[inventinc]

My desktop computer received a malware virus a week ago, so I downloaded malwarebytes, avast and avg. Scanned with all 3 and all of them caught infections.
When I went to reset my computer it stayed in the windows logo loading screen for 10 seconds then proceeded to restart. This time it gave me the option to repair. Thinking repair might solve the problem I waited for it to load for 30 minutes... nope.

I can't even get into safe-mode...


I downloaded a few boot repair CD's and none of them seemed to work. The only cd that seemed to help was the AVG Rescue CD but that never deleted
any infection. It let me go into my driver and view my files, it also gave me the option to delete so I deleted all 3 programs which still didn't seem to help...

Update:
I just downloaded Ultimate Boot CD and it has ton's of option's concerning non bootable hard drives, I don't understand any of it though so I need someones help. I really need help ASAP.

I also do not have my Window 7 Cd my ex took it and won't give it back.
Thanks.

[Amlak]

Welcome to GTG.

Let's do the following.

• Connect your USB stick to a clean computer.
  
• From the clean computer, copy the following and paste it into a Notepad file.
  
  
  /md5start
  UXTHEME.DLL
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  userinit.exe
  explorer.exe
  winlogon.exe
  ntoskrnl.exe
  /md5stop
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  %systemroot%\System32\config\*.sav
  
  
  
• Save the Notepad file to your USB stick. Save it as scan.txt
  
• Download OTLPEStd.exe to your desktop.
  
• Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe. The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
  
• Once the CD is burned, boot the Non working computer using the boot CD you just created. For more information, click here
  
  • Don't forget to connect the USB stick to the computer before you boot from the CD.
  
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
  • Change Drivers to All
    
  • Change Standard Registry to All
    
  • Under the Custom Scan box paste the contents of the Notepad file that you previously saved to your USB stick (scan.txt)
  
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\OTL.txt
  
• Copy this file to your USB drive.
  
• Please post the contents of the C:\OTL.txt file in your reply.

[inventinc]

Thanks Amlak for accepting to help me, I will give this a go and post back within the hour.



EDIT: Once I get into the Reatogo-X-PE's desktop I click OTLPE and it doesn't ask me the following:

•When asked "Do you wish to load the remote registry", select Yes

•When asked "Do you wish to load remote user profile(s) for scanning", select Yes

•Ensure the box "Automatically Load All Remaining Users" is checked and press OK

It opens up a browse for folder menu and when ever I click anything It opens up with a message box saying "Target is not windows 2000 or later"

Any ideas?


EDIT: Never mind I got it working, I just needed to select the Windows folder in my driver, I hope that is the right one it seems to be working. It's scanning right now.

[inventinc]

EDIT: Attachment below.

Attached File(s)

•  OTL.Txt (993.83K)
  Number of downloads: 24

[inventinc]

I don't think I attached it properly. Here it is again.

Edit: Never mind both attachments work fine, both are the same file anyone of the two is fine to download.
Thanks. (Sorry for the double post's)


EDIT: Thanks for your time, I know you could be off doing something else but you are helping me

Attached File(s)

•  OTL.Txt (993.83K)
  Number of downloads: 22

[Amlak]

No worries. I'm just waiting for my next fix to be approved as I'm still "in training". Might take a day depending on the circumstances.

But to give you an update, you do still have traces of malware that need to be removed, but we have to see if removing them actually boots you back into Windows. If not, might either have you fix the MBR or remove Avast and AVG as they could be causing some conflicts together hindering you from entering the system.

[Amlak]

• Connect your USB stick to a clean computer.
  
• From the clean computer, copy the following and paste it into a Notepad file.
  
  

