Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer won't boot after maleware removal - Need help ASAP Please


  • Please log in to reply

#1
inventinc

inventinc

    Member

  • Member
  • PipPip
  • 11 posts
My desktop computer received a malware virus a week ago, so I downloaded malwarebytes, avast and avg. Scanned with all 3 and all of them caught infections.
When I went to reset my computer it stayed in the windows logo loading screen for 10 seconds then proceeded to restart. This time it gave me the option to repair. Thinking repair might solve the problem I waited for it to load for 30 minutes... nope.

I can't even get into safe-mode...


I downloaded a few boot repair CD's and none of them seemed to work. The only cd that seemed to help was the AVG Rescue CD but that never deleted
any infection. It let me go into my driver and view my files, it also gave me the option to delete so I deleted all 3 programs which still didn't seem to help...

Update:
I just downloaded Ultimate Boot CD and it has ton's of option's concerning non bootable hard drives, I don't understand any of it though so I need someones help. I really need help ASAP.

I also do not have my Window 7 Cd my ex took it and won't give it back.
Thanks.

Edited by JSntgRvr, 27 April 2012 - 09:36 PM.
Removed link to skype to avoid spam.

  • 0

Advertisements


#2
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Welcome to GTG.

Let's do the following.

  • Connect your USB stick to a clean computer.
  • From the clean computer, copy the following and paste it into a Notepad file.

    /md5start
    UXTHEME.DLL
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    userinit.exe
    explorer.exe
    winlogon.exe
    ntoskrnl.exe
    /md5stop
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\System32\config\*.sav


  • Save the Notepad file to your USB stick. Save it as scan.txt
  • Download OTLPEStd.exe to your desktop.
  • Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe. The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
  • Once the CD is burned, boot the Non working computer using the boot CD you just created. For more information, click here
    • Don't forget to connect the USB stick to the computer before you boot from the CD.
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste the contents of the Notepad file that you previously saved to your USB stick (scan.txt)
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
inventinc

inventinc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks Amlak for accepting to help me, I will give this a go and post back within the hour.



EDIT: Once I get into the Reatogo-X-PE's desktop I click OTLPE and it doesn't ask me the following:

•When asked "Do you wish to load the remote registry", select Yes

•When asked "Do you wish to load remote user profile(s) for scanning", select Yes

•Ensure the box "Automatically Load All Remaining Users" is checked and press OK


It opens up a browse for folder menu and when ever I click anything It opens up with a message box saying "Target is not windows 2000 or later"

Any ideas?


EDIT:
Never mind I got it working, I just needed to select the Windows folder in my driver, I hope that is the right one it seems to be working. It's scanning right now.

Edited by inventinc, 28 April 2012 - 03:48 PM.

  • 0

#4
inventinc

inventinc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
EDIT: Attachment below.

Attached Files

  • Attached File  OTL.Txt   993.83KB   54 downloads

Edited by inventinc, 28 April 2012 - 04:24 PM.

  • 0

#5
inventinc

inventinc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I don't think I attached it properly. Here it is again.

Edit: Never mind both attachments work fine, both are the same file anyone of the two is fine to download.
Thanks. (Sorry for the double post's) :upset:


EDIT: Thanks for your time, I know you could be off doing something else but you are helping me :)

Attached Files

  • Attached File  OTL.Txt   993.83KB   52 downloads

Edited by inventinc, 28 April 2012 - 11:02 PM.

  • 0

#6
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
No worries. I'm just waiting for my next fix to be approved as I'm still "in training". Might take a day depending on the circumstances.

But to give you an update, you do still have traces of malware that need to be removed, but we have to see if removing them actually boots you back into Windows. If not, might either have you fix the MBR or remove Avast and AVG as they could be causing some conflicts together hindering you from entering the system.

Edited by Amlak, 29 April 2012 - 03:51 AM.

  • 0

#7
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
  • Connect your USB stick to a clean computer.
  • From the clean computer, copy the following and paste it into a Notepad file.

