Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Am I almost there? [Solved]


  • This topic is locked This topic is locked

#1
DanceswithDifficulty

DanceswithDifficulty

    New Member

  • Member
  • Pip
  • 2 posts
First, thank you for your help.

My HP G60-535-DX laptop will not boot up. It goes right into recovery. I've tried booting in safe mode, going to last known good configuration, etc.

I loaded a OTLPENet.exe disk and ran a 32-bit FARBAR scan and got the following file (below) which says "could not load system hive". Where you see XXXXXXX, I redacted some PII.

I am now at the end of my technical capabilities - FILE BELOW:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2013 02
Ran by SYSTEM at 24-01-2013 06:51:45
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
Attention: Could not load system hive.

Error: Error performing inpage operation.
==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [mfidec] ",READLOADRESOLUTIONS [x]
HKU\Conrad\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\Conrad\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Conrad\...\Policies\system: [WallpaperStyle] 2
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2

==================== Services (Whitelisted) ===================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-01-24 00:16 - 2013-01-24 06:52 - 00000000 ____D C:\FRST
2013-01-08 23:47 - 2012-11-09 00:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-08 23:47 - 2012-11-08 23:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-08 23:46 - 2012-12-07 08:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-08 23:46 - 2012-12-07 08:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-08 23:46 - 2012-12-07 07:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-08 23:46 - 2012-12-07 07:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-08 23:46 - 2012-12-07 06:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-08 23:46 - 2012-12-07 06:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-08 23:46 - 2012-12-07 06:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-08 23:46 - 2012-12-07 06:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-08 23:46 - 2012-12-07 06:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-08 23:46 - 2012-12-07 06:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-08 23:46 - 2012-12-07 06:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-08 23:46 - 2012-12-07 06:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-08 23:46 - 2012-12-07 06:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-08 23:46 - 2012-12-07 06:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-08 23:46 - 2012-12-07 05:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-08 23:46 - 2012-12-07 05:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-08 23:46 - 2012-12-07 05:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-08 23:46 - 2012-12-07 05:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-08 23:46 - 2012-12-07 05:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-08 23:46 - 2012-12-07 05:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-08 23:46 - 2012-12-07 05:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-08 23:46 - 2012-12-07 05:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-08 23:46 - 2012-12-07 05:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-08 23:46 - 2012-12-07 05:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-08 23:46 - 2012-11-22 00:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-08 23:46 - 2012-11-21 23:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-08 23:46 - 2012-11-20 00:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-08 23:46 - 2012-11-19 23:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-08 23:46 - 2012-11-01 00:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-08 23:46 - 2012-11-01 00:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-08 23:46 - 2012-10-31 23:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-08 23:46 - 2012-10-31 23:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-08 23:45 - 2012-12-07 06:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-08 23:45 - 2012-12-07 06:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-08 23:45 - 2012-12-07 06:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-08 23:45 - 2012-12-07 06:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-08 23:45 - 2012-12-07 05:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-08 23:45 - 2012-12-07 05:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-08 23:45 - 2012-12-07 05:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-08 23:45 - 2012-12-07 05:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-08 23:44 - 2012-11-30 00:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-08 23:44 - 2012-11-30 00:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-08 23:44 - 2012-11-30 00:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-08 23:44 - 2012-11-30 00:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-08 23:44 - 2012-11-30 00:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-08 23:44 - 2012-11-30 00:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-08 23:44 - 2012-11-30 00:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-08 23:44 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-08 23:44 - 2012-11-29 23:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-08 23:44 - 2012-11-29 23:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 22:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-08 23:44 - 2012-11-29 21:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-08 23:44 - 2012-11-29 21:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-08 23:44 - 2012-11-29 21:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-08 23:44 - 2012-11-29 21:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-08 23:44 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-08 23:44 - 2012-11-29 18:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-08 23:44 - 2012-11-29 18:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-08 23:43 - 2012-11-22 22:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-08 23:43 - 2012-11-22 22:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-08 16:39 - 2013-01-22 12:18 - 00002340 ____A C:\Windows\PFRO.log
2013-01-07 20:23 - 2013-01-22 22:43 - 00005376 ____A C:\Windows\setupact.log
2013-01-07 20:23 - 2013-01-07 20:23 - 00000000 ____A C:\Windows\setuperr.log


