[Cat5]

Hi Agent ST,

Here is the update. The computer would not boot normally. It gave me the following message, Windows root>\system32\hal.dll Please re-install a copy of the above file.

Thank you :-)

[Advertisements]

Hi!

Please boot back into OTLPE and open up OTL and run this OTL fix for me:

OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Services
  :Processes
  KILLALLPROCESSES
  :OTL
  DRV - [2011/09/03 15:05:17 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\3415913608 -- (88b49acb)
  O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast") - File not found
  [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [2011/09/03 15:05:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3415913608
  [2011/09/02 06:46:39 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\aqaeidou.dll
  [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
  
  :Reg
  
  :Files
  echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Extra Registry select Use Safe List
• Under Custom Scan paste this in
  

  
  netsvcs
  drivers32
  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %ALLUSERSPROFILE%\Start Menu\*.lnk /x
  %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
  %PROGRAMFILES%\Internet Explorer\*.tmp
  %PROGRAMFILES%\Internet Explorer\*.dat
  %USERPROFILE%\*.exe
  /md5start
  hal.dll
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  /md5stop
  %ProgramFiles%\Microsoft Common\*.*
  %USERPROFILE%\Favorites\*.url /x
  %USERPROFILE%\Cookies\*.txt /x
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

[SweetTech]

Hi!

Please boot back into OTLPE and open up OTL and run this OTL fix for me:

OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Services
  :Processes
  KILLALLPROCESSES
  :OTL
  DRV - [2011/09/03 15:05:17 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\3415913608 -- (88b49acb)
  O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast") - File not found
  [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [2011/09/03 15:05:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3415913608
  [2011/09/02 06:46:39 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\aqaeidou.dll
  [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
  
  :Reg
  
  :Files
  echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Extra Registry select Use Safe List
• Under Custom Scan paste this in
  

  
  netsvcs
  drivers32
  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %ALLUSERSPROFILE%\Start Menu\*.lnk /x
  %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
  %PROGRAMFILES%\Internet Explorer\*.tmp
  %PROGRAMFILES%\Internet Explorer\*.dat
  %USERPROFILE%\*.exe
  /md5start
  hal.dll
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  /md5stop
  %ProgramFiles%\Microsoft Common\*.*
  %USERPROFILE%\Favorites\*.url /x
  %USERPROFILE%\Cookies\*.txt /x
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

[Cat5]

Hi Agent ST,

I've been absolutely swamped at work. I won't be able to work on the computer until some point tomorrow.
I hope you are having a good weekend so far!

[SweetTech]

Hi Cat5!

Thanks for letting me know you're still with me.

I'm so glad the weekend is finally here!! I hope you're enjoying the weekend as well!

Kindest Regards,
Agent ST

[Cat5]

Hi Agent ST,

I tried to boot back into OTLPE and again it was giving me the Runscanner error Target folder is not Windows 2000 or later message. I ran the CHKDSK utility and re-booted, now that won't even work and it is still giving me the error message.

[SweetTech]

Hi Cat5!

Oh no!! That is not good at all! This infection is pretty nasty and it appears it's done some pretty severe damage to your computer.

At this point, I think your best option is going to be to reformat and re-install your operating system.

I wish the results could have been different, but we've reached the end of the line in terms of what we can do to try and remove the infection and recover the infection.

Kindest Regards,
ST.

[Cat5]

Hi Agent St,

I was afraid that was going to be the result. Do you know if there is a way to back up my data at this point? Thankfully nothing major is stored on that computer, but it does contain all of my pictures and music files and I would like to retrieve them if possible. Oh man I don't even have a clue where my Windows disk even is. This should be fun! Thank you so much for all of your help!

[SweetTech]

I know a colleague of mine mentioned the use of a commercial recovery software, but they had no idea how successful it would be nor, which one would work the best.

I'm going to suggest that you post in the Windows XP forum and see if the techs have any suggestions for things to try and retrieve some of the data off of it.

When you post in the Windows XP forum, please post a link back here to the new thread, so that I can follow it, and ensure that a tech responds to it.

Kindest Regards,
ST.

[Cat5]

http://www.geekstogo..._1#entry2071068

Here is the link to the data recovery topic in the XP forum. I am about to try what has been suggested, maybe for some crazy reason it will actually let me access the drive this time.

[SweetTech]

[SweetTech]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.