:02 - 28144392 ____A (PTC) C:\Users\moradm\Desktop\setup (2).exe
    2012-09-18 06:02 - 2012-09-18 06:01 - 28144392 ____A (PTC) C:\Users\moradm\Downloads\setup (2).exe
    2012-09-17 08:01 - 2011-05-02 10:48 - 00803188 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-09-12 06:13 - 2012-09-12 06:13 - 00102400 ____A C:\Windows\RegBootClean.exe
    2012-09-12 05:51 - 2012-09-12 05:51 - 02002944 ____A (Trend Micro Inc.) C:\Users\moradm\Downloads\HousecallLauncher.exe
    2012-09-11 18:03 - 2012-09-11 18:03 - 02406064 ____A (Trend Micro Inc.) C:\Users\moradm\Downloads\HousecallLauncher64.exe
    2012-09-11 18:03 - 2012-09-11 18:03 - 00000036 ____A C:\Users\moradm\AppData\Local\housecall.guid.cache
    2012-09-11 12:26 - 2012-09-11 12:26 - 00001266 ____A C:\Users\moradm\Desktop\shutdown.exe.lnk
    2012-09-11 12:20 - 2012-01-03 10:05 - 00013056 _RASH C:\Users\All Users\ntuser.pol
    2012-09-07 14:04 - 2012-09-20 15:10 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-06 17:48 - 2012-09-06 17:48 - 05207411 ____A C:\Users\moradm\Downloads\DuskDawn.themepack
    2012-09-06 17:45 - 2012-09-06 17:45 - 15850235 ____A C:\Users\moradm\Downloads\MagicLandscapesMichaelBreitung.themepack
    2012-09-06 17:45 - 2012-09-06 17:45 - 04878968 ____A C:\Users\moradm\Downloads\NengGaoMountain.themepack
    2012-09-06 17:45 - 2012-09-06 17:45 - 04393694 ____A C:\Users\moradm\Downloads\LakeJiaming.themepack
    2012-09-06 15:49 - 2012-03-08 14:08 - 00001198 ____A C:\Users\moradm\AppData\Roaming\evmanage.prf
    2012-09-06 08:06 - 2012-06-14 06:08 - 00000065 ____H C:\TrackitAudit.id
    2012-09-06 06:20 - 2012-01-04 12:22 - 00225328 ____A (Symantec Corporation) C:\Windows\System32\Drivers\wpshelper.sys
    2012-09-05 11:09 - 2012-09-06 07:35 - 189151232 ____A C:\Users\moradm\Desktop\ERD_Commander_2005_v5.0_BOOT_CD.iso
    2012-09-05 11:09 - 2012-09-05 09:24 - 189151232 ____A C:\Users\moradm\Downloads\ERD_Commander_2005_v5.0_BOOT_CD.iso
    2012-09-05 10:10 - 2012-09-05 10:10 - 00000000 ____A C:\Users\moradm\Downloads\MDOP-Diagnostic-Recovery-Toolset.pptx.crdownload
    2012-09-05 07:21 - 2012-09-18 08:03 - 210565120 ____A C:\Users\moradm\Desktop\DeployMedia_x64_20120905.iso
    2012-09-04 15:23 - 2012-09-04 15:23 - 00005743 ____A C:\Users\moradm\Documents\Jamie Sullivan Homework for.odt
    2012-09-04 10:51 - 2012-01-10 14:42 - 00002416 ____A C:\Users\moradm\Desktop\Google Chrome.lnk
    2012-08-31 08:36 - 2012-08-17 13:29 - 00055296 ____A C:\Users\moradm\Desktop\Travel_Sheet_July_Aug12.xls
    2012-08-30 21:43 - 2012-01-03 14:10 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-27 06:23 - 2012-08-24 13:51 - 06643638 ____A C:\Users\moradm\Documents\RaineMorford.bmp
    2012-08-21 15:38 - 2012-08-21 15:38 - 21683544 ____A (Hewlett-Packard Company ) C:\Users\moradm\Downloads\sp49541.exe
    2012-08-21 15:29 - 2012-08-21 15:29 - 15724512 ____A (Hewlett-Packard Company ) C:\Users\moradm\Downloads\sp51096.exe
    2012-08-21 13:29 - 2012-08-21 13:29 - 00000218 ____A C:\Users\moradm\.recently-used.xbel
    2012-08-21 13:26 - 2012-08-21 13:26 - 00001221 ____A C:\Users\Public\Desktop\EaseUS Todo Backup Technician 4.6.lnk
    2012-08-21 13:23 - 2012-08-21 13:23 - 00001472 ____A C:\Users\Public\Desktop\EASEUS Partition Master 9.1.0 Technician Edition.lnk
    2012-08-21 01:12 - 2012-09-20 07:01 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-08-20 09:19 - 2012-08-20 09:19 - 29408768 ____A (Impresys) C:\Users\moradm\Downloads\DART Installer.exe
    2012-08-20 06:12 - 2012-08-20 06:36 - 2433216512 ____A C:\Users\moradm\Documents\en_windows_7_professional_with_sp1_vl_build_x86_dvd_623530.iso
    2012-08-17 13:29 - 2012-08-17 10:06 - 00014008 ____A C:\Users\moradm\Downloads\Travel+Mileage+Chart+Between+Sites+073012.xlsx
    2012-08-17 10:06 - 2012-08-17 10:06 - 00054784 ____A C:\Users\moradm\Downloads\Travel_Sheet_+070112.xls
    2012-08-17 08:47 - 2012-08-17 08:47 - 00020992 ____A C:\Users\moradm\Downloads\Mileage_Chart.xls
    2012-08-14 13:26 - 2012-08-14 13:26 - 00001548 ____A C:\Users\moradm\Downloads\launch (7).ica
    2012-08-14 13:24 - 2012-08-14 13:24 - 00001578 ____A C:\Users\moradm\Downloads\launch (6).ica
    2012-08-14 09:24 - 2012-08-14 09:24 - 14153672 ____A (Citrix Systems, Inc.) C:\Users\moradm\Downloads\citrixonlinepluginweb (1).exe
    2012-08-14 09:24 - 2012-08-14 09:24 - 00000070 ____A C:\Users\moradm\Desktop\Citrix Access Gateway.url
    2012-08-09 08:54 - 2012-08-09 08:54 - 05708913 ____A C:\Users\moradm\Documents\forktruck saftey.tdp
    2012-08-06 11:21 - 2012-08-06 11:21 - 00476976 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-08-06 11:21 - 2012-08-06 11:21 - 00157488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-08-06 11:21 - 2012-08-06 11:21 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-08-06 11:21 - 2012-08-06 11:21 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-08-06 11:21 - 2012-01-04 14:01 - 00472880 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-08-03 10:26 - 2009-07-13 21:08 - 00032592 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-31 10:02 - 2012-07-31 10:02 - 00063978 ____A C:\Users\moradm\Downloads\kellys texts july 2012.xls
    2012-07-31 09:51 - 2012-07-31 09:51 - 00004714 ____A C:\Users\moradm\Downloads\kellys phone july2012.xls
    2012-07-30 14:42 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-07-30 12:31 - 2012-07-30 12:31 - 00004764 ____A C:\Windows\System32\CcmFramework.ini
    2012-07-30 12:31 - 2012-07-30 12:31 - 00000621 ____A C:\Windows\System32\CcmFramework.h
    2012-07-12 08:25 - 2012-07-12 08:25 - 00009927 ____A C:\Users\moradm\Downloads\slmgr - Software Licensing Management Tool.htm
    2012-07-03 15:19 - 2012-07-03 15:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RzSynapse_01009.Wdf
    2012-07-03 15:15 - 2012-07-03 15:11 - 25788752 ____A (Razer USA Ltd. ) C:\Users\moradm\Downloads\Razer_Nostromo_Driver_v2.02.exe
    2012-07-01 15:44 - 2012-07-01 15:31 - 00002762 ____A C:\route.txt
    2012-06-29 06:29 - 2012-06-29 06:29 - 00946352 ____A (Skype Technologies S.A.) C:\Users\moradm\Downloads\SkypeSetup.exe
    2012-06-28 06:18 - 2012-06-28 06:18 - 00000035 ____A C:\Users\moradm\Downloads\01-May-2012_to_28-Jun-2012.csv
    2012-06-28 06:18 - 2012-06-28 06:18 - 00000035 ____A C:\Users\moradm\Downloads\01-May-2012_to_28-Jun-2012 (1).csv