  :OTL
  O4 - HKU\Me2_ON_E..\Run: [eFnStcmpnllsRFa.exe]  File not found
  O33 - MountPoints2\{c186eaf3-a383-11df-93b1-6c626d859261}\Shell - "" = AutoRun
  O33 - MountPoints2\{c186eaf3-a383-11df-93b1-6c626d859261}\Shell\AutoRun\command - "" = D:\INSTALL.EXE
  O33 - MountPoints2\{d0ae8f07-a383-11df-979a-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{d0ae8f07-a383-11df-979a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SessionViewer.exe
  [2012/01/03 04:16:22 | 000,009,644 | -HS- | M] () -- E:\ProgramData\023dk45ia10f34608670dfrpdm0o820wgx6xe87584i
  [2012/01/02 04:15:22 | 000,000,424 | ---- | M] () -- E:\ProgramData\FBVqYbR5GqhP7p
  [2012/01/02 04:12:48 | 000,000,296 | ---- | M] () -- E:\ProgramData\~FBVqYbR5GqhP7p
  [2012/01/02 04:12:48 | 000,000,208 | ---- | M] () -- E:\ProgramData\~FBVqYbR5GqhP7pr
  [2012/01/02 04:12:45 | 000,000,677 | ---- | M] () -- E:\Users\Me2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
  [2012/01/02 04:12:45 | 000,000,653 | ---- | M] () -- E:\Users\Me2\Desktop\System Check.lnk
  [2011/12/31 01:36:40 | 000,006,614 | -HS- | M] () -- E:\Users\Logan\AppData\Local\777oox81e458wv24i5vsi4k330570p60t8650
  [2011/12/31 01:36:40 | 000,006,614 | -HS- | M] () -- E:\ProgramData\777oox81e458wv24i5vsi4k330570p60t8650
  [2012/01/03 04:18:55 | 000,009,644 | -HS- | C] () -- E:\ProgramData\023dk45ia10f34608670dfrpdm0o820wgx6xe87584i
  [2012/01/02 04:12:48 | 000,000,296 | ---- | C] () -- E:\ProgramData\~FBVqYbR5GqhP7p
  [2012/01/02 04:12:48 | 000,000,208 | ---- | C] () -- E:\ProgramData\~FBVqYbR5GqhP7pr
  [2012/01/02 04:12:45 | 000,000,677 | ---- | C] () -- E:\Users\Me2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
  [2012/01/02 04:12:45 | 000,000,653 | ---- | C] () -- E:\Users\Me2\Desktop\System Check.lnk
  [2012/01/02 04:12:40 | 000,000,424 | ---- | C] () -- E:\ProgramData\FBVqYbR5GqhP7p
  [2011/12/31 01:32:31 | 000,006,614 | -HS- | C] () -- E:\Users\Logan\AppData\Local\777oox81e458wv24i5vsi4k330570p60t8650
  [2011/12/31 01:32:31 | 000,006,614 | -HS- | C] () -- E:\ProgramData\777oox81e458wv24i5vsi4k330570p60t8650
  [E:\Windows\system64] -> \systemroot\system32 -> Mount Point
  :COMMANDS
  [emptytemp]
  

  
  
  
• Save the Notepad file to your USB stick. Save it as fix.txt
  
• Boot the Non working computer using the boot CD you just created. For more information, click here
  
  • Don't forget to connect the USB stick to the computer before you boot from the CD.
  
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start.
  
• Paste in the contents of the Notepad file that you previously saved to your USB stick (fix.txt)
  
• Press Run Fix.
  
• When finished, a text file should pop up.
  
• Copy the contents of the text file and paste them in a new text file saved in your USB drive.
  
• Please post the contents of the text file in your next reply. Also, tell me if you can now reboot normally into Windows.

[inventinc]

I did the fix twice because the first .txt closed on me so I did it again and found where the file location was for the first scan, could doing more then one fix cause any problems?
Also would I have needed to do these steps?

◦Change Drivers to All

◦Change Standard Registry to All

Windows does not start. Here is the fix txt.

Attached File(s)

•  08092010_011141.log (6.99K)
  Number of downloads: 20

[Amlak]

Ok, let's try out this newer tool.

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


• Select Command Prompt
  
• In the command window type in notepad and press Enter.
  
• The notepad opens. Under File menu select Open.
  
• Select "Computer" and find your flash drive letter and close the notepad.
  
• In the command window type e:\frst64 and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
  
• The tool will start to run.
  
• When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[inventinc]

When in the advanced boot menu there is no "repair your computer" option.

[Amlak]

Ok, I've been told that it should work with the Reatogo environment (the program that I instructed you earlier to burn to that CD).

So make sure the flash drive is connected.

Then boot from that CD, and when the Reatogo desktop is fully loaded, click the Start menu and then Run, and type in cmd and then press Enter.

In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[inventinc]

Thanks, I will do this now. I had a hunch there was command prompt in X-PE.

It took me awhile but X-PE wouldn't let me open FRST64 so I finally found a way to open up command prompt and run the exe with another program.

[inventinc]

Here is the FRST.txt

Attached File(s)

•  FRST.txt (526.77K)
  Number of downloads: 24

[inventinc]

Thanks for everyone's help I appreciate it alot. Keep up the good work guys!

I have successfully fixed my computer as of today.

Thanks everyone!

[Amlak]

That's some good news. Glad it went well with you. I was awaiting my next fix to be approved, but it looks like it's no longer needed.

Would you like me to still check your system out with you for any traces of malware left?