Help
*mod edit: moved from Introductions to the appropriate forum~Queen-Evie*
This post has been edited by Queen-Evie: 28 January 2012 - 03:18 PM
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
- You cannot start a new topic
-
This topic is locked
Startup Repair Virus Unable to start OS _windows 7 X64 Premium
#1
- New Member
-
- Group: Members
- Posts: 5
- Joined: 28-January 12
Posted 28 January 2012 - 02:56 PM
Same problem as described by others. Unable to start OS - repeats auto startup repair and fails. Unable to restore or recover. Followed instructions from this site and downloaded FRST. Copied and scanned. Need help to fix.
*mod edit: moved from Introductions to the appropriate forum~Queen-Evie*
*mod edit: moved from Introductions to the appropriate forum~Queen-Evie*
Back to top
#2
- Bleepin Madman
-
- Group: BC Advisor
- Posts: 18,388
- Joined: 08-September 08
- Gender:Male
- Location:Catonsville, Md
Posted 28 January 2012 - 03:17 PM
Does it work in safe mode or will not boot up at all?
My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.
#3
- New Member
-
- Group: Members
- Posts: 5
- Joined: 28-January 12
Posted 28 January 2012 - 03:22 PM
Unable to start in safe mode.
#4
- New Member
-
- Group: Members
- Posts: 5
- Joined: 28-January 12
Posted 28 January 2012 - 03:26 PM
Not boot up at all. It goes into auto startup repair, unable to repair message, to system recovery option after "administrator" log in screen which I can bypass without entering password?? None of recovery options work - startup repair, system restore, system image recovery, dell factory image restore.
#5
- New Member
-
- Group: Members
- Posts: 5
- Joined: 28-January 12
Posted 28 January 2012 - 03:41 PM
Followed instructions from earlier post and copied scan result from Farbar Recovery Scan Tool below.
Scan result of Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-01-28 15:38:13
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-09] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2009-11-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390168 2009-11-04] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [408600 2009-11-04] (Intel Corporation)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2010-02-23] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [fsi] C:\Program Files (x86)\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe [9728 2009-09-02] ()
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1779952 2009-07-07] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.0.1 10.1.0.2
==================== Services (Whitelisted) ======
2 0034671266969542mcinstcleanup; C:\Users\ADMINI~1\AppData\Local\Temp\003467~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [42 2010-02-23] ()
3 McODS; C:\Program Files\McAfee\VIRUSS~1\mcods.exe [696848 2009-06-16] (McAfee, Inc.)
3 McShield; "C:\Program Files\McAfee\VIRUSS~1\mcshield.exe" [155456 2009-06-18] (McAfee, Inc.)
2 mcmscsvc; %ProgramFiles(x86)%\McAfee\MSC\mcmscsvc.exe [x]
4 McNASvc; %CommonProgramFiles(x86)%\mcafee\mna\mcnasvc.exe [x]
4 McProxy; %CommonProgramFiles(x86)%\mcafee\mcproxy\mcproxy.exe [x]
3 McSysmon; "%ProgramFiles(x86)%\McAfee\VIRUSS~1\mcsysmon.exe" [x]
4 MpfService; %ProgramFiles(x86)%\McAfee\MPF\MPFSrv.exe [x]
========================== Drivers (Whitelisted) =============
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.)
