When I turned on my laptop yesterday morning, the screen was all black, like the system was hanging. So I decided to take out the batteries, put them back in, and turn the laptop on again (I do this everytime it hangs--no problem whatsoever). Upon turning back on, a black screen with "Windows is loading files..." appeared. When it was done, a blue background picture appeared (which was not my wallpaper, but looked Microsoft-ish), and Startup Repair started. This must've been because of a suspicious EXE file I accidentally ran the night before =(
Startup Repair started checking my system for probems. After it was done, it said that Startup Repair cannot repair this computer automatically. Sending more information can help Microsoft create solutions: 1) Send; 2) Don't send. I didn't send it, cause I can't bloody well connect to the Internet. The problem event name was StartupRepairOffline.
HP's Recovery Manager then popped up. From there, I had three choices: 1) Microsoft system restore, 2) Run computer checkup (I could also run Command Prompt from here), and 3) File backup program. I tried restoring to just before the problems appeared, but it failed. The I tried backing up, but it wouldn't allow me to click "Next" and proceed for certain file types like pictures & videos. I can only backup HTML files and file settings.
So I decided to run HijackThis from an external hard drive by opening Task Manager using Command Prompt. It ran and I saved the log (see below). But when I run DDS, the window suddenly closes. When I run GMER, a window popped up, saying that "GMER has found system modification, which might have been caused by rootkit activity. Do you want to fully scan your system?" I clicked no. Then after unchecking "IAT/EAT" and checking "C:\" & "Show all," the app ran for around a minute, then an error message popped up:
"The instruction at 0x0040c676 referenced memory at 0x88e83d2e, The memory could not be read. Click on OK to terminate the program."
When I ran GMER again, a BSOD appeared. PAGE_FAULT_IN_NONPAGED_AREA. Technical information:
*** STOP: 0x00000050 (0x996A4000, 0x00000000, 0x90c69114, 0x00000000)