Jump to content
Posted 12 June 2011 - 07:59 PM
Posted 20 June 2011 - 07:36 PM
Posted 21 June 2011 - 12:04 AM
Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.
- Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
- Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
- Please reply to this post so I know you are there.
Once I receive a reply then I will return with your first instructions.
Posted 21 June 2011 - 02:01 PM
Posted 22 June 2011 - 09:02 PM
Your Gmail account is safe but we have to remove the rogue antivirus from the machine.
We may have to bypass the fake screen to run some programs. Let's see what we can do.
First, when running in safe mode what is it you can see on the screen? Just the command prompt window?
Second, do you have a flashdrive?
Posted 23 June 2011 - 01:15 PM
netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /90 CREATERESTOREPOINT
Edited by m0le, 23 June 2011 - 01:15 PM.
Posted 23 June 2011 - 03:52 PM
Posted 23 June 2011 - 06:22 PM
Posted 26 June 2011 - 02:47 PM
We may have to use those recovery disks but for now we will try bypassing the Windows operating system and taking a look at the machine using a Linux operating system installation called xPUD
Download GETxPUD.exe to the desktop of your clean computer
Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.
- Run GETxPUD.exe
- A new folder will appear on the desktop.
- Open the GETxPUD folder and click on the get&burn.bat
- The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
- Click on Start and follow the prompts to burn the image to a CD.
- Download http://noahdfear.net/downloads/rst.sh to the USB drive
- Insert the USB drive and CD in the Sick computer and boot the computer from the CD again
- Press File
- Expand mnt
- Expand your USB (sdb1)
- Confirm that you see rst.sh that you downloaded there
- Press Tool at the top
- Choose Open Terminal
- Type bash rst.sh
- Press Enter
- After it has finished a report will be located at sdb1 named enum.log
- Plug that USB back into the clean computer and open it
Please also note - all text entries are case sensitive
Copy and paste the enum.log for my review
Posted 26 June 2011 - 06:14 PM
Posted 01 July 2011 - 08:06 PM
0 members, 0 guests, 0 anonymous users