[JSntgRvr]

Sorry for the delay. Needed to know if ERD Commander has a search tool.

Using ERD Commander

Go to Start ->Search.

Search for the following strings independently:

DLLCACHE
HAL.DLL

If found, let me know their location.

[Advertisements]

Sorry for the delay. - Likewise, I kept reloading page 3 of the post

Using ERD Commander

Go to Start ->Search.

Search for the following strings independently:

DLLCACHE - not found
HAL.DLL - appears 6 times
C:\WINDOWS\$NtServicePackUnintall$
C:\WINDOWS\Driver Cach\i386\driver.cab
C:\WINDOWS\Driver Cach\i386\sp1.cab
C:\WINDOWS\Driver Cach\i386\sp2.cab
C:\WINDOWS\Service Pack Files\i386
C:\WINDOWS\Service Pack Files\i386\sp2.cab


If found, let me know their location

[BillPro]

Sorry for the delay. - Likewise, I kept reloading page 3 of the post

Using ERD Commander

Go to Start ->Search.

Search for the following strings independently:

DLLCACHE - not found
HAL.DLL - appears 6 times
C:\WINDOWS\$NtServicePackUnintall$
C:\WINDOWS\Driver Cach\i386\driver.cab
C:\WINDOWS\Driver Cach\i386\sp1.cab
C:\WINDOWS\Driver Cach\i386\sp2.cab
C:\WINDOWS\Service Pack Files\i386
C:\WINDOWS\Service Pack Files\i386\sp2.cab


If found, let me know their location

[JSntgRvr]

Hi, BillPro

That spells bad news. The entire System has been wiped-out of the computer. The only option would be to use the Recovery CD to perform a destructive restore of the computer to factory settings, or if the computer is not part of a brand name, it must be reformatted and the operating System re-installed.

I am very sorry. We still cannot say it was Combofix, as if that would had been the case, the operating system would had been recovered. Chances are there was a backdoor trojan that wiped the system once detected being removed. It is not the first case.

Do you need assistance with the use of the Recovery CD or Windows' installation?

[JSntgRvr]

It is past my bedtime. Will check on you in the AM.

Good night!

[sUBs]

Hello Bill. I'm sUBs. I made ComboFix.

Please tell me how C:\QooBox got renamed to C:\QooBox-OLD

[JSntgRvr]

In case you deleted some folders in the process, ERD Commander has a feature called 'File Restore'. See if that can find the files or folders deleted.

Keep us posted.

[BillPro]

Hello sUBs,

To answer your question regarding the Qoobox, below is the direction I followed that led me to change the Qoobox folder to QooBox-OLD.

Regards,
Bill

Hi, BillPro

Since the Recovery Console is booting to the Root directory and not to the Windows Folder, then I have to agree with steamwiz, that something happened after running Combofix. Please follow any of the Options below and let me know any problems you may encounter, and outcome:

First option:

Slave the drive in another compurer and follow the instructions similar to the instructions below to move the System32.vir folder to the Windows folder, then rename both, the System32.vir to System32 and the Qoobox folder to QooBox-OLD in this drive.

Second option:

Use ERD Commander:

We need a special tool from Microsoft. It's a hefty 64.3 MB download but it's worth the trouble.
Please download & install the Microsoft Diagnostics and Recovery Toolset

Once you have it installed, locate the file :

C:\Program Files\Microsoft Diagnostics and Recovery Toolset\erd50.iso

It's an ISO file which you may burn onto a CD.

Reboot the machine with the ISO CD








You will receive the above message. Ignore it & continue





From Desktop, double click on 'My Computer'

Navigate to C:\Qoobox\Quarantine\C\Windows

Right click on the System32.vir folder & select "Move To ..."





Move it to the C:\Windows folder

Then Navigate to the C:\Windows & rename the folder from System32.vir to System32

The C:\QooBox folder should also be renamed to C:\QooBox-OLD





Restart the machine & remove the CD.
With any luck, your machine shall be accessible again

[BillPro]

In case you deleted some folders in the process, ERD Commander has a feature called 'File Restore'. See if that can find the files or folders deleted.

Keep us posted.

I wouldn't put it past me. I'll give it a shot.

[BillPro]

Sorry for the delay. Needed to know if ERD Commander has a search tool.

Using ERD Commander

Go to Start ->Search.

Search for the following strings independently:

DLLCACHE
HAL.DLL

If found, let me know their location.

Neither file was found using the File Restore feature of the ERD. The search included deleted directories.

[JSntgRvr]

Hi, BillPro

There is no other option but to use the Recovery CD to perform a destructive restore of the computer to factory settings, or a reformat and reinstalling of the operating System.

[BillPro]

Hi, BillPro

That spells bad news. The entire System has been wiped-out of the computer. The only option would be to use the Recovery CD to perform a destructive restore of the computer to factory settings, or if the computer is not part of a brand name, it must be reformatted and the operating System re-installed.

I am very sorry. We still cannot say it was Combofix, as if that would had been the case, the operating system would had been recovered. Chances are there was a backdoor trojan that wiped the system once detected being removed. It is not the first case.

Do you need assistance with the use of the Recovery CD or Windows' installation?

Well then, to answer your question...Yes I could use some guidance on a fresh install. I do have an external hard drive that I've used Bounce Back to keep a second copy of my data. Obviously I'm concerned that the drive is harboring one or more of whatever brought down my internal drive.

[JSntgRvr]

Hi, BillPro

I do have an external hard drive that I've used Bounce Back to keep a second copy of my data. Obviously I'm concerned that the drive is harboring one or more of whatever brought down my internal drive.

You have better chances winning the lottery. Don't worry about that.

Installing Windows XP is easy.

• Have the Product Key available. Without it you wont be able to install.
• Disconnect all peripherals from the computer. Nothing should be connected to the computer.
• Insert the Windows XP CD into your CD or DVD drive, and then restart the computer.
• When you see the "Press any key to boot from CD" message, press any key to start the computer from the Windows XP CD.
• At the Welcome to Setup screen, press ENTER to start Windows XP Setup.
• Follow the instructions on the screen to select and format the C: partition (The partition where you want to install Windows XP).
• Follow the instructions on the screen to complete Windows XP Setup.

[JSntgRvr]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.