Rootkit malware, ran HitmanPro, can't boot computer

[Agent_J]

Hello,

I had a malware infection, rootkit, ran HitmanPro to fix it and now my computer will not boot. I get a black screen after the memory and CPU diagnostics. Think MBR has been deleted.
Computer is windows vista 32-bit.

I was able to run the x32 (x86) bit systems Farbar Recovery Scan Tool and save it to a flash drive after burning a recovery disc. Here is the link in case any other OEM Vista users need it.
http://c4consulting.com.au/vista-recovery-disc

I was stuck for a bit because my C:\ Drive was not recognized and spent an hour trying all the different .inf files on the (Boot) X:\

But I found out you just have to ignore it, click next and it will bring you to the System Recovery Options. So here are my results, thank you for help in advance.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by SYSTEM on MINWINPC on 23-04-2014 21:43:41
Running from F:\
WIN_VISTA (X86) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

ATTENTION: Software hive is missing.
ATTENTION: Software hive is not loaded.
ATTENTION: System hive is not loaded.

========================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========


==================== One Month Modified Files and Folders =======


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 2549.81 MB
Available physical RAM: 2220.62 MB
Total Pagefile: 2349.67 MB
Available Pagefile: 2215.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1985.66 MB

==================== Drives ================================

Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
Drive e: (ServiceV002) (Fixed) (Total:6.92 GB) (Free:2.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 95F3457A)
Partition 1: (Not Active) - (Size=7 GB) - (Type=27)
Partition 2: (Active) - (Size=142 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 960 MB) (Disk ID: 73696D20)
No partition Table on disk 1.

==================== End Of Log ============================

 

[TwinHeadedEagle]

Tell me what recovery did you burn? Are you able to run CMD from recovery? Type this command

cmd: chkdsk c: /r /f

 

[Agent_J]

Thanks THE! Burned Vista Recovery Disc from link in my OP. PC can now recognize hard drive after chkdsk. Ran FRST again as it still could not boot. More useful info this time:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by SYSTEM on MINWINPC on 24-04-2014 12:18:30
Running from F:\
WIN_VISTA (X86) OS Language: English(US)
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell] [x ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\Jason\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Jason\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5e587e3fced947d09663d146f63004b7-d23a41fc13550866ec920055e2647950aa1d55df --CMPID 0913b
HKU\Jason\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Jason\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=5e587e3fced947d09663d146f63004b7-d23a41fc13550866ec920055e2647950aa1d55df /CMPID=1213b
HKU\Jason\...\Policies\Explorer: [HideSCAVolume] 0
HKU\Jason\...\Policies\Explorer: [HideSCANetwork] 0

