[chucknorrisno1]

When I rebooted into Normal mode the problem with the frozen screen was gone and I could access the desktop and other programs etc. I was able to run "aswMBR" fine but when I tried to run "OTL" there was an error -

"Application error

Exception EReadError in module OTL.exe at 00016A6B.
Error reading DiskPartitionInfo1.Active: Generic failure."

[Advertisements]

I also still have no network connection. Its almost like my Wifi hardware has stopped working for some reason...Grrr lol

[chucknorrisno1]

I also still have no network connection. Its almost like my Wifi hardware has stopped working for some reason...Grrr lol

[CompCav]

Try this version of OTL here this is an SCR file.

If you get the same result please try to run the original OTL in safe mode.

[chucknorrisno1]

Okey doke. Will take a minute because Im still having to burn and swap CD's

[CompCav]

If it still does not work use this for the Custom Scans

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT

[chucknorrisno1]

Ive tried it in Safe Mode and the same error has appeared. The program doesn't even open so I can't change the Custom Scans.

"Application error

Exception EReadError in module OTL.exe at 00016A6B.
Error reading DiskPartitionInfo1.Active: Generic failure."

[CompCav]

We need to use the big gun! Try to run it in normal mode and if not do safe mode but if in safe mode stay with it so when it reboots you can have the computer reboot into safe mode.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks





When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.

[chucknorrisno1]

Thank you for being so patient by the way! lol

I have McAfee antiv-virus and it is an awkward blighter to disable. The only way I can think of is using the task manager to end the process. Do you know a better/safer way or will I just use the task manager? Its not on the link you sent me.

Thanks

[chucknorrisno1]

Ok ran ComboFix in both normal and safe mode, it gives an error message -

"Not Admin !!

You need Administrative privileges to run this tool"

For info computer is fairly slow shutting down and starting back up again.

[CompCav]

OK we need to look at it in a different way:

Since you have Windows 7 we will use the recovery console.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select English as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

[chucknorrisno1]

Hi

For some reason the infected laptop is still not recognising USB flash drives when they are plugged in. Would that be a current symptom of the trojan/virus or because the drivers are faulty during the fix etc? Can I do the FRST from a CD or will that not work when in command prompt?

[CompCav]

We need to make a windows 7 recovery disk from your clean computer.

Then boot up on it and the USB issue should be OK.

Here are directions on how to make the disk.

[chucknorrisno1]

Ok

The clean laptop I am using is Windows XP. I guess I need to make a recovery disk from another computer with Windows 7?

[chucknorrisno1]

Will a CD-R suffice or would it need to be a DVD?

[CompCav]

CD is fine it is not that big!