Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR:whistler-c[rtk]


  • This topic is locked This topic is locked
4 replies to this topic

#1 alexalexx

alexalexx

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 28 June 2013 - 03:53 PM

Okay,i havent had much data on this thing so i guess i need help from the beginning,i do not know what to do next,i only got name of the topic in my anti virus avast!,and i know It can not be deleted or quarantined.

Here are the logs

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6002.18005  BrowserJavaVersion: 10.25.2
Run by sale at 22:28:53 on 2013-06-28
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.385.1033.18.3036.1284 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\SPlayer\splayer.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
uURLSearchHooks: Winamp Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - LocalServer32 - <no file>
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mURLSearchHooks: Winamp Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - LocalServer32 - <no file>
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.10.0\bh\delta.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - LocalServer32 - <no file>
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10a.exe
mExplorerRun: [Microsoft Driver Setup] c:\windows\system32\drivers\xfgni.exe
StartupFolder: c:\users\sale\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - LocalServer32 - <no file>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4D4931EC-D233-421A-B300-EA8F3C03F5B9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{71B4AE95-EE39-415D-BA69-532E7B33361F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BFF8FB84-86B2-4C92-B572-C4D92B81CFD8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F1B4890E-C3D9-4BD1-80B4-CEBAA767DD2C} : DHCPNameServer = 212.91.97.3 212.91.97.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-26 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-26 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-26 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-26 369584]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-26 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-26 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-26 46808]
R2 BrowserProtect;BrowserProtect;c:\programdata\browserprotect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-6-4 3085264]
R2 camsvc;TOSHIBA Web Camera Service;c:\program files\toshiba\toshiba web camera application\TWebCameraSrv.exe [2009-8-24 20544]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-14 12672]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2009-3-23 116104]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-8-24 62776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-24 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-4-15 656752]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-3-21 12920]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-8-24 22272]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-5-7 112640]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-6-8 29744]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-12-8 7680]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2012-12-24 247808]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2012-1-10 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2012-1-10 104960]
.
=============== Created Last 30 ================
.
2013-06-28 17:45:39 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-26 00:08:39 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-26 00:08:39 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-26 00:08:38 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-26 00:08:32 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-26 00:07:53 41664 ----a-w- c:\windows\avastSS.scr
2013-06-26 00:07:19 -------- d-----w- c:\program files\AVAST Software
2013-06-26 00:06:14 -------- d-----w- c:\programdata\AVAST Software
2013-06-25 22:09:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-25 22:09:52 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-25 19:44:41 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 19:43:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 19:30:54 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0972e804-fa5f-40a6-908b-c8a132071fb6}\offreg.dll
2013-06-25 19:15:32 -------- d-----w- c:\users\sale\appdata\local\ESET
2013-06-25 15:22:14 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-25 09:17:44 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-24 22:33:13 -------- d-----w- c:\programdata\?˘?˘????????????????????p???????
2013-06-24 15:53:36 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-24 09:11:22 -------- d-----w- c:\programdata\??Ä?8520-1533-40C5-AD09-953C574F14BCÄ?
2013-06-23 20:42:40 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-22 08:17:04 -------- d-----w- c:\programdata\?(?(Ä(?(8520-1533-40C5-AD09-953C574F14BCÄ(?(
2013-06-21 16:09:50 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-21 00:02:02 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0972e804-fa5f-40a6-908b-c8a132071fb6}\mpengine.dll
2013-06-20 07:15:27 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-19 05:40:55 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-17 07:28:01 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-16 07:20:36 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-15 17:42:48 -------- d-----w- c:\programdata\????????????????????????p???????
2013-06-15 16:09:46 -------- d-----w- c:\programdata\?­?­Ä­?­8520-1533-40C5-AD09-953C574F14BCÄ­?­
2013-06-14 18:03:38 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-13 15:35:39 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-13 06:55:44 -------- d-----w- c:\programdata\?°?°Ä°?°8520-1533-40C5-AD09-953C574F14BCÄ°?°
2013-06-10 19:12:17 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-06-10 19:12:14 -------- d-----w- c:\users\sale\appdata\roaming\File Scout
2013-06-09 08:12:19 -------- d-----w- c:\programdata\??Ä?8520-1533-40C5-AD09-953C574F14BCÄ?
2013-06-08 19:20:27 -------- d--h--w- c:\windows\msdownld.tmp
2013-06-08 19:20:27 -------- d-----w- c:\windows\system32\directx
2013-06-08 19:05:51 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-08 15:53:47 -------- d-----w- c:\program files\Call of Juarez Gunslinger
2013-06-08 05:59:28 -------- d-----w- c:\programdata\????????????????????????p???????
2013-06-06 07:36:49 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-05 21:58:49 -------- d-----w- c:\programdata\?E?EÄE?E8520-1533-40C5-AD09-953C574F14BCÄE?E
2013-06-05 08:16:32 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-04 06:48:53 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-03 06:52:46 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-02 19:39:51 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-02 09:28:21 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-01 21:02:29 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
2013-06-01 08:38:42 -------- d-----w- c:\programdata\????????????????????????p???????
2013-05-31 10:16:33 -------- d-----w- c:\programdata\????Ä???8520-1533-40C5-AD09-953C574F14BCÄ???
.
==================== Find3M  ====================
.
2013-06-25 19:43:41 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-02 00:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:35:09,02 ===============

Attached Files


Edited by alexalexx, 28 June 2013 - 03:54 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:40 PM

Posted 28 June 2013 - 08:28 PM

Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 alexalexx

alexalexx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 29 June 2013 - 04:18 AM

Hi there,i read all above and i could not make it happen,i have wvista and it is different than it is in win7,so i looked up and come across this site http://www.vistax64.com/tutorials/141820-create-recovery-disc.html

so i tried to do steps from it but i couldnt take ownership over recdisc.exe file and got stuck here.

As my USB ports do not work properly(every time i insert flash win asks me to format disc,when i do i get blue screen)i cant use SRO from the advanced boot options.

And to enter SRO from dvd-rom i couldnt make the repair disc because i cant replace recdisc.exe file.

What should i do next?



#4 alexalexx

alexalexx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 29 June 2013 - 07:19 AM

Hi again,just to tell you that i called my friend and he is a expert in this kind of things so i wont be needing help anymore.

Thank u for your trouble and time and have a nice day!Cheers!



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:40 PM

Posted 29 June 2013 - 08:09 AM

Thanks for the feedback. I am therefore closing this topic.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users