========================== Services (Whitelisted) =================

S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [0 2014-04-21] ()
S4 AgereModemAudio; C:\Windows\system32\agrsmsvc.exe [0 2006-10-04] ()
S2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [634988 2006-11-15] (Diskeeper Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [0 2014-04-21] ()
S3 IPSSVC; C:\Windows\system32\IPSSVC.EXE [0 2007-01-29] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [0 2014-04-03] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [0 2014-04-03] ()
S4 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [0 2006-12-15] ()
S3 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [0 2007-01-08] ()
S2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722496 2006-12-21] (IBM)
S2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] ()
S4 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [0 2007-01-08] ()
S4 AcPrfMgrSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [X]
S4 AcSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [X]
S3 ALG; %SystemRoot%\System32\alg.exe [X]
S3 Appinfo; %SystemRoot%\System32\appinfo.dll [X]
S4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X]
S2 AudioEndpointBuilder; %SystemRoot%\System32\Audiosrv.dll [X]
S2 Audiosrv; %SystemRoot%\System32\Audiosrv.dll [X]
S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2014\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files\AVG\AVG2014\avgwdsvc.exe" [X]
S2 BFE; %SystemRoot%\System32\bfe.dll [X]
S3 BITS; %systemroot%\system32\qmgr.dll [X]
S3 Browser; %SystemRoot%\System32\browser.dll [X]
S3 CertPropSvc; %SystemRoot%\System32\certprop.dll [X]
S4 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 CryptSvc; %SystemRoot%\system32\cryptsvc.dll [X]
S2 CscService; %SystemRoot%\System32\cscsvc.dll [X]
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S3 DFSR; %SystemRoot%\system32\DFSR.exe [X]
S2 Dhcp; %SystemRoot%\System32\dhcpcsvc.dll [X]
S2 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [X]
S3 dot3svc; %SystemRoot%\System32\dot3svc.dll [X]
S2 DPS; %SystemRoot%\system32\dps.dll [X]
S3 EapHost; %SystemRoot%\System32\eapsvc.dll [X]
S2 EMDMgmt; %systemroot%\system32\emdmgmt.dll [X]
S2 Eventlog; %SystemRoot%\System32\wevtsvc.dll [X]
S2 EventSystem; %systemroot%\system32\es.dll [X]
S4 Fax; %systemroot%\system32\fxssvc.exe [X]
S3 fdPHost; %SystemRoot%\system32\fdPHost.dll [X]
S2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [X]
S2 FontCache; %SystemRoot%\system32\FntCache.dll [X]
S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [X]
S2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [X]
S2 gpsvc; %SystemRoot%\System32\gpsvc.dll [X]
S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 HitmanPro37CrusaderBoot; "C:\Users\Jason\Desktop\HitmanPro.exe" /crusader:boot [X]
S3 hkmsvc; %SystemRoot%\system32\kmsvc.dll [X]
S4 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [X]
S3 idsvc; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]
S3 IKEEXT; %SystemRoot%\System32\ikeext.dll [X]
S3 IPBusEnum; %SystemRoot%\system32\ipbusenum.dll [X]
S4 iphlpsvc; %SystemRoot%\System32\iphlpsvc.dll [X]
S2 KtmRm; %systemroot%\system32\msdtckrm.dll [X]
S2 LanmanServer; %SystemRoot%\System32\srvsvc.dll [X]
S2 LanmanWorkstation; %SystemRoot%\System32\wkssvc.dll [X]
S3 lltdsvc; %SystemRoot%\System32\lltdsvc.dll [X]
S3 Microsoft Office Groove Audit Service; "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [X]
S2 MMCSS; %SystemRoot%\system32\mmcss.dll [X]
S4 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 MpsSvc; %SystemRoot%\system32\mpssvc.dll [X]
S3 MSDTC; %SystemRoot%\System32\msdtc.exe [X]
S3 MSiSCSI; %systemroot%\system32\iscsiexe.dll [X]
S3 MSIServer; %systemroot%\system32\msiexec.exe /V [X]
S3 napagent; %SystemRoot%\system32\qagentRT.dll [X]
S3 Netman; %SystemRoot%\System32\netman.dll [X]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
S2 netprofm; %SystemRoot%\System32\netprofm.dll [X]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]
S2 NlaSvc; %SystemRoot%\System32\nlasvc.dll [X]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 nsi; %systemroot%\system32\nsisvc.dll [X]
