Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post Norton Power Eraser


  • This topic is locked This topic is locked
68 replies to this topic

#1 Matpat

Matpat

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 15 February 2012 - 09:11 PM

Tried to follow Preparation Guide, but DDS and GMER would not run in current state. All important files have been backed up.

Had a redirect virus/ malware (puma). Ran Malware Bytes and Norton Internet 2012 to no avail. Finally used Norton Power Eraser, which found two problems and I clicked fix. Upon reboot, BSOD comes up briefly and then goes into continuous reboot cycle. I can now only run the Vista OS in safe mode with networking. I believe the redirect problem is now gone but can no longer boot normally.

Any help is most appreciated.

Thank you,
matpat

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 15 February 2012 - 10:21 PM

Hi Matpat and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you!


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take anys steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

I will be posting some directions for you shortly. Please be patient while I review the information you provided.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 16 February 2012 - 11:31 AM

Greetings Matpat,

I would like to take a look at the BSOD information and repair a boot setting if it is necessary. Please perform the following for me.


===================================================


Diagnose BlueScreen Errors

--------------------

  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:


    Posted Image

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:


    Posted Image

  • Please include this information in your reply.

===================================================


Resetting "/NOEXECUTE=OPTIN"

--------------------

  • Reboot your computer and tap the F10 key until Edit Boot Menu appears
  • You may see something similar to this:

    [ /NOEXECUTE=OPTIN /MININT <lot of empty space> ]

  • If you see this, backspace until "/MININT" is removed, leaving only "/NOEXECUTE=OPTIN"
  • Press Enter to continue booting your computer.

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • BSOD information
  • Were you able to successfully boot into Windows?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Matpat

Matpat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 16 February 2012 - 01:52 PM

Hi Oh My! Thank you for working with me!



BSOD No Error Message

*** STOP: 0X0000008E (0XC0000005, 0x8245E759, 0XAC54191C, OX00000000)



BOOT MENU

Path: \windows\system32\boot\winload.exe

[ /DETECTHAL /MININT /REDIRECT RDIMAGEOFFSET=8192 RDIMAGELENGTH=3161088 R
DPATH=multi (0)rdisk(0)partition(1)\sources\boot.wim

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 16 February 2012 - 08:29 PM

Greetings Matpat,

Thank you for the information. I will have steps for you to take tomorrow.

Since I am under the oversight of a malware expert everything needs to be checked to make sure I offer you proper and efficient steps. Because of the time zone difference between me an my coach we may experience a little bit of delay. Rest assured I am working diligently on your computer issue despite the occasional delay.

I trust it will be worth it in the end. :thumbup2:

Thanks for your patience.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Matpat

Matpat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 16 February 2012 - 08:41 PM

That sounds great Oh My! Thank you so much for your time and efforts.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 17 February 2012 - 08:03 AM

Greetings Matpat,

I would like for you to do the following and see if we can get your computer to boot successfully.


===================================================


Resetting "/DETECTHAL"

--------------------

  • Reboot your computer and tap the F10 key until Edit Boot Menu appears
  • Please use your backspace key to remove the information I have listed in red

    [ /DETECTHAL /MININT /REDIRECT RDIMAGEOFFSET=8192 RDIMAGELENGTH=3161088 R
    DPATH=multi (0)rdisk(0)partition(1)\sources\boot.wim]

  • Please be sure to have only one space between "/DETECTHAL" and "/REDIRECT"
  • Press Enter to continue booting your computer.
  • If you are able to boot in normal mode please continue to the next step

===================================================


Running "bcdedit"

--------------------

  • Boot into Windows normal mode
  • Immediately do the following: click Start > All Programs > Accessories, right click on Command prompt and click "Run as Administrator".
  • Type the following line and press Enter.

bcdedit /set {default} winpe no


----------

If both steps are successful, please attempt to run DDS and GMER again.


Things I would like to see in your next reply if available. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt
  • GMER log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 Matpat

Matpat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 17 February 2012 - 03:23 PM

Hi Oh My,

Did not make it past the first step. After removing /MININT and pressing enter I got the Blue Screen with the following information.


STOP: c0000218 {Registry File Failure}
The registry cannot load the hive (file):
\SystemRoot\System32\Config\SYSTEM
or its log or alternate.
It is corrupt, absent, or not writable.


I tried twice to no avail. Again, thank you for your help!

Sincerely,
matpat

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 18 February 2012 - 08:11 AM

Greetings Matpat,

We are going to check your disk for errors to see if that is causing your booting problems.

Please complete the following for me.


===================================================


Running chkdsk /r from Vista Recovery Environment

--------------------

  • Boot your computer into the Repair Your Computer screen (tap F8)
  • Click Next at the System Recovery Options screen
  • If the computer is password protected type in the password. If it is not password protected just press Enter
  • Select Command Prompt
  • Type c: and Enter
  • Type chkdsk /r and Enter
  • If you receive a message about unmounting the volume check Yes
  • If the program doesn't start automatically repeat the chkdsk /r command
  • Note: This process may take awhile to complete. Please be patient.
  • Please let me know what happens

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Results of chkdsk /r

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 Matpat

Matpat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 18 February 2012 - 11:50 AM

Hi Oh My,

Based on your instructions, I booted in Safe Mode with Command Prompt. I then typed chkdsk/r after C:\Windows\system32> and got the following

The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? <Y/N>


Please advise.

Thank you,
matpat

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 18 February 2012 - 01:12 PM

Greetings Matpat,

Yes, restart and it should run.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:52 PM

Posted 21 February 2012 - 07:31 PM

Greetings Matpat,


===================================================

72 Hour Bump

It has been more than 72 hours since my last post.

  • Do you still need help with this?
  • Do you need more time?
  • Are you having problems following my instructions?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:52 AM

Posted 24 February 2012 - 03:42 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:52 AM

Posted 25 February 2012 - 01:16 PM

This topic has been re-opened at the request of the person who originally posted.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Matpat

Matpat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 25 February 2012 - 03:03 PM

Hi Oh My!

Sorry for the delay. I tried to post this on Tuesday (2/21) but for some reason was unsuccessful.

I did respond Y and pressed enter. From there I got C:\Windows\system32> and nothing happened. I then typed shutdown/r and the computer shutdown and reboots and continues the original cycle with the BSOD and then reboots continuously. In short nothing new has happened after responding Y to Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? <Y/N> .

Please advise.

Thank you,
matpat




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users