Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed viruses and now the computer won't boot into Windows


  • This topic is locked This topic is locked
6 replies to this topic

#1 sa91899

sa91899

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 26 March 2012 - 01:23 PM

Hello,

I hope someone here can provide some assistance with this issue. I am sort of at a loss...

A friend asked me to look at their computer because they thought they may have a virus, so I got the laptop here I turned it on and before booting into windows it did a chkdsk so I waited for the chkdsk to finish then it restarted booted into windows 7. I noticed that it was running a bit slower than I expected but I was able to get on line and download Microsoft Security Essentials. I ran security essentials and it found 6 viruses. (Can't tell you what they were) but it suggested that I reboot to finish fixing the infestation. I rebooted and now I have an issue that it will not boot into windows. It will get to the screen where the multi-colored dots come together to form the Windows logo then it will reboot.

I have tried to go into safe mode however it pauses and reboots when it gets to the file Windows/System32/drivers/classpnp.sys. A blue screen flashes for a split second then reboots. I was able to determine what the blue screen says after multiple times of rebooting. It says, "CR 00000135 The program can not start because %h$ is missing from your computer. Please try re0installing the program to fix this issue."

After it reboots, if I do nothing it does come to a screen asking if I want to run windows recovery. If I choose that option Windows recovery comes up and asks if I want to do a restore. It tells me afte waiting some time that the restore option will not work. So when I reboot and try the recovery option again, I chose no to the restore option and it tries to run the recovery tool. It now has a screen that says attempting repairs with the progress bar that keeps moving left to right like it is scanning the system, but it has been like that for close to an hour now.

That's all the info I can give you right now and that is where I am...

Hope someone can help me.

I would appreciate any information you could provide.

Thanks,

Steve

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:10 PM

Posted 26 March 2012 - 04:35 PM

Hi sa91899,

I will be helping you with the computer

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:10 PM

Posted 29 March 2012 - 12:04 PM

EDIT: sorry I put this back to Am I Infected...

Edited by boopme, 29 March 2012 - 01:16 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 sa91899

sa91899
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 29 March 2012 - 08:59 PM

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 29-03-2012 23:55:58
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-09-07] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-09-07] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-09-07] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1486392 2011-04-05] (McAfee, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273544 2011-05-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-08-19] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\Brooke\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-05-24] (Google Inc.)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2012-01-04] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [141192 2010-11-16] (Dell Products, LP.)
2 dirms_defragmentation; C:\Windows\System32\Cinemsup.dll [6656 2009-07-13] (Oak Technology Inc.)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-06-08] (Intel Corporation)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [509416 2010-10-07] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2011-04-14] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2011-04-14] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [149032 2011-04-14] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [355440 2010-03-10] (McAfee, Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
2 Toolbar Updater Service; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [199904 2011-03-24] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-03-03] (Intel Corporation)
3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)
3 NWADI; C:\Windows\System32\DRIVERS\NWADIenum.sys [247808 2008-06-02] (Novatel Wireless Inc)
3 NWUSBCDFIL64; C:\Windows\System32\Drivers\NWUSBCDFIL64.sys [25600 2008-07-07] (Novatel Wireless Inc.)
3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213120 2008-05-09] (Microsoft Corporation)
3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213120 2008-05-09] (Novatel Wireless Inc.)
3 SMSIVZAM5X64; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-03-20] (Smith Micro Inc.)
1 bfdhvqky; \??\C:\Windows\system32\drivers\bfdhvqky.sys [x]
1 bkaebnla; \??\C:\Windows\system32\drivers\bkaebnla.sys [x]
1 bkgocofn; \??\C:\Windows\system32\drivers\bkgocofn.sys [x]
1 lbufigad; \??\C:\Windows\system32\drivers\lbufigad.sys [x]
1 litettkl; \??\C:\Windows\system32\drivers\litettkl.sys [x]
3 mfeavfk01; [x]
1 nsdlmxtd; \??\C:\Windows\system32\drivers\nsdlmxtd.sys [x]
1 oplljmld; \??\C:\Windows\system32\drivers\oplljmld.sys [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
1 puxkjkaq; \??\C:\Windows\system32\drivers\puxkjkaq.sys [x]
1 pzumusvo; \??\C:\Windows\system32\drivers\pzumusvo.sys [x]
1 rzukkhbd; \??\C:\Windows\system32\drivers\rzukkhbd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: dirms_defragmentation