S3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]
S3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S3 p2pimsvc; %SystemRoot%\system32\p2psvc.dll [X]
S3 p2psvc; %SystemRoot%\system32\p2psvc.dll [X]
S2 PcaSvc; %SystemRoot%\System32\pcasvc.dll [X]
S3 pla; %systemroot%\system32\pla.dll [X]
S2 PlugPlay; %SystemRoot%\system32\umpnpmgr.dll [X]
S3 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [X]
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S4 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [X]
S3 PNRPAutoReg; %SystemRoot%\system32\p2psvc.dll [X]
S3 PNRPsvc; %SystemRoot%\system32\p2psvc.dll [X]
S2 PolicyAgent; %SystemRoot%\System32\ipsecsvc.dll [X]
S2 ProfSvc; %systemroot%\system32\profsvc.dll [X]
S3 QWAVE; %windir%\system32\qwave.dll [X]
S3 RasAuto; %SystemRoot%\System32\rasauto.dll [X]
S4 RasMan; %SystemRoot%\System32\rasmans.dll [X]
S4 RemoteAccess; %SystemRoot%\System32\mprdim.dll [X]
S3 RemoteRegistry; %SystemRoot%\system32\regsvc.dll [X]
S2 rpcnet; C:\Windows\system32\rpcnet.exe [X]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]
S4 SandraDataSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe [X]
S4 SandraTheSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe [X]
S3 SCardSvr; %SystemRoot%\System32\SCardSvr.dll [X]
S2 Schedule; %systemroot%\system32\schedsvc.dll [X]
S3 SCPolicySvc; %SystemRoot%\System32\certprop.dll [X]
S3 SDRSVC; %Systemroot%\System32\SDRSVC.dll [X]
S2 seclogon; %windir%\system32\seclogon.dll [X]
S2 SENS; %SystemRoot%\system32\sens.dll [X]
S3 SessionEnv; %SystemRoot%\system32\sessenv.dll [X]
S2 SharedAccess; %SystemRoot%\System32\ipnathlp.dll [X]
S2 ShellHWDetection; %SystemRoot%\System32\shsvcs.dll [X]
S4 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]
S2 slsvc; %SystemRoot%\system32\SLsvc.exe [X]
S3 SLUINotify; %SystemRoot%\system32\SLUINotify.dll [X]
S2 Spooler; %SystemRoot%\System32\spoolsv.exe [X]
S4 SSDPSRV; %SystemRoot%\System32\ssdpsrv.dll [X]
S3 SstpSvc; %SystemRoot%\system32\sstpsvc.dll [X]
S2 stisvc; %SystemRoot%\System32\wiaservc.dll [X]
S3 swprv; %Systemroot%\System32\swprv.dll [X]
S2 SysMain; %systemroot%\system32\sysmain.dll [X]
S3 TapiSrv; %SystemRoot%\System32\tapisrv.dll [X]
S2 TBS; %SystemRoot%\System32\tbssvc.dll [X]
S4 TermService; %SystemRoot%\System32\termsrv.dll [X]
S4 Themes; %SystemRoot%\system32\shsvcs.dll [X]
S3 THREADORDER; %SystemRoot%\system32\mmcss.dll [X]
S4 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [X]
S2 TrkWks; %SystemRoot%\System32\trkwks.dll [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S2 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [X]
S3 UI0Detect; %SystemRoot%\system32\UI0Detect.exe [X]
S3 UmRdpService; %SystemRoot%\System32\umrdp.dll [X]
S2 upnphost; %SystemRoot%\System32\upnphost.dll [X]
S4 UxSms; %SystemRoot%\System32\uxsms.dll [X]
S3 vds; %SystemRoot%\System32\vds.exe [X]
S3 VSS; %systemroot%\system32\vssvc.exe [X]
S2 W32Time; %systemroot%\system32\w32time.dll [X]
S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]
S3 wcncsvc; %SystemRoot%\System32\wcncsvc.dll [X]
S3 WdiServiceHost; %SystemRoot%\system32\wdi.dll [X]
S3 WdiSystemHost; %SystemRoot%\system32\wdi.dll [X]
S2 WebClient; %SystemRoot%\System32\webclnt.dll [X]
S2 WebrootSpySweeperService; "C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe" [X]
S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X]
S3 wercplsupport; %SystemRoot%\System32\wercplsupport.dll [X]
S4 WerSvc; %SystemRoot%\System32\WerSvc.dll [X]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
S2 Winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X]
S3 WinRM; %SystemRoot%\system32\WsmSvc.dll [X]
S2 Wlansvc; %SystemRoot%\System32\wlansvc.dll [X]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]
S3 wmiApSrv; %systemroot%\system32\wbem\WmiApSrv.exe [X]
S4 WMPNetworkSvc; "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" [X]
S2 WPDBusEnum; %SystemRoot%\system32\wpdbusenum.dll [X]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]
S2 wuauserv; %systemroot%\system32\wuaueng.dll [X]
S2 wudfsvc; %SystemRoot%\System32\WUDFSvc.dll [X]