1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
============ 3 Months Modified Files and Folders =============
2012-01-28 09:57 - 2010-01-15 19:37 - 0000000 ____D C:\DELL
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2010-02-23 17:24] - [2010-02-23 17:24] - 2868224 ____A (Microsoft Corporation) F170B4A061C9E026437B193B4D571799
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 3892.52 MB
Available physical RAM: 3325.2 MB
Total Pagefile: 3890.67 MB
Available Pagefile: 3302.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:48.21 GB) NTFS
2 Drive d: () (Fixed) (Total:229.63 GB) (Free:135.58 GB) NTFS
5 Drive h: () (Removable) (Total:1.91 GB) (Free:1.87 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 1953 MB 0 B
Disk 2 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 9 GB 101 MB
Partition 3 Primary 58 GB 9 GB
Partition 0 Extended 229 GB 68 GB
Partition 4 Logical 229 GB 68 GB
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 FAT Partition 100 MB Healthy Hidden
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y RECOVERY NTFS Partition 9 GB Healthy
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 58 GB Healthy
Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D NTFS Partition 229 GB Healthy
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1952 MB 122 KB
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 1952 MB Healthy
==========================================================
TDL4: custom:26000022
==========================================================
Last Boot: 2010-02-23 17:26
======================= End Of Log ==========================
Scan result of Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-01-28 15:38:13
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-09] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2009-11-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390168 2009-11-04] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [408600 2009-11-04] (Intel Corporation)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2010-02-23] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [fsi] C:\Program Files (x86)\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe [9728 2009-09-02] ()
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1779952 2009-07-07] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.0.1 10.1.0.2
==================== Services (Whitelisted) ======
2 0034671266969542mcinstcleanup; C:\Users\ADMINI~1\AppData\Local\Temp\003467~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [42 2010-02-23] ()
3 McODS; C:\Program Files\McAfee\VIRUSS~1\mcods.exe [696848 2009-06-16] (McAfee, Inc.)
3 McShield; "C:\Program Files\McAfee\VIRUSS~1\mcshield.exe" [155456 2009-06-18] (McAfee, Inc.)
2 mcmscsvc; %ProgramFiles(x86)%\McAfee\MSC\mcmscsvc.exe [x]
4 McNASvc; %CommonProgramFiles(x86)%\mcafee\mna\mcnasvc.exe [x]
4 McProxy; %CommonProgramFiles(x86)%\mcafee\mcproxy\mcproxy.exe [x]
3 McSysmon; "%ProgramFiles(x86)%\McAfee\VIRUSS~1\mcsysmon.exe" [x]
4 MpfService; %ProgramFiles(x86)%\McAfee\MPF\MPFSrv.exe [x]
========================== Drivers (Whitelisted) =============
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.)
1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
============ 3 Months Modified Files and Folders =============
2012-01-28 09:57 - 2010-01-15 19:37 - 0000000 ____D C:\DELL
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2010-02-23 17:24] - [2010-02-23 17:24] - 2868224 ____A (Microsoft Corporation) F170B4A061C9E026437B193B4D571799
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 3892.52 MB
Available physical RAM: 3325.2 MB
Total Pagefile: 3890.67 MB
Available Pagefile: 3302.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:48.21 GB) NTFS
2 Drive d: () (Fixed) (Total:229.63 GB) (Free:135.58 GB) NTFS
5 Drive h: () (Removable) (Total:1.91 GB) (Free:1.87 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 1953 MB 0 B
Disk 2 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 9 GB 101 MB
Partition 3 Primary 58 GB 9 GB
Partition 0 Extended 229 GB 68 GB
Partition 4 Logical 229 GB 68 GB
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 FAT Partition 100 MB Healthy Hidden
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y RECOVERY NTFS Partition 9 GB Healthy
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 58 GB Healthy
Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D NTFS Partition 229 GB Healthy
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1952 MB 122 KB
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 1952 MB Healthy
==========================================================
TDL4: custom:26000022
==========================================================
Last Boot: 2010-02-23 17:26
======================= End Of Log ==========================
This post has been edited by hamluis: 28 January 2012 - 04:01 PM
Reason for edit: Moved from Am I Infected to Malware Removal Logs.
#6
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,817
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 02 February 2012 - 05:39 PM
Hello Corymo4,
Welcome to this forum and apologies for the delay.
Please tell me if you have still the issue and need assistance.
Welcome to this forum and apologies for the delay.
Please tell me if you have still the issue and need assistance.
#7
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,817
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 06 February 2012 - 03:14 PM
This thread will now be closed due to lack of activity.
If you need this topic reopened, please send me a Private Message and I will reopen it for you.
If you should have a new issue, please start a new topic.
Every one else should start a new topic.
If you need this topic reopened, please send me a Private Message and I will reopen it for you.
If you should have a new issue, please start a new topic.
Every one else should start a new topic.
Share this topic:
Page 1 of 1
- You cannot start a new topic
-
This topic is locked