SMART virus - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

SMART virus

#91 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,530
  • Joined: 30-November 05

Posted 07 August 2012 - 01:55 PM

We are running out of options.

Download the enclosed file. Attached File  fixlist.txt (27bytes)
Number of downloads: 24

Save it next to FRST, replacing the existing one.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.


Try Normal Mode.

#92 hknh

  • Group: Member
  • Posts: 54
  • Joined: 02-July 12

Posted 07 August 2012 - 02:11 PM

Attached File  Fixlog.txt (872bytes)
Number of downloads: 25

it looped back again to the windows recovery screen

when reatogo is up, I can click on my computer and user heidi and see my stuff - there has to be a way around this virus

#93 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,530
  • Joined: 30-November 05

Posted 07 August 2012 - 06:52 PM

Try Safe Mode and the Repair Console. Are you still unable to logon with your username?

#94 hknh

  • Group: Member
  • Posts: 54
  • Joined: 02-July 12

Posted 07 August 2012 - 07:07 PM

nope

#95 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,530
  • Joined: 30-November 05

Posted 08 August 2012 - 12:40 PM

Lets check the configuration data file once again.

Download the enclosed file. Attached File  fixlist.txt (46bytes)
Number of downloads: 22

Save it next to FRST, replacing the existing one.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

#96 hknh

  • Group: Member
  • Posts: 54
  • Joined: 02-July 12

Posted 08 August 2012 - 12:43 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 2012-08-09 01:40:49 Run:3
Running from D:\

==============================================


========= C:\windows\system32\bcdedit /enum all /v =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {7fdd6ac5-70be-11db-ba26-a0b016378059}
displayorder {7fdd6ac5-70be-11db-ba26-a0b016378059}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device partition=H:
path \Windows\System32\boot\winload.exe
description Windows Recovery Environment
osdevice partition=H:
systemroot \Windows
resumeobject {7625eb16-04f4-11dc-8eeb-806e6f6e6963}
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {7fdd6ac5-70be-11db-ba26-a0b016378059}
device partition=C:
path \Windows\system32\winload.exe
description Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {7fdd6ac6-70be-11db-ba26-a0b016378059}
nx OptIn
increaseuserva 2048

Resume from Hibernate
---------------------
identifier {7625eb16-04f4-11dc-8eeb-806e6f6e6963}
device partition=H:
path \Windows\System32\boot\winresume.exe
description Windows Recovery Environment
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
pae Yes
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {7fdd6ac6-70be-11db-ba26-a0b016378059}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {466f5a88-0af2-4f76-9038-095b170dc21c}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

========= End of CMD: =========


==== End of Fixlog ====

Attached File  Fixlog.txt (4.37K)
Number of downloads: 16

#97 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,530
  • Joined: 30-November 05

Posted 08 August 2012 - 01:31 PM

Everything looks as they should.

One last check. Run FRST.

Type the following in the edit box after "Search:".

winload.exe

It then should look like:

Search: winload.exe

Click Search button and post the log (Search.txt) it makes to your reply.

#98 hknh

  • Group: Member
  • Posts: 54
  • Joined: 02-July 12

Posted 08 August 2012 - 02:12 PM

I cannot seem to attach the file -

#99 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,530
  • Joined: 30-November 05

Posted 08 August 2012 - 08:26 PM

Open the file in Notepad and Copy and Paste its contents in a reply.

#100 hknh

  • Group: Member
  • Posts: 54
  • Joined: 02-July 12

Posted 09 August 2012 - 07:13 AM

Farbar Recovery Scan Tool Version: 05-08-2012 01
Ran by SYSTEM at 2012-08-09 02:52:55
Running from D:\

================== Search: "winload.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94\winload.exe
[2009-09-22 17:31] - [2009-04-11 02:33] - 0986600 ____A (Microsoft Corporation) 074DF633D8C15656560F0388AA7F6237

C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7\winload.exe
[2008-04-09 09:33] - [2008-02-29 03:02] - 0988216 ____A (Microsoft Corporation) B014C9768E1A7E12D7F1EA8B4294EE7E

C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b\winload.exe
[2008-04-09 09:33] - [2008-02-29 03:11] - 0988216 ____A (Microsoft Corporation) BB82A604FCC5A930696962A27F1C9760

C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18000_none_5b26ba326ca6e048\winload.exe
[2008-09-11 07:10] - [2008-01-19 03:44] - 0986680 ____A (Microsoft Corporation) 8C5CF5E594B696DEC0B6BC791EB0371A

C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157\winload.exe
[2008-04-09 09:32] - [2008-02-14 19:13] - 0944696 ____A (Microsoft Corporation) 651D59AE69715F62D7D7D9F4746B1195