==================== Drivers (Whitelisted) ====================

S4 adpahci; C:\Windows\system32\drivers\adpahci.sys [0 2006-11-02] ()
S4 adpu320; C:\Windows\system32\drivers\adpu320.sys [0 2006-11-02] ()
S3 agp440; C:\Windows\system32\drivers\agp440.sys [0 2006-11-02] ()
S4 aic78xx; C:\Windows\system32\drivers\djsvs.sys [0 2006-11-02] ()
S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [0 2006-11-02] ()
S4 AmdK7; C:\Windows\system32\drivers\amdk7.sys [0 2006-11-02] ()
S4 AmdK8; C:\Windows\system32\drivers\amdk8.sys [0 2006-11-02] ()
S4 arc; C:\Windows\system32\drivers\arc.sys [0 2006-11-02] ()
S4 arcsas; C:\Windows\system32\drivers\arcsas.sys [0 2006-11-02] ()
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
S3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [0 2006-11-02] ()
S4 Brserid; C:\Windows\system32\drivers\brserid.sys [0 2006-11-02] ()
S4 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [0 2006-11-02] ()
S4 elxstor; C:\Windows\system32\drivers\elxstor.sys [0 2006-11-02] ()
S4 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [0 2006-11-02] ()
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [0 2006-11-02] ()
S0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [0 2009-04-10] ()
S4 iaStorV; C:\Windows\system32\drivers\iastorv.sys [0 2006-11-02] ()
S4 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [0 2006-11-02] ()
S4 isapnp; C:\Windows\system32\drivers\isapnp.sys [0 2006-11-02] ()
S4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [0 2006-11-02] ()
S4 iteraid; C:\Windows\system32\drivers\iteraid.sys [0 2006-11-02] ()
S4 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [0 2006-11-02] ()
S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [0 2014-04-03] ()
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [0 2014-04-03] ()
S4 megasas; C:\Windows\system32\drivers\megasas.sys [0 2006-11-02] ()
S4 msdsm; C:\Windows\system32\drivers\msdsm.sys [0 2006-11-02] ()
S3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
S4 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [0 2006-11-02] ()
S4 nvraid; C:\Windows\system32\drivers\nvraid.sys [0 2006-11-02] ()
S4 nvstor; C:\Windows\system32\drivers\nvstor.sys [0 2006-11-02] ()
S2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
S4 ql2300; C:\Windows\system32\drivers\ql2300.sys [0 2006-11-02] ()
S4 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [0 2006-11-02] ()
S4 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [0 2006-11-02] ()
S3 Serial; C:\Windows\System32\DRIVERS\serial.sys [0 2006-11-02] ()
S4 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [0 2006-11-02] ()
S0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)
S4 Symc8xx; C:\Windows\system32\drivers\symc8xx.sys [0 2006-11-02] ()
S4 Sym_hi; C:\Windows\system32\drivers\sym_hi.sys [0 2006-11-02] ()
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [0 2006-11-02] ()
S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [0 2006-11-02] ()
S4 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [0 2006-11-02] ()
S4 usbprint; C:\Windows\system32\drivers\usbprint.sys [0 2006-11-02] ()
S4 viaide; C:\Windows\system32\drivers\viaide.sys [0 2006-11-02] ()
S4 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [0 2006-11-02] ()
S4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [0 2006-11-02] ()
S0 ACPI; system32\drivers\acpi.sys [X]
S1 AFD; \SystemRoot\system32\drivers\afd.sys [X]
S3 AsyncMac; system32\DRIVERS\asyncmac.sys [X]
S0 atapi; system32\drivers\atapi.sys [X]
S1 Avgdiskx; system32\DRIVERS\avgdiskx.sys [X]
S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S1 Avgldx86; system32\DRIVERS\avgldx86.sys [X]
