Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OS will not boot (boot looping) c0000135 %hs is missing


  • This topic is locked This topic is locked
12 replies to this topic

#1 frnhalo

frnhalo

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 13 April 2012 - 02:09 AM

To whom it may concern:

I know 90% percent of the posts are virus removal so here's one more. After the detection of malware and running the initial steps on removing it the computer has not been able to boot. It is a Windows 7 Home Premium x64 machine, I have not been able to boot into safe mode it just reboots all the time. I am unable to run sfc /scannow, cannot rebuild the BCD (no windows installation found), I have ran FRST64.exe and have attached the file. Attached File  FRST.txt   32.96KB   12 downloads

Please let me know if there's any saving this PC before wipe.

Edited by hamluis, 13 April 2012 - 05:00 AM.
Moved from Win 7 to Malware Removal Logs.

______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 13 April 2012 - 11:26 AM

:welcome:

Download the enclosed file.

Save it next to FRST in the USB drive.

Run FRST as you did before, except that this time around, click on the Fix button and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Boot in Normal Mode. If able to boot, follow these steps:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 frnhalo

frnhalo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 13 April 2012 - 09:00 PM

Thanks for the Reply. I'll go ahead and run and let you know.
______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 13 April 2012 - 09:20 PM

:thumbup2:

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 frnhalo

frnhalo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 13 April 2012 - 10:01 PM

Here are the files.
Attached File  Fixlog.txt   639bytes   4 downloads
Attached File  ComboFix.txt   19.07KB   3 downloads

Thanks for bring the computer back from the dead.
______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 13 April 2012 - 11:47 PM

Lets scan for remnants:

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 frnhalo

frnhalo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 15 April 2012 - 12:21 PM

Here are the other logs.
Attached File  mbam-log-2011-12-22 (03-45-29).txt   1.71KB   2 downloads
Attached File  ESETlog.txt   2.6KB   1 downloads
______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 15 April 2012 - 05:06 PM

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security check

Download and run Security Check by screen317 and post its report.

How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 frnhalo

frnhalo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 17 April 2012 - 12:02 PM

it's running smooth now. Thanks a lot. On a side note, what is required to become a member of the malware response team.
______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 17 April 2012 - 06:51 PM

Congratulations.

In regard to the training program you will need to apply here.

Let do some housekeeping:

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.

  • Rename Combofix to Uninstall and click on it. That should remove the application.

Remove the C:\FRST folder.

Manually remove any tool left.

The following is a list of tools and utilities that I like to suggest to people.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Make sure you update any application found outdated by Security Check.

Best wishes! Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 frnhalo

frnhalo
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 21 April 2012 - 07:31 PM

Thanks a lot for your help once again.
______________________________________
######################################
--------------------------------------

TINSTAAFL = There is no such thing as a free lunch.

Intel Core i7-3770K | Asus P8Z77V-Deluxe | XFX Radeon HD 7770 Black Edition

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 22 April 2012 - 05:57 PM

You are welcome. :)

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:31 AM

Posted 24 May 2012 - 08:32 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users