Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Repair Virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 Corymo4

Corymo4

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 28 January 2012 - 02:56 PM

Same problem as described by others. Unable to start OS - repeats auto startup repair and fails. Unable to restore or recover. Followed instructions from this site and downloaded FRST. Copied and scanned. Need help to fix.

*mod edit: moved from Introductions to the appropriate forum~Queen-Evie*

Edited by Queen-Evie, 28 January 2012 - 03:18 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:11 AM

Posted 28 January 2012 - 03:17 PM

Does it work in safe mode or will not boot up at all?

#3 Corymo4

Corymo4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 28 January 2012 - 03:22 PM

Unable to start in safe mode.

#4 Corymo4

Corymo4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 28 January 2012 - 03:26 PM

Not boot up at all. It goes into auto startup repair, unable to repair message, to system recovery option after "administrator" log in screen which I can bypass without entering password?? None of recovery options work - startup repair, system restore, system image recovery, dell factory image restore.

#5 Corymo4

Corymo4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 28 January 2012 - 03:41 PM

Followed instructions from earlier post and copied scan result from Farbar Recovery Scan Tool below.




Scan result of Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-01-28 15:38:13
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-09] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [166424 2009-11-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [390168 2009-11-04] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [408600 2009-11-04] (Intel Corporation)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2010-02-23] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [fsi] C:\Program Files (x86)\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe [9728 2009-09-02] ()
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1779952 2009-07-07] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.0.1 10.1.0.2

==================== Services (Whitelisted) ======

2 0034671266969542mcinstcleanup; C:\Users\ADMINI~1\AppData\Local\Temp\003467~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [42 2010-02-23] ()
3 McODS; C:\Program Files\McAfee\VIRUSS~1\mcods.exe [696848 2009-06-16] (McAfee, Inc.)
3 McShield; "C:\Program Files\McAfee\VIRUSS~1\mcshield.exe" [155456 2009-06-18] (McAfee, Inc.)
2 mcmscsvc; %ProgramFiles(x86)%\McAfee\MSC\mcmscsvc.exe [x]
4 McNASvc; %CommonProgramFiles(x86)%\mcafee\mna\mcnasvc.exe [x]
4 McProxy; %CommonProgramFiles(x86)%\mcafee\mcproxy\mcproxy.exe [x]
3 McSysmon; "%ProgramFiles(x86)%\McAfee\VIRUSS~1\mcsysmon.exe" [x]
4 MpfService; %ProgramFiles(x86)%\McAfee\MPF\MPFSrv.exe [x]

========================== Drivers (Whitelisted) =============

3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.)
1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============



============ 3 Months Modified Files and Folders =============

2012-01-28 09:57 - 2010-01-15 19:37 - 0000000 ____D C:\DELL


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe
[2010-02-23 17:24] - [2010-02-23 17:24] - 2868224 ____A (Microsoft Corporation) F170B4A061C9E026437B193B4D571799

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3892.52 MB
Available physical RAM: 3325.2 MB
Total Pagefile: 3890.67 MB
Available Pagefile: 3302.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:48.21 GB) NTFS
2 Drive d: () (Fixed) (Total:229.63 GB) (Free:135.58 GB) NTFS
5 Drive h: () (Removable) (Total:1.91 GB) (Free:1.87 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 1953 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 9 GB 101 MB
Partition 3 Primary 58 GB 9 GB
Partition 0 Extended 229 GB 68 GB
Partition 4 Logical 229 GB 68 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 FAT Partition 100 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y RECOVERY NTFS Partition 9 GB Healthy

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 58 GB Healthy

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D NTFS Partition 229 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1952 MB 122 KB

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 1952 MB Healthy


==========================================================
TDL4: custom:26000022
==========================================================

Last Boot: 2010-02-23 17:26

======================= End Of Log ==========================

Edited by hamluis, 28 January 2012 - 04:01 PM.
Moved from Am I Infected to Malware Removal Logs.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:11 AM

Posted 02 February 2012 - 05:39 PM

Hello Corymo4,

Welcome to this forum and apologies for the delay.

Please tell me if you have still the issue and need assistance.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:11 AM

Posted 06 February 2012 - 03:14 PM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users