S0 Avglogx; system32\DRIVERS\avglogx.sys [X]
S0 Avgmfx86; system32\DRIVERS\avgmfx86.sys [X]
S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
S1 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S1 Beep; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 bowser; system32\DRIVERS\bowser.sys [X]
S4 cdfs; system32\DRIVERS\cdfs.sys [X]
S1 cdrom; system32\DRIVERS\cdrom.sys [X]
S0 CLFS; System32\CLFS.sys [X]
S3 CmBatt; system32\DRIVERS\CmBatt.sys [X]
S0 Compbatt; system32\DRIVERS\compbatt.sys [X]
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]
S1 CSC; system32\drivers\csc.sys [X]
S1 DfsC; System32\Drivers\dfsc.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S0 disk; system32\drivers\disk.sys [X]
S3 drmkaud; system32\drivers\drmkaud.sys [X]
S3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X]
S0 Ecache; System32\drivers\ecache.sys [X]
S2 EGATHDRV; \??\C:\Windows\system32\EGATHDRV.SYS [X]
S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]
S3 exfat; No ImagePath
S3 fastfat; No ImagePath
S0 FileInfo; system32\drivers\fileinfo.sys [X]
S3 Filetrace; system32\drivers\filetrace.sys [X]
S0 FltMgr; system32\drivers\fltmgr.sys [X]
S1 Fs_Rec; No ImagePath
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X]
S3 HidUsb; system32\DRIVERS\hidusb.sys [X]
S4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 HTTP; system32\drivers\HTTP.sys [X]
S1 i8042prt; system32\DRIVERS\i8042prt.sys [X]
S3 ialm; system32\DRIVERS\igdkmd32.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S0 intelide; system32\drivers\intelide.sys [X]
S3 intelppm; system32\DRIVERS\intelppm.sys [X]
S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 IPNAT; system32\DRIVERS\ipnat.sys [X]
S3 IRENUM; system32\drivers\irenum.sys [X]
S3 iScsiPrt; system32\DRIVERS\msiscsi.sys [X]
S1 kbdclass; system32\DRIVERS\kbdclass.sys [X]
S0 KSecDD; System32\Drivers\ksecdd.sys [X]
S2 lltdio; system32\DRIVERS\lltdio.sys [X]
S2 luafv; \SystemRoot\system32\drivers\luafv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 Modem; system32\drivers\modem.sys [X]
S3 monitor; system32\DRIVERS\monitor.sys [X]
S1 mouclass; system32\DRIVERS\mouclass.sys [X]
S3 mouhid; system32\DRIVERS\mouhid.sys [X]
S0 MountMgr; System32\drivers\mountmgr.sys [X]
S3 mpsdrv; System32\drivers\mpsdrv.sys [X]
S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X]
S3 mrxsmb; system32\DRIVERS\mrxsmb.sys [X]
S3 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [X]
S3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [X]
S1 Msfs; No ImagePath
S0 msisadrv; system32\drivers\msisadrv.sys [X]
S3 MSKSSRV; system32\drivers\MSKSSRV.sys [X]
S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [X]
S3 MSPQM; system32\drivers\MSPQM.sys [X]
S3 MsRPC; No ImagePath
S3 mssmbios; system32\DRIVERS\mssmbios.sys [X]
S3 MSTEE; system32\drivers\MSTEE.sys [X]
S0 Mup; System32\Drivers\mup.sys [X]
S3 NativeWifiP; system32\DRIVERS\nwifi.sys [X]
S0 NDIS; system32\drivers\ndis.sys [X]
S3 NdisTapi; system32\DRIVERS\ndistapi.sys [X]
S3 Ndisuio; system32\DRIVERS\ndisuio.sys [X]
S3 NdisWan; system32\DRIVERS\ndiswan.sys [X]
S3 NDProxy; No ImagePath
S1 NetBIOS; system32\DRIVERS\netbios.sys [X]
S1 netbt; System32\DRIVERS\netbt.sys [X]
S3 NETw4v32; system32\DRIVERS\NETw4v32.sys [X]
S1 Npfs; No ImagePath
S1 nsiproxy; system32\drivers\nsiproxy.sys [X]
S3 Ntfs; No ImagePath
S1 Null; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ohci1394; system32\DRIVERS\ohci1394.sys [X]
S3 P1130VID; system32\DRIVERS\P1130Vid.sys [X]
S0 partmgr; System32\drivers\partmgr.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S0 pci; system32\drivers\pci.sys [X]
S3 PptpMiniport; system32\DRIVERS\raspptp.sys [X]