    :OTL
    O4 - HKU\Me2_ON_E..\Run: [eFnStcmpnllsRFa.exe]  File not found
    O33 - MountPoints2\{c186eaf3-a383-11df-93b1-6c626d859261}\Shell - "" = AutoRun
    O33 - MountPoints2\{c186eaf3-a383-11df-93b1-6c626d859261}\Shell\AutoRun\command - "" = D:\INSTALL.EXE
    O33 - MountPoints2\{d0ae8f07-a383-11df-979a-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{d0ae8f07-a383-11df-979a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SessionViewer.exe
    [2012/01/03 04:16:22 | 000,009,644 | -HS- | M] () -- E:\ProgramData\023dk45ia10f34608670dfrpdm0o820wgx6xe87584i
    [2012/01/02 04:15:22 | 000,000,424 | ---- | M] () -- E:\ProgramData\FBVqYbR5GqhP7p
    [2012/01/02 04:12:48 | 000,000,296 | ---- | M] () -- E:\ProgramData\~FBVqYbR5GqhP7p
    [2012/01/02 04:12:48 | 000,000,208 | ---- | M] () -- E:\ProgramData\~FBVqYbR5GqhP7pr
    [2012/01/02 04:12:45 | 000,000,677 | ---- | M] () -- E:\Users\Me2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/02 04:12:45 | 000,000,653 | ---- | M] () -- E:\Users\Me2\Desktop\System Check.lnk
    [2011/12/31 01:36:40 | 000,006,614 | -HS- | M] () -- E:\Users\Logan\AppData\Local\777oox81e458wv24i5vsi4k330570p60t8650
    [2011/12/31 01:36:40 | 000,006,614 | -HS- | M] () -- E:\ProgramData\777oox81e458wv24i5vsi4k330570p60t8650
    [2012/01/03 04:18:55 | 000,009,644 | -HS- | C] () -- E:\ProgramData\023dk45ia10f34608670dfrpdm0o820wgx6xe87584i
    [2012/01/02 04:12:48 | 000,000,296 | ---- | C] () -- E:\ProgramData\~FBVqYbR5GqhP7p
    [2012/01/02 04:12:48 | 000,000,208 | ---- | C] () -- E:\ProgramData\~FBVqYbR5GqhP7pr
    [2012/01/02 04:12:45 | 000,000,677 | ---- | C] () -- E:\Users\Me2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/02 04:12:45 | 000,000,653 | ---- | C] () -- E:\Users\Me2\Desktop\System Check.lnk
    [2012/01/02 04:12:40 | 000,000,424 | ---- | C] () -- E:\ProgramData\FBVqYbR5GqhP7p
    [2011/12/31 01:32:31 | 000,006,614 | -HS- | C] () -- E:\Users\Logan\AppData\Local\777oox81e458wv24i5vsi4k330570p60t8650
    [2011/12/31 01:32:31 | 000,006,614 | -HS- | C] () -- E:\ProgramData\777oox81e458wv24i5vsi4k330570p60t8650
    [E:\Windows\system64] -> \systemroot\system32 -> Mount Point
    :COMMANDS
    [emptytemp]
    
  • Save the Notepad file to your USB stick. Save it as fix.txt
  • Boot the Non working computer using the boot CD you just created. For more information, click here
    • Don't forget to connect the USB stick to the computer before you boot from the CD.
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Paste in the contents of the Notepad file that you previously saved to your USB stick (fix.txt)
  • Press Run Fix.
  • When finished, a text file should pop up.
  • Copy the contents of the text file and paste them in a new text file saved in your USB drive.
  • Please post the contents of the text file in your next reply. Also, tell me if you can now reboot normally into Windows.

Edited by Amlak, 29 April 2012 - 05:44 AM.

  • 0

#8
inventinc

inventinc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I did the fix twice because the first .txt closed on me so I did it again and found where the file location was for the first scan, could doing more then one fix cause any problems?
Also would I have needed to do these steps?

◦Change Drivers to All

◦Change Standard Registry to All


Windows does not start. Here is the fix txt.

Attached Files


Edited by inventinc, 29 April 2012 - 11:45 AM.

  • 0

#9
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Ok, let's try out this newer tool.

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#10
inventinc

inventinc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
When in the advanced boot menu there is no "repair your computer" option.
  • 0

Advertisements


#11
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Ok, I've been told that it should work with the Reatogo environment (the program that I instructed you earlier to burn to that CD).

So make sure the flash drive is connected.

Then boot from that CD, and when the Reatogo desktop is fully loaded, click the Start menu and then Run, and type in cmd and then press Enter.

In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#12
inventinc

inventinc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks, I will do this now. I had a hunch there was command prompt in X-PE.

It took me awhile but X-PE wouldn't let me open FRST64 so I finally found a way to open up command prompt and run the exe with another program.

Edited by inventinc, 30 April 2012 - 03:49 PM.

  • 0

#13
inventinc

inventinc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the FRST.txt

Attached Files

  • Attached File  FRST.txt   526.77KB   70 downloads

  • 0

#14
inventinc

inventinc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for everyone's help I appreciate it alot. Keep up the good work guys!

I have successfully fixed my computer as of today.

Thanks everyone!
  • 0

#15
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
That's some good news. Glad it went well with you. I was awaiting my next fix to be approved, but it looks like it's no longer needed.

Would you like me to still check your system out with you for any traces of malware left?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP