Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows no longer Boots and NTDETECT is stuck, Help!


  • This topic is locked This topic is locked
3 replies to this topic

#1 Mimeblade

Mimeblade

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 22 May 2010 - 12:30 PM

Okay so, a Malware installed itself claiming I had to scan my XP Home, I figured I'd run ComboFix but it was blocked from running (didn't know you should rename it at the time). I tried to shut down and enter Safe Mode but Malware said LogOut.ini was infected or something, so I tried Hardboot to Enter Safe Mode. Now Windows won't start and keeps Resetting, I tried Recovery Console and now NTDETECT is stuck checking Hardware? I'm typing with my PS3 right now, so I'm not sure what to do at this point. Please save my PC! T-T

EDIT: Moved from XP to more appropriate Am I Infected forum ~ Hamluis.

Edited by hamluis, 22 May 2010 - 12:43 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:54 PM

Posted 22 May 2010 - 09:01 PM

Hi, Mimeblade smile.gif

welcome.gif

Lets give this a try. We can help you throughout an External Environment. You will need to burn a boot CD with especial tools. You will also need a flash drive to move information from the troubled computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.
  • Download OTLPEStd.exe to your desktop. NOTE: This file is 93.1MB in size so it may take some time to download.
  • Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe.The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
  • Once the CD is burned, boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standart Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      NTDETECT
      LogOut.ini
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Mimeblade

Mimeblade
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 23 May 2010 - 01:10 PM

Apologies, since the OTL and Extras Log files are too huge to list here or attach, I'll just send it as a zip file:

http://www.sendspace.com/file/j87ezd

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,695 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:54 PM

Posted 23 May 2010 - 01:45 PM

There seems to be a two installation in that computer. A installation was originally done in C:\Windows and a parallel installation was made in C:\Windows.01. That can create a conflict, especially when the original installation was already updated to SP3. I believe you are experiencing a compatibility issue. No malware is present in that log.

I would recommend that you re-format the hard drive and perform a fresh installation of the operating system.

There is nothing we can do from this stand of view throughout software to resolve the issue.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users