S1 PSched; system32\DRIVERS\pacer.sys [X]
S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [X]
S1 RasAcd; System32\DRIVERS\rasacd.sys [X]
S3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [X]
S3 RasPppoe; system32\DRIVERS\raspppoe.sys [X]
S3 RasSstp; system32\DRIVERS\rassstp.sys [X]
S1 rdbss; system32\DRIVERS\rdbss.sys [X]
S1 RDPCDD; System32\DRIVERS\RDPCDD.sys [X]
S3 rdpdr; system32\DRIVERS\rdpdr.sys [X]
S1 RDPENCDD; system32\drivers\rdpencdd.sys [X]
S3 RDPWD; No ImagePath
S2 rimsptsk; system32\DRIVERS\rimsptsk.sys [X]
S2 rspndr; system32\DRIVERS\rspndr.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]
S3 sdbus; system32\DRIVERS\sdbus.sys [X]
S4 sermouse; \SystemRoot\system32\drivers\sermouse.sys [X]
S1 Smb; system32\DRIVERS\smb.sys [X]
S0 spldr; No ImagePath
S0 sptd; System32\Drivers\sptd.sys [X]
S3 srv; System32\DRIVERS\srv.sys [X]
S3 srv2; System32\DRIVERS\srv2.sys [X]
S3 srvnet; System32\DRIVERS\srvnet.sys [X]
S0 ssfs0bbc; system32\DRIVERS\ssfs0bbc.sys [X]
S0 sshrmd; system32\DRIVERS\sshrmd.sys [X]
S0 ssidrv; system32\DRIVERS\ssidrv.sys [X]
S1 ssmdrv; system32\DRIVERS\ssmdrv.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
S1 StarOpen; No ImagePath
S3 swenum; system32\DRIVERS\swenum.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S0 Tcpip; System32\drivers\tcpip.sys [X]
S3 Tcpip6; system32\DRIVERS\tcpip.sys [X]
S2 tcpipreg; System32\drivers\tcpipreg.sys [X]
S3 TDPIPE; system32\drivers\tdpipe.sys [X]
S3 TDTCP; system32\drivers\tdtcp.sys [X]
S1 tdx; system32\DRIVERS\tdx.sys [X]
S1 TermDD; system32\DRIVERS\termdd.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]
S3 tssecsrv; System32\DRIVERS\tssecsrv.sys [X]
S3 tunmp; system32\DRIVERS\tunmp.sys [X]
S3 tunnel; system32\DRIVERS\tunnel.sys [X]
S4 udfs; system32\DRIVERS\udfs.sys [X]
S3 umbus; system32\DRIVERS\umbus.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 usbhub; system32\DRIVERS\usbhub.sys [X]
S3 usbser; system32\drivers\usbser.sys [X]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S1 VgaSave; \SystemRoot\System32\drivers\vga.sys [X]
S0 volmgr; system32\drivers\volmgr.sys [X]
S0 volmgrx; System32\drivers\volmgrx.sys [X]
S0 volsnap; system32\drivers\volsnap.sys [X]
S3 vsbus; system32\DRIVERS\vsb.sys [X]
S3 vserial; System32\DRIVERS\vserial.sys [X]
S3 Wanarp; system32\DRIVERS\wanarp.sys [X]
S1 Wanarpv6; system32\DRIVERS\wanarp.sys [X]
S0 Wdf01000; system32\drivers\Wdf01000.sys [X]
S3 WmiAcpi; system32\DRIVERS\wmiacpi.sys [X]
S3 WpdUsb; system32\DRIVERS\wpdusb.sys [X]
S4 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [X]
S3 WudfPf; system32\drivers\WudfPf.sys [X]
S3 WUDFRd; system32\DRIVERS\WUDFRd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-24 12:18 - 2014-04-24 12:18 - 00000000 ____D () C:\FRST
2014-04-24 07:02 - 2014-04-24 07:02 - 00000000 __SHD () C:\found.001
2014-04-21 22:28 - 2014-04-21 22:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2014-04-21 22:28 - 2014-04-21 22:28 - 00000326 _____ () C:\Windows\System32\bootdelete.lst
2014-04-21 22:28 - 2014-04-21 22:28 - 00000000 _____ () C:\Windows\System32\.crusader
2014-04-21 22:26 - 2014-04-21 22:26 - 00027060 _____ () C:\Users\Jason\Desktop\HitmanPro_20140422_0226.log
2014-04-21 22:03 - 2014-04-21 22:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-21 21:58 - 2014-04-21 22:28 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-21 21:18 - 2014-04-21 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-21 21:18 - 2014-04-03 05:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-21 21:18 - 2014-04-03 05:51 - 00000000 _____ () C:\Windows\System32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

