Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Boot sector infection


  • This topic is locked This topic is locked
34 replies to this topic

#1 markwarden

markwarden

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 04 October 2011 - 12:03 PM

Hello all,

I must say, it feels kind of strange posting in these forums - I'm usually the Internet crawler who rides on the backs of all those who had their problems solved before me. Anyway, down to business.

The other night, I did something bad and visited a site that I probably ought not to have visited. Needless to say, bad things happened. First, a window popped up asking if - well, ok. I can't remember what it was asking. I kind of blindly clicked "OK" and then proceeded to face-palm as my computer instantly rebooted, flashing a momentary blue screen.

Here's a list of the problems I've had:

The computer boots normally - BIOS is fine, all drives visible, etc. - and starts up the Windows 7 logo screen. Then, blue screen hits. Error messages read thusly:

"Stop 0x0000007B (0XFFFFF880009A97E8, 0xFFFFFFFFC000000D, 0x0000000000000000, 0x0000000000000000)"

Anyway, I've tried all the normal solutions: Startup Repair was laughably useless, and I've run "bootsect.exe /fixmbr", "bootsect.exe /fixboot", and "bootsect.exe /RepairBcd"; I've taken out the hard drive and slaved it into another computer, then washed it with AVG scans, Avast! scans, MSE scans, and Avira; MSE deleted a form of the Alureon virus, but after that, none of the scans found anything else (possibly because the HDD was slaved and the virus was inactive?). And yes, I was uninstalling and reinstalling anti-virus programs, as well as deactivating Windows Defender while all this scanning was happening.

After scanning, I replaced the hard drive into the ailing computer, repeated the previously stated Command Prompt commands, and nothing. I've also tried Master booting the hard drive in another computer (the one which includes a CD/DVD drive, since my new and ailing computer doesn't have the IDE cable ports on the motherboard, and I lack an SATA DVD drive) and using my Windows CD to chkdsk, sfc /scannow etc., as well as the previously stated command prompt commands. A couple of hours later - 5-step chkdsk takes a beastly amount of time - nothing had been fixed.

I've tried restoring and memory checks from the Startup Repair menu and neither made a difference.

Safe mode doesn't work; it just shows me the files it's loading and then proceeds to do the same exact thing - BSOD-to-reboot. I've tried booting from a Ubuntu flash drive, but that's getting annoying (especially since all the changes I've made to the OS seem to be bogging down startup; now it won't start up unless I completely reload it onto the flash drive). I don't even know if you can get anti-virus programs for Linux that'll do anything my previous scans could not.

So. Any guesses or suggestions? I am completely at a loss here.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 PM

Posted 05 October 2011 - 02:54 PM

Hello, please run these.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 markwarden

markwarden
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 05 October 2011 - 04:38 PM

Um, all right. So I downloaded and ran the two programs on my brother's computer with the infected hard drive plugged in; the first program (MiniToolBox) gave a bunch of information about my brother's computer, and the second program (GMER) didn't find a anything or generate a report (even though I asked it to scan the infected hard drive). I'm guessing that I would have to be able to boot from the infected hard drive in order for the programs to bring up relevant information - which I cannot presently do - but here's the MiniToolBox report anyway:

MiniToolBox by Farbar
Ran by Jesse (administrator) on 05-10-2011 at 16:31:39
Windows 7 Ultimate (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Arnold
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Physical Address. . . . . . . . . : 00-C0-CA-4F-5F-EB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2570:9aa5:fc1c:77e1%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 05, 2011 4:29:16 PM
Lease Expires . . . . . . . . . . : Thursday, October 06, 2011 4:29:19 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234930378
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-C6-6C-D2-00-C0-CA-4F-5F-EB
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4df:1573:b405:59d5(Preferred)
Link-local IPv6 Address . . . . . : fe80::4df:1573:b405:59d5%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{5644B50C-D7F5-4D65-A2D6-9DDDFF930BAA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.48
74.125.224.49
74.125.224.50
74.125.224.52
74.125.224.51


Pinging google.com [74.125.224.83] with 32 bytes of data:
Reply from 74.125.224.83: bytes=32 time=174ms TTL=51
Reply from 74.125.224.83: bytes=32 time=184ms TTL=51