C:\Windows\winsxs\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725\winload.exe
[2008-04-09 09:32] - [2008-02-14 19:19] - 0944184 ____A (Microsoft Corporation) 2FE80A1F41E18B07FC00C94EC316E164

C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6002.18005_none_6b24103689ec6965\winload.exe
[2009-09-22 17:31] - [2009-04-11 02:33] - 0986600 ____A (Microsoft Corporation) 074DF633D8C15656560F0388AA7F6237

C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.22125_none_69b1958fa5f3f478\winload.exe
[2008-04-09 09:33] - [2008-02-29 03:02] - 0988216 ____A (Microsoft Corporation) B014C9768E1A7E12D7F1EA8B4294EE7E

C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18027_none_6929f9588cd4875c\winload.exe
[2008-04-09 09:33] - [2008-02-29 03:11] - 0988216 ____A (Microsoft Corporation) BB82A604FCC5A930696962A27F1C9760

C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6001.18000_none_6938972a8cca9e19\winload.exe
[2008-09-11 07:10] - [2008-01-19 03:44] - 0986680 ____A (Microsoft Corporation) 8C5CF5E594B696DEC0B6BC791EB0371A

C:\Windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6000.16386_none_6701d52e8fdf8d45\winload.exe
[2006-11-02 04:30] - [2006-11-02 05:52] - 0940648 ____A (Microsoft Corporation) 00D439AB54A9FEB59F94B15C03FF4277

C:\Windows\System32\winload.exe
[2009-09-22 17:31] - [2009-04-11 02:33] - 0986600 ____A (Microsoft Corporation) 074DF633D8C15656560F0388AA7F6237

C:\Windows\System32\Boot\winload.exe
[2009-09-22 17:31] - [2009-04-11 02:33] - 0986600 ____A (Microsoft Corporation) 074DF633D8C15656560F0388AA7F6237

=== End Of Search ===

Attached File  Search.txt (3.13K)
Number of downloads: 14

#101 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,530
  • Joined: 30-November 05

Posted 09 August 2012 - 09:13 AM

The file seems clear.

Download the enclosed file. Attached File  fixlist.txt (139bytes)
Number of downloads: 16

Save it next to FRST, replacing the existing one.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

#102 hknh

  • Group: Member
  • Posts: 54
  • Joined: 02-July 12

Posted 09 August 2012 - 09:38 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 2012-08-09 22:28:27 Run:4
Running from D:\

==============================================


========= C:\Windows\System32\BCDEDIT /SET {9dea862c-5cdd-4e70-acc1-f32b344d4795} path \bootmgr =========

The operation completed successfully.

========= End of CMD: =========


========= C:\windows\system32\bcdedit /enum all /v =========


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {7fdd6ac5-70be-11db-ba26-a0b016378059}
displayorder {7fdd6ac5-70be-11db-ba26-a0b016378059}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device partition=H:
path \Windows\System32\boot\winload.exe
description Windows Recovery Environment
osdevice partition=H:
systemroot \Windows
resumeobject {7625eb16-04f4-11dc-8eeb-806e6f6e6963}
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {7fdd6ac5-70be-11db-ba26-a0b016378059}
device partition=C:
path \Windows\system32\winload.exe
description Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {7fdd6ac6-70be-11db-ba26-a0b016378059}
nx OptIn
increaseuserva 2048

Resume from Hibernate
---------------------
identifier {7625eb16-04f4-11dc-8eeb-806e6f6e6963}
device partition=H:
path \Windows\System32\boot\winresume.exe
description Windows Recovery Environment
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
pae Yes
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {7fdd6ac6-70be-11db-ba26-a0b016378059}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {466f5a88-0af2-4f76-9038-095b170dc21c}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

========= End of CMD: =========


==== End of Fixlog ====

Attached File  Fixlog.txt (4.59K)
Number of downloads: 15

#103 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,530
  • Joined: 30-November 05

Posted 09 August 2012 - 10:50 AM

Attempt to boot, let me know the outcome.

#104 hknh

  • Group: Member
  • Posts: 54
  • Joined: 02-July 12

Posted 09 August 2012 - 11:00 AM

booted from hard drive and tried to start up normally - it goes to the other user screen - it will not take my username and password

#105 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,530
  • Joined: 30-November 05

Posted 10 August 2012 - 10:24 AM

Sorry for the delay. I was reviewing the entire thread and I can't see anything that may help us boot that computer. All seems to indicate that your user account is either corrupted, or files are missing that we are unable to identify by these means.

All I can suggest is to restore the computer to factory settings. If the built-in Recovery option is not available, then you will need to contact the manufacturer for the Recovery CDs.

Sorry that it took so long, but there are times that we just have to fold.

Share this topic:


  • 7 Pages +
  • « First
  • 5
  • 6
  • 7