2014-04-24 12:18 - 2014-04-24 12:18 - 00000000 ____D () C:\FRST
2014-04-24 07:02 - 2014-04-24 07:02 - 00000000 __SHD () C:\found.001
2014-04-21 22:30 - 2010-04-30 11:28 - 00002128 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 22:30 - 2010-04-30 11:28 - 00002128 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 22:30 - 2007-05-26 15:46 - 00000000 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 22:28 - 2014-04-21 22:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2014-04-21 22:28 - 2014-04-21 22:28 - 00000326 _____ () C:\Windows\System32\bootdelete.lst
2014-04-21 22:28 - 2014-04-21 22:28 - 00000000 _____ () C:\Windows\System32\.crusader
2014-04-21 22:28 - 2014-04-21 21:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-21 22:26 - 2014-04-21 22:26 - 00027060 _____ () C:\Users\Jason\Desktop\HitmanPro_20140422_0226.log
2014-04-21 22:03 - 2014-04-21 22:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-21 21:18 - 2014-04-21 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-21 21:18 - 2010-11-21 16:48 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Malwarebytes
2014-04-21 21:18 - 2010-11-21 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-21 18:53 - 2006-11-02 03:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-21 18:01 - 2014-03-22 08:28 - 00000000 ____D () C:\Program Files\iPod
2014-04-21 17:27 - 2012-07-28 07:43 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-21 17:19 - 2007-05-27 19:48 - 00000000 ____D () C:\Users\Jason\Local Settings\Application Data\Adobe
2014-04-21 17:19 - 2007-05-27 19:48 - 00000000 ____D () C:\Users\Jason\AppData\Local\Adobe
2014-04-21 16:57 - 2006-11-02 05:00 - 00489160 _____ () C:\Windows\PFRO.log
2014-04-16 18:12 - 2007-05-26 16:10 - 00000000 ____D () C:\Program Files\Java
2014-04-14 18:59 - 2010-11-22 14:40 - 00183808 _____ () C:\Users\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-14 18:59 - 2010-11-22 14:40 - 00183808 _____ () C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-09 08:56 - 2006-11-02 02:24 - 00000000 _____ () C:\Windows\System32\mrt.exe
2014-04-08 16:46 - 2006-11-02 02:33 - 00763586 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-03 05:51 - 2014-04-21 21:18 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-03 05:51 - 2014-04-21 21:18 - 00000000 _____ () C:\Windows\System32\Drivers\mwac.sys
2014-04-03 05:50 - 2010-11-21 16:48 - 00000000 _____ () C:\Windows\System32\Drivers\mbam.sys