Ping statistics for 74.125.224.83:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 174ms, Maximum = 184ms, Average = 179ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 67.195.160.76
72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=227ms TTL=50
Reply from 72.30.2.43: bytes=32 time=188ms TTL=50

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 188ms, Maximum = 227ms, Average = 207ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 c0 ca 4f 5f eb ......Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:4df:1573:b405:59d5/128
On-link
11 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::4df:1573:b405:59d5/128
On-link
11 281 fe80::2570:9aa5:fc1c:77e1/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/03/2011 09:13:41 PM) (Source: RO-PID3488) (User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:13:41 PM) (Source: RO-PID3488) (User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:13:41 PM) (Source: RO-PID3488) (User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:13:40 PM) (Source: RO-PID3488) (User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:13:40 PM) (Source: RO-PID3488) (User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:13:40 PM) (Source: RO-PID3488) (User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:12:03 PM) (Source: RO-PID3488) (User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:12:03 PM) (Source: RO-PID3488) (User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:12:03 PM) (Source: RO-PID3488) (User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:12:03 PM) (Source: RO-PID3488) (User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)


System errors:
=============
Error: (10/03/2011 01:56:22 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8603.0.8402.0%%835%%8420x80004005Unspecified error 5

Error: (10/03/2011 10:26:56 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (10/03/2011 07:54:58 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (10/03/2011 07:49:20 AM) (Source: Microsoft Antimalware) (User: )
Description: %%8603.0.8402.0%%835%%8420x80004005Unspecified error 5

Error: (10/03/2011 00:19:06 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume G: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (10/03/2011 00:12:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %%8603.0.8402.0%%886%%8920x8007042cThe dependency service or group failed to start. 9

Error: (10/02/2011 11:51:33 PM) (Source: volsnap) (User: )
Description: The shadow copy of volume G: took too long to install.

Error: (09/27/2011 04:41:10 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (09/27/2011 04:41:10 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (09/27/2011 04:39:55 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:31:48 PM on ?9/?27/?2011 was unexpected.


Microsoft Office Sessions:
=========================
Error: (10/03/2011 09:13:41 PM) (Source: RO-PID3488)(User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:13:41 PM) (Source: RO-PID3488)(User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:13:41 PM) (Source: RO-PID3488)(User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:13:40 PM) (Source: RO-PID3488)(User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:13:40 PM) (Source: RO-PID3488)(User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:13:40 PM) (Source: RO-PID3488)(User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:12:03 PM) (Source: RO-PID3488)(User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:12:03 PM) (Source: RO-PID3488)(User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:12:03 PM) (Source: RO-PID3488)(User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)

Error: (10/03/2011 09:12:03 PM) (Source: RO-PID3488)(User: )
Description: FBitWriter::SerializeInt(): Value out of bounds (Value: 3222274048, ValueMax: 2097152)


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (Version: 1.0e)
Amazon Games & Software Downloader (Version: 2.0.2.0)
AMD Core Line (Version: 2.0.262.5)
Ask Toolbar (Version: 1.12.2.0)
avast! Free Antivirus (Version: 6.0.1289.0)
BitTorrent (Version: 7.2.1)
Crysis 2® Mod SDK 1.1
Crysis 2® Mod SDK 1.1 (Version: 1.1.0.0)
Crysis® 2 (Version: 1.0.0.0)
DAEMON Tools Lite (Version: 4.41.3.0173)
EA Download Manager (Version: 7.2.0.32)
Google Chrome (Version: 14.0.835.202)
Google Earth (Version: 6.0.3.2197)
Google SketchUp 8 (Version: 3.0.4811)
Google Update Helper (Version: 1.3.21.69)
Grand Theft Auto III
Half-Life Dedicated Server Update Tool
Half-Life: Blue Shift
Insurgency
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (Version: 6.0.270)
Java™ 7 (64-bit) (Version: 7.0.0)
Java™ SE Development Kit 7 (64-bit) (Version: 1.7.0.0)
LG Verizon United Drivers (Version: 2.3.1)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA 3D Vision Driver 263.09 (Version: 263.09)
NVIDIA Control Panel 263.09 (Version: 263.09)
NVIDIA Graphics Driver 263.09 (Version: 263.09)
NVIDIA HD Audio Driver 1.1.9.0 (Version: 1.1.9.0)
NVIDIA Install Application (Version: 2.0.15.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6309)
Oasis2Service 1.0 (Version: 1.0.0)
OpenAL
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Prototype
PunkBuster Services (Version: 0.991)
Rapture3D 2.4.8 Game
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
REALTEK Wireless LAN Driver and Utility (Version: 1.00.0145)
Red Orchestra 2 SDK
Red Orchestra 2: Heroes of Stalingrad Beta
Red Orchestra: Ostfront 41-45
Sniper Ghost Warrior
Steam (Version: 1.0.0.0)
Unreal Development Kit: 2011-08
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.01 (64-bit) (Version: 4.01.0)

