[sasba858]

She is better and may be able to go home from the hospital today. Thank you for asking.




Here is the aswMBR log:

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-24 10:08:17
-----------------------------
10:08:17.015 OS Version: Windows 5.1.2600 Service Pack 3
10:08:17.015 Number of processors: 2 586 0x170A
10:08:17.015 ComputerName: LAPTOP UserName:
10:08:21.109 Initialize success
10:08:21.234 AVAST engine defs: 11122301
10:08:58.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:08:58.953 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
10:08:58.968 Disk 0 MBR read successfully
10:08:58.984 Disk 0 MBR scan
10:08:58.984 Disk 0 Windows VISTA default MBR code
10:08:58.984 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:08:58.984 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 476899 MB offset 81920
10:08:59.000 Disk 0 scanning sectors +976771120
10:08:59.062 Disk 0 scanning C:\WINDOWS\system32\drivers
10:09:07.000 Service scanning
10:09:08.062 Modules scanning
10:09:14.812 Disk 0 trace - called modules:
10:09:14.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:09:14.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad13558]
10:09:14.843 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8ad20028]
10:09:18.187 AVAST engine scan C:\WINDOWS
10:09:31.671 AVAST engine scan C:\WINDOWS\system32
10:11:26.343 AVAST engine scan C:\WINDOWS\system32\drivers
10:11:44.562 AVAST engine scan C:\Documents and Settings\My Name
10:20:20.359 AVAST engine scan C:\Documents and Settings\All Users
10:22:48.375 Scan finished successfully
10:23:05.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\My Name\Desktop\MBR.dat"
10:23:05.281 The log file has been saved successfully to "C:\Documents and Settings\My Name\Desktop\aswMBR.txt"

Edited by sasba858, 24 December 2011 - 10:33 AM.

[Advertisements]

That looks good - what problems remaining ?

[Essexboy]

That looks good - what problems remaining ?

[sasba858]

I have not been having any type of virus related problems since I did the system restore a few days ago.

Why at startup is there a popup window with the options for the Windows XP Professional coming up?
My laptop never use to do that before.

If there any other programs you want me to run to double check for possibly a hidden virus?


Oh! one more thing.

This started a while back even before the know virus happened. After my Avast completes it's scan, at the end I get a message saying "Some files could not be scanned" When I click the log there is a pretty long list of files that say "they may be password protected" It will allow me to select (move to chest, delete, repair, ect...) but it OK button is a dull color and will not allow those selections to work. Make note: This is also happening on my host laptop as well after the Avast scan.

Edited by sasba858, 24 December 2011 - 12:39 PM.

[Essexboy]

With regards to Avast the files are password protected so it cannot scan them, it does not mean that they are infected

When do you get this popup ?

Is it on a menu at the beginning where you have the option to select operating systems
Or is it when windows arrives at the desktop

[sasba858]

Reread the last paragraph of my last post, as you must have missed when it is happening. It is a small pop-up by the tray after the scan in complete. If you click on the pop-up to see the details, a log pops up which I explain in the last paragraph of the post above. It does not allow any options to be taken.

The popup window with the options for the Windows XP Professional is at startup when you turn on the laptop. It automatically goes to Windows XP Professional without having to hit any keys.

[Essexboy]

Reference Avast we have had a lot of discussion on the forum (Avast) about the wording of that explanation... We are trying to get it changed to something that is not as scary

What happens is that a file has a password attached to it by the programme that uses the file (normally security software) and as Avast does not know the password it is unable to scan that file for malware. However, for that file to be activated it must be unlocked by the parent programme. At this stage then the Avast file and net shields will be able to scan the file on opening and if it is malicious it will be dealt with .


To stop the OS menu

1.Open Computer Management.
2.In the console tree, right-click Computer Management (Local), and then
select Properties.
3.On the Advanced tab, under Startup and Recovery, click Settings.
4.Select Time to display list of operating systems box, and then enter the
number of seconds the list should be displayed before the default operating
system starts automatically. (to not see it set it to 0)

[sasba858]

I have 2 more questions for you wherever you get the time.

1. When I went in the OS menu the time was set at 2 seconds. I changed it to 0 seconds and it no longer appears at Startup. Why did it change from 0 to 2 seconds since we started working to correct the virus?

2. I have been having the "an add-on for this website failed to run. check the security settings" message in the information bar, for plenty of websites that I go to, like this one here did a few minutes ago. How do I correct this in my internet setting?


Merry Christmas Essexboy! Have a nice Christmas.

Edited by sasba858, 24 December 2011 - 11:26 PM.

[Essexboy]

The change was done by combofix to enable quick access to the recovery console if needed

Go to control panel > Internet options
On the Security tab select default settings

On the advanced tab select restore advanced settings

Restart IE and let me know if that is OK

[sasba858]

So far so good with changing them settings. I will let you know when I have more time to go into other sites.


Is there any other programs I can download and run, to double check that the virus is gone, or might be hiding out somewhere?

[Essexboy]

There is one further really deep virus scan we can run.. This will take several hours and will be run from a boot CD so that windows is totally inactive whilst it runs

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn

• Double click Dr Web
• IMGBurn will open
• Burn the ISO to a cd

• Reboot the infected computer with the CD in the drive
• Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
• As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
  
  
  
• Use arrow keys to select DrWeb-LiveCD (Default)
  
• When the system is loaded, check the disks or folders you want to scan, and click on “Start”.
  
  
  
• The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
• Once completed reboot to normal windows
• No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[sasba858]

Hi friends,

I went into my laptop for the first time in a month last night, and my windows froze, so I turn it off by way of the power button. When I turned it back on it went to the screen that says Safe Mode, Safe Mode Networking, Last know configuration that worked, etc... I tried all of the options and every one of them have the same thing happening. None of the options work. After it goes to load windows I get this green message flash for an instant (I caught the error message by way of my video camera)it says "Unmountable_Boot_Volume" (as seen in the attachment below) then my computer repeats these steps over and over again.

What should I do?

Technical Information:

(***STOP:0X000000ED" (0x8AD0FC30, 0xC0000185, 0x00000000, 0x00000000).

Attached Thumbnails

• 

[Essexboy]

Returned

[Essexboy]

On the boot menu options is recovery console available ?

[sasba858]

On the boot menu options is recovery console available ?

no, they have these options:

cd/dvd/cd-drive
haed drive
diagnostice
removeable devices
network

<enter Setup>

Edited by sasba858, 30 January 2012 - 04:44 PM.