============ One Month Created Files and Folders ==============

2012-03-29 23:55 - 2012-03-29 23:55 - 0000000 ____D C:\FRST
2012-03-21 22:41 - 2012-03-26 15:08 - 0522634 ____A C:\Windows\ntbtlog.txt
2012-03-21 19:21 - 2012-01-31 07:44 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-03-21 19:07 - 2012-03-21 19:07 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-03-21 19:06 - 2012-03-21 19:07 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-03-21 19:05 - 2010-04-09 06:06 - 0374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-03-21 18:57 - 2012-03-21 18:58 - 10165440 ____A (Microsoft Corporation) C:\Users\Brooke\Downloads\mseinstall.exe

============ 3 Months Modified Files and Folders =============

2012-03-29 23:55 - 2012-03-29 23:55 - 0000000 ____D C:\FRST
2012-03-29 22:46 - 2011-03-27 23:02 - 1502621696 __ASH C:\hiberfil.sys
2012-03-26 15:08 - 2012-03-21 22:41 - 0522634 ____A C:\Windows\ntbtlog.txt
2012-03-21 22:02 - 2011-03-27 23:05 - 1116621 ____A C:\Windows\WindowsUpdate.log
2012-03-21 21:47 - 2011-05-24 07:56 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-21 21:25 - 2011-05-24 07:56 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-21 20:11 - 2011-07-05 16:42 - 0000000 ____D C:\Users\Brooke\Local Settings\ElevatedDiagnostics
2012-03-21 20:11 - 2011-07-05 16:42 - 0000000 ____D C:\Users\Brooke\Local Settings\Application Data\ElevatedDiagnostics
2012-03-21 20:11 - 2011-07-05 16:42 - 0000000 ____D C:\Users\Brooke\AppData\Local\ElevatedDiagnostics
2012-03-21 19:33 - 2011-05-23 21:26 - 0000000 ____D C:\Program Files (x86)\Ask.com
2012-03-21 19:25 - 2009-07-13 23:45 - 0013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-21 19:25 - 2009-07-13 23:45 - 0013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-21 19:20 - 2009-07-14 00:13 - 0747782 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-21 19:15 - 2011-04-05 13:12 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-03-21 19:15 - 2011-04-05 13:12 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-03-21 19:15 - 2011-04-05 13:12 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-03-21 19:15 - 2011-04-05 13:12 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-03-21 19:15 - 2011-04-05 13:12 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-03-21 19:15 - 2011-04-05 13:12 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-03-21 19:15 - 2011-03-28 00:03 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-03-21 19:14 - 2012-02-05 12:55 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-21 19:13 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-21 19:13 - 2009-07-13 23:51 - 0056450 ____A C:\Windows\setupact.log
2012-03-21 19:07 - 2012-03-21 19:07 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-03-21 19:07 - 2012-03-21 19:06 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-03-21 19:07 - 2011-05-04 22:19 - 0761932 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-21 18:58 - 2012-03-21 18:57 - 10165440 ____A (Microsoft Corporation) C:\Users\Brooke\Downloads\mseinstall.exe
2012-03-21 18:51 - 2011-04-05 13:10 - 0027805 ____A C:\stp.log
2012-03-21 18:48 - 2011-03-27 23:37 - 0081980 ____A C:\Windows\PFRO.log
2012-02-12 19:03 - 2012-01-15 11:08 - 0007084 ____A C:\Users\Brooke\Application Data\9677d2c3
2012-02-12 19:03 - 2012-01-15 11:08 - 0007084 ____A C:\Users\Brooke\AppData\Roaming\9677d2c3
2012-02-12 19:03 - 2012-01-15 11:08 - 0007060 ____A C:\Users\Brooke\Local Settings\Application Data\5cdd01cd
2012-02-12 19:03 - 2012-01-15 11:08 - 0007060 ____A C:\Users\Brooke\Local Settings\5cdd01cd
2012-02-12 19:03 - 2012-01-15 11:08 - 0007060 ____A C:\Users\Brooke\AppData\Local\5cdd01cd
2012-02-12 19:03 - 2012-01-15 11:08 - 0006984 ____A C:\Users\All Users\e26aa57b
2012-02-12 19:03 - 2012-01-15 11:08 - 0006984 ____A C:\Users\All Users\Application Data\e26aa57b
2012-02-12 19:03 - 2012-01-15 11:08 - 0006984 ____A C:\ProgramData\e26aa57b
2012-02-05 12:55 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\Resources
2012-01-31 07:44 - 2012-03-21 19:21 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-15 11:21 - 2011-04-05 13:13 - 0000000 ____D C:\Users\Brooke\Local Settings\VirtualStore
2012-01-15 11:21 - 2011-04-05 13:13 - 0000000 ____D C:\Users\Brooke\Local Settings\Application Data\VirtualStore
2012-01-15 11:21 - 2011-04-05 13:13 - 0000000 ____D C:\Users\Brooke\AppData\Local\VirtualStore
2012-01-15 11:19 - 2012-01-15 11:18 - 0004200 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2012-01-15 11:19 - 2011-05-24 07:52 - 0000000 ____D C:\Program Files (x86)\Java
2012-01-15 11:14 - 2011-09-04 16:51 - 0000000 ____D C:\Users\Brooke\Local Settings\Windows Live
2012-01-15 11:14 - 2011-09-04 16:51 - 0000000 ____D C:\Users\Brooke\Local Settings\Application Data\Windows Live
2012-01-15 11:14 - 2011-09-04 16:51 - 0000000 ____D C:\Users\Brooke\AppData\Local\Windows Live
2012-01-15 11:08 - 2012-01-15 11:08 - 0000000 ____D C:\Windows\system64
2012-01-15 11:08 - 2009-07-14 00:37 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2012-01-15 11:05 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\rescache
2012-01-15 03:29 - 2011-05-07 21:54 - 0000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-01-15 03:07 - 2011-06-24 21:05 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-14 21:24 - 2011-05-24 07:56 - 0000000 ____D C:\Users\Brooke\Local Settings\Google
2012-01-14 21:24 - 2011-05-24 07:56 - 0000000 ____D C:\Users\Brooke\Local Settings\Application Data\Google
2012-01-14 21:24 - 2011-05-24 07:56 - 0000000 ____D C:\Users\Brooke\AppData\Local\Google
2012-01-04 03:37 - 2011-03-27 23:54 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-01-04 03:37 - 2009-07-13 23:45 - 0274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-01-04 03:35 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\System