========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 8190.18 MB
Available physical RAM: 6487.77 MB
Total Pagefile: 16378.5 MB
Available Pagefile: 14610.36 MB
Total Virtual: 4095.88 MB
Available Virtual: 3979.46 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:394.34 GB) NTFS
3 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
5 Drive g: () (Fixed) (Total:244.04 GB) (Free:12.05 GB) NTFS
6 Drive h: (Partition II) (Fixed) (Total:221.62 GB) (Free:118.08 GB) NTFS
7 Drive i: () (Removable) (Total:3.74 GB) (Free:2.68 GB) FAT32

========================= Users: ========================================

User accounts for \\ARNOLD

Administrator Guest Jesse

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 PM

Posted 05 October 2011 - 10:58 PM

OK, I may have misunderstood. Your PC is still not bootable? That is why its hooked to the other machine?

Edited by boopme, 05 October 2011 - 10:59 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 markwarden

markwarden
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 05 October 2011 - 11:07 PM

Yeah, my PC's primary hard drive won't boot Windows 7, so I had to yank it out and put it into my brother's computer in order to scan it.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 PM

Posted 05 October 2011 - 11:54 PM

I will ask an expert on these boot issues to look here. You will need access to make a CD.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:03 PM

Posted 06 October 2011 - 08:54 AM

:welcome:

Lets give it a try.

You need to put the hard drive back into the ailing computer. I must assume it is a 64 bit system.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 PM

Posted 06 October 2011 - 08:59 AM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 markwarden

markwarden
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 06 October 2011 - 09:42 AM

OK, I downloaded the tool to the flash drive, placed my infected hard drive back into the infected computer, booted up with the flash drive inserted, and navigated to the command prompt, and tried running the tool; however, it keeps reading "The tool will be closed now. You must run this tool once more," and then repeating its set up process every time I run it again. :\

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:03 PM

Posted 06 October 2011 - 12:00 PM

Is your Windows installation a 64 bit System?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 markwarden

markwarden
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 06 October 2011 - 12:05 PM

Yes, Windows 7 Ultimate x64.

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:03 PM

Posted 06 October 2011 - 12:07 PM

Were you able to see this window?

Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 markwarden

markwarden
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 06 October 2011 - 12:10 PM

Nope. It just stated that it was "Finalizing set up," counting down by odd numbers, then spat out the message I mentioned. And it did this every time I ran it. :/

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:03 PM

Posted 06 October 2011 - 12:22 PM

That is very odd. I just ran the tool in My computer and there is no setup message at all, but a disclaimer window.

Please download the tool once again to make sure you do not have a bad download, then run Notepad to determine the drive letter to your USB drive, and using that letter run X:\frst64, where the X is the drive letter assigned to your USB drive.

Let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 markwarden

markwarden
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 06 October 2011 - 12:34 PM

Ok, I redownloaded the program onto my flash drive, navigated to the drive (J: in this case) and ran frst64. This is exactly what happens: The Farbar Recovery Scanner Tool window pops up, and reads "The tool is setting itself up to read the Local Disk" (or something close to that, it flashes for about a split second), then it says "The set up will be finalized in (x) seconds..." as it counts down in (x). Then it says "Done" in the main window and an external window pops up saying "The tool will be closed now. You need to run the tool once more." After about two seconds it closes itself if I don't press the OK button, which is the only option.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users