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-20 12:52:23
    Restore point made on: 2012-09-20 14:53:37

    ==================== Memory info ===========================

    Percentage of memory in use: 10%
    Total physical RAM: 8126.36 MB
    Available physical RAM: 7268.98 MB
    Total Pagefile: 8124.56 MB
    Available Pagefile: 7275.46 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:596.48 GB) (Free:484.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (HP_RECOVERY) (Fixed) (Total:16.87 GB) (Free:2.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.13 GB) FAT32
    5 Drive g: (GSP1RMCPRXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
    6 Drive h: (New Volume) (Fixed) (Total:80 GB) (Free:77.82 GB) NTFS
    7 Drive I: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 698 GB 7168 KB *
    Disk 1 Online 3819 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Dynamic Data 992 KB 31 KB
    Partition 2 Dynamic Data 300 MB 1024 KB
    Partition 3 Dynamic Data 596 GB 301 MB
    Partition 4 Dynamic Data 101 GB 596 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 42
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    =========================================================

    Disk: 0
    Partition 2
    Type : 42
    Hidden: Yes
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D SYSTEM NTFS Simple 300 MB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 42
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Simple 596 GB Healthy

    =========================================================

    Disk: 0
    Partition 4
    Type : 42
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 H New Volume NTFS Simple 79 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3818 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I FAT32 Removable 3818 MB Healthy

    =========================================================

    Last Boot: 2012-09-17 07:51

    ==================== End Of Log =============================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    I don't actually see anything malicious there but let's see if we can make your computer bootable again.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.
     

    Attached Files:

  5. kmorford

    kmorford TS Member Topic Starter Posts: 49

    I did not see anything either thats why im here asking you lol I have looked over everything and I cannot find where it's coming from...



    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-09-2012
    Ran by SYSTEM at 2012-09-21 19:55:47 Run:1
    Running from I:\

    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
     
  6. Broni

    Broni Malware Annihilator Posts: 47,078   +258

     
  7. kmorford

    kmorford TS Member Topic Starter Posts: 49

    Seems to be ok now... the true test will be mon when I plug back into the network...but for now it seems ok. thank you. I am going to take an image just in case I have this problem again.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    I'm glad it worked :)
     
  9. kmorford

    kmorford TS Member Topic Starter Posts: 49

    Any thoughts on this....your fix worked on my laptop...until I took it back to work and PLUGGED in the nic cable. A co-worker has the same laptop, he put his on my buildings network and it did the same thing to his laptop. Nothing else in the building is doing this (that I know of, I am running scans on everything but we have a lot of labs). If I just use the network wireless it does not happen. Any thoughts on this???
     
  10. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    You didn't say what really happened.
     
  11. kmorford

    kmorford TS Member Topic Starter Posts: 49

    I'm sorry, The same thing as before. windows has encountered a critical problem and will shutdown in one min. please save your work. the logs are in this thread its the same problem. I have it cleaned now, but I was just wondering if you had any idea what could be causing this or where its coming from...
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Post new FRST log.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.