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 27%
Total physical RAM: 1910.68 MB
Available physical RAM: 1381.5 MB
Total Pagefile: 1910.68 MB
Available Pagefile: 1368.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.14 GB) (Free:171.59 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (LEXAR) (Removable) (Total:0.93 GB) (Free:0.75 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 959 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 218 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 DELLUTILITY FAT Partition 100 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D Recovery NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 959 MB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E LEXAR FAT32 Removable 959 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-21 20:02

======================= End Of Log ==========================

#5 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:10 PM

Posted 30 March 2012 - 05:18 AM

Hi sa91899m,

In addition to the below instructions, include in your post that your "computer doesn't boot and this may be caused by remnants of zeroaccess and / or malicious partition."
--------------------------

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#6 sa91899

sa91899
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 30 March 2012 - 11:27 PM

completed the steps in the guide and have started my topic in malware removal.

#7 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:02:10 PM

Posted 31 March 2012 - 10:18 AM

Since you have posted logs in Malware Removal Logs

Please refrain from asking for further help from other members or staff until the Malware Removal Team has checked your posted log. The Malware Removal Team work very hard to investigate a unique solution to your problem and you will receive individual expert assistance. This takes time and effort so we ask you to please be patient while waiting for assistance and NOT to make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member. Any modifications you make on your own can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the team member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

The Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean. If you followed any other advice already, please ensure you inform the Malware Removal Team Team Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One so it will report your topic to the team members.

This topic is now closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users