==================== Known DLLs (Whitelisted) ============

C:\Windows\System32\clbcatq.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\ole32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\advapi32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\COMDLG32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\gdi32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\IMAGEHLP.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\IMM32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\MSCTF.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\MSVCRT.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\NSI.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcrt4.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Setupapi.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\SHELL32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\SHLWAPI.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\URLMON.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\WLDAP32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\WS2_32.dll IS MISSING <==== ATTENTION!.

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 2549.81 MB
Available physical RAM: 2194.38 MB
Total Pagefile: 2349.67 MB
Available Pagefile: 2218.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1981.66 MB

==================== Drives ================================

Drive c: (SW_Preload) (Fixed) (Total:6.92 GB) (Free:4.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
Drive e: (ServiceV002) (Fixed) (Total:6.92 GB) (Free:2.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 95F3457A)
Partition 1: (Not Active) - (Size=7 GB) - (Type=27)
Partition 2: (Active) - (Size=142 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 960 MB) (Disk ID: 73696D20)
No partition Table on disk 1.


LastRegBack: 2014-04-21 17:04

==================== End Of Log ============================

 

[TwinHeadedEagle]

Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your USB flashdrive.

>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...

 

[Agent_J]

Okay ran the fix, log attached below. Booting the computer normally brings it to the notebook manufacturer's rescue and recovery software (Lenovo). I think that may be stored on the e:\ What should I do now?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-04-2014
Ran by SYSTEM at 2014-04-24 19:12:14 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKLM\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell] [x ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\Jason\...\Policies\Explorer: [HideSCAVolume] 0
HKU\Jason\...\Policies\Explorer: [HideSCANetwork] 0
cmd: bootrec.exe /fixmbr
cmd: bootrec.exe /fixboot
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\Jason\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAVolume => Value deleted successfully.
HKU\Jason\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCANetwork => Value deleted successfully.

========= bootrec.exe /fixmbr =========

??T h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bootrec.exe /fixboot =========

??T h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

 

[TwinHeadedEagle]

I want you to start next program the same manner like FRST:


Download ListParts.exe from link below

http://www.bleepingcomputer.com/download/listparts/dl/77/

Start it, click on Scan, and attach the report.

 

[Agent_J]

Please find log attached, thanks THE

ListParts by Farbar Version: 17-04-2014
Ran by SYSTEM (administrator) on 25-04-2014 at 21:42:21
Windows Vista (X86)
Running From: F:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 2549.81 MB
Available physical RAM: 2228.25 MB
Total Pagefile: 2349.67 MB
Available Pagefile: 2226.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.58 MB

======================= Partitions =========================

1 Drive c: (SW_Preload) (Fixed) (Total:6.92 GB) (Free:4.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
3 Drive e: (ServiceV002) (Fixed) (Total:6.92 GB) (Free:2.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 1849 KB
Disk 1 Online 960 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 7090 MB 1024 KB
Partition 2 Primary 142 GB 7091 MB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E ServiceV002 NTFS Partition 7090 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C SW_Preload NTFS Partition 142 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 960 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 95F3457A
Partition 1: (Not Active) - (Size=7 GB) - (Type=27)
Partition 2: (Active) - (Size=142 GB) - (Type=07 NTFS)

==============================
Partitions of Disk 1:
===============
Disk ID: 73696D20
Partition 1: (Not Active) - (Size=-4750121984) - (Type=0A)
Partition 2: (Not Active) - (Size=260 GB) - (Type=65)
Partition 3: (Not Active) - (Size=0) - (Type=65)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)


****** End Of Log ******

 

[TwinHeadedEagle]

Can you take a picture how it looks like when you try to boot?

 

[Agent_J]

Pictures attached.
1.

2.

3.

 

[TwinHeadedEagle]

Can you access BIOS?

 

[Agent_J]

Yes. What should I do in BIOS?

 

[TwinHeadedEagle]

Change SATA mode from AHCI to IDE or vice versa, and see what happens...

 

[Agent_J]

Just disabled SATA AHCI mode to SATA IDE mode, but it still booted to the same manufacturer recovery program I posted pictures of.

 

[TwinHeadedEagle]

Did you try to see if hard disk is set to first boot device?

 

[Agent_J]

Yes hard disk is set to first boot device.

 

[TwinHeadedEagle]

Since my will to help you is limited here, the last thing that comes to my mind is to restore your system to factory state. What do you think about this?