==================== One Month Modified Files and Folders ========

2013-01-24 06:52 - 2013-01-24 00:16 - 00000000 ____D C:\FRST
2013-01-24 00:21 - 2010-01-19 22:51 - 00000000 ____D C:\users\Conrad
2013-01-22 23:06 - 2012-04-27 06:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-22 22:55 - 2012-08-21 20:40 - 02037517 ____A C:\Windows\WindowsUpdate.log
2013-01-22 22:43 - 2013-01-07 20:23 - 00005376 ____A C:\Windows\setupact.log
2013-01-22 22:43 - 2010-05-09 19:08 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-22 19:42 - 2010-05-09 19:08 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-22 12:26 - 2009-07-13 23:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-22 12:26 - 2009-07-13 23:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-22 12:23 - 2010-12-28 16:05 - 00001828 ____A C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-01-22 12:19 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-22 12:18 - 2013-01-08 16:39 - 00002340 ____A C:\Windows\PFRO.log
2013-01-21 20:58 - 2012-03-12 21:48 - 00000416 ____A C:\Windows\Tasks\vtscheduletask.job
2013-01-20 16:44 - 2010-03-26 08:57 - 00000000 ____D C:\Users\Conrad\Documents\XXXXXXXXXX
2013-01-14 23:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-01-14 20:48 - 2010-03-03 22:10 - 00000215 ____A C:\Users\Conrad\Desktop\Yahoo! Mail The best web-based email!.url
2013-01-12 21:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-11 20:42 - 2012-04-24 16:26 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForConrad.job
2013-01-11 00:13 - 2012-06-02 22:59 - 00000000 ____D C:\Users\Public\Documents\XXXXXXXXXXXX!
2013-01-10 19:10 - 2009-07-13 23:45 - 00455680 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-10 00:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64
2013-01-09 16:57 - 2009-07-14 00:13 - 00744818 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-09 16:51 - 2010-01-29 13:24 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-08 17:06 - 2012-04-27 06:10 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-08 17:06 - 2011-10-09 21:37 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-07 20:23 - 2013-01-07 20:23 - 00000000 ____A C:\Windows\setuperr.log
2012-12-28 19:47 - 2011-06-06 17:49 - 00000000 ____D C:\Users\Conrad\Documents\Outlook Files
2012-12-28 11:14 - 2010-09-04 19:07 - 00000254 ____A C:\Users\Conrad\Desktop\Academy Login to the site.url

ZeroAccess:
C:\Users\Conrad\AppData\Local\{708e671f-3545-2915-06c0-6082039c15b2}
C:\Users\Conrad\AppData\Local\{708e671f-3545-2915-06c0-6082039c15b2}\L
C:\Users\Conrad\AppData\Local\{708e671f-3545-2915-06c0-6082039c15b2}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-04-27 21:56] - [2011-02-25 01:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe
[2011-05-23 17:36] - [2010-11-20 08:25] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\System32\wininit.exe
[2009-07-13 18:52] - [2009-07-13 20:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\System32\svchost.exe
[2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\User32.dll
[2011-05-23 17:36] - [2010-11-20 08:27] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

C:\Windows\System32\userinit.exe
[2011-05-23 17:35] - [2010-11-20 08:25] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53

C:\Windows\System32\Drivers\volsnap.sys
[2011-05-23 17:36] - [2010-11-20 08:34] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================


==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 3003.12 MB
Available physical RAM: 2708.98 MB
Total Pagefile: 2828.21 MB
Available Pagefile: 2769.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.02 MB

==================== Partitions =============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:285.98 GB) (Free:222.63 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:2.01 GB) NTFS
4 Drive f: (Pivot) (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32
5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.17 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 1339 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 286 GB 200 MB
Partition 3 Primary 12 GB 286 GB
=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 286 GB Healthy
=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 12 GB Healthy
=========================================================

Last Boot: 2013-01-23 23:06

==================== End Of Log ============================
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Hello DanceswithDifficulty,

Welcome to Geekstogo.

I loaded a OTLPENet.exe disk and ran a 32-bit FARBAR scan and got the following file (below) which says "could not load system hive". Where you see XXXXXXX, I redacted some PII.


Hmm... let's try using FRST another way.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
  • 0

#3
DanceswithDifficulty

DanceswithDifficulty

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
The repair tool wouldn't burn the back-up disk, so I slaved the drive to another computer and copied my files and put in a new HD. Thanks.
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Thank you for telling us. :thumbsup:
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP