Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer stuck at Verifying DMI pool data


  • This topic is locked This topic is locked

#1
profphat

profphat

    Member

  • Member
  • PipPip
  • 39 posts
Hi There
The antiviral program detected a virus, so i proceeded to removing it.
However when i next restarted my computer, it doesnt load windows at all
It got stuck on a black screen with "verifying DMI Pool data..."

i cant even go into safe mode, no matter how many times i restarted.
and i dont have the windows disk too.

Please help.

thanks
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello profphat and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

OK. Let's see is there anything we can do to start up your system. We will need clean PC and blank CD to burn this tool. After burn we are going to use it on infected PC and try to repair it.

  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :unsure:
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\\OTL.txt file in your reply.

  • 0

#3
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hi Maliprog
Thanks for replying so promptly :)

How do i complete step 18?

OTL logfile created on: 9/10/2011 3:08:58 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 763.00 Mb Available Physical Memory | 80.00% Memory free
859.00 Mb Paging File | 773.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 122.74 Gb Free Space | 82.35% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (WMP54Gv4SVC)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/02/28 21:59:14 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/10/10 23:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/16 02:06:22 | 000,080,896 | ---- | M] () [Auto] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/09/09 12:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/07/08 20:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (PciCon)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/05/01 09:35:00 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/09/13 03:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/09/06 14:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/06 14:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/06 14:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/06 14:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 08:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 08:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 08:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/06/22 06:01:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/09 12:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/12/23 16:40:12 | 000,080,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/07/08 20:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/02/26 14:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/07/19 02:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2005/10/27 02:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/09/23 05:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/04/07 04:18:34 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/08/03 10:07:46 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2003/12/08 15:55:58 | 000,025,072 | ---- | M] (Ahead Software AG) [Kernel | System] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2003/09/25 09:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\md_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\md_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\md_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\systemprofile_ON_C\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://au.news.yahoo...o.com/thewest/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: [email protected]:1.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.2
FF - prefs.js..extensions.enabledItems: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61}:3.6.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/10 00:38:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 06:24:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.21\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/01 06:24:43 | 000,000,000 | ---D | M]

[2010/11/10 12:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\md\Application Data\Mozilla\Extensions
[2011/09/03 07:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\md\Application Data\Mozilla\Firefox\Profiles\5dx963kx.default\extensions
[2010/11/10 13:03:18 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Documents and Settings\md\Application Data\Mozilla\Firefox\Profiles\5dx963kx.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2011/08/22 11:21:49 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\md\Application Data\Mozilla\Firefox\Profiles\5dx963kx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/11/10 14:03:48 | 000,000,000 | ---D | M] (XboxFox) -- C:\Documents and Settings\md\Application Data\Mozilla\Firefox\Profiles\5dx963kx.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}
[2011/04/26 03:34:53 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\md\Application Data\Mozilla\Firefox\Profiles\5dx963kx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/01/03 03:34:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\md\Application Data\Mozilla\Firefox\Profiles\5dx963kx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)
[2011/07/23 11:25:22 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\md\Application Data\Mozilla\Firefox\Profiles\5dx963kx.default\extensions\[email protected]
[2010/11/11 10:38:56 | 000,000,000 | ---D | M] (springshine) -- C:\Documents and Settings\md\Application Data\Mozilla\Firefox\Profiles\5dx963kx.default\extensions\[email protected]
[2010/11/10 14:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\md\Application Data\Mozilla\Firefox\Profiles\5dx963kx.default\extensions\{8e175e4c-dec2-4917-bd9a-d75e7cb33d61}\chrome\mozapps\extensions
[2010/11/10 12:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/10 00:38:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2010/11/26 10:37:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/26 10:36:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/03/27 08:15:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/27 08:15:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/03/27 08:15:26 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/03/27 08:15:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 10:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\md_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\systemprofile_ON_C..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\md_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/10 00:11:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c6022c6f-f0c6-11df-a247-000fea552798}\Shell\AutoRun\command - "" = E:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 22:11:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2011/08/30 09:45:09 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/04 07:17:50 | 014,610,464 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/09/04 07:17:50 | 000,173,336 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/09/04 07:17:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/04 04:06:43 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/04 04:06:43 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/04 04:03:06 | 000,043,573 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/04 04:02:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/04 04:02:38 | 000,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/09/04 00:45:46 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\md\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/30 09:45:09 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/03 23:01:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2011/03/02 05:22:29 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/12/12 00:40:24 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\md\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/15 12:38:12 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/11/10 06:59:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/10 06:57:53 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/10 03:57:25 | 014,610,464 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/11/10 03:54:12 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/11/10 03:53:37 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2010/11/10 03:24:15 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/11/10 03:24:15 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/11/10 03:24:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/11/10 03:24:09 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/11/10 03:24:09 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/11/10 03:24:08 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/11/10 03:24:08 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/11/10 03:24:08 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/11/10 03:24:08 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/11/10 03:24:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2010/11/10 03:24:07 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/11/10 02:15:22 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/11/10 02:07:41 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/10 00:27:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/10 00:21:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/11/10 00:21:38 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/11/10 00:13:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/10 00:08:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/25 12:14:32 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/01/25 12:14:25 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/01/25 12:14:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2006/11/24 07:43:44 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(6).dll
[2006/11/24 07:43:44 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(5).dll
[2006/11/24 07:43:44 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(4).dll
[2006/11/24 07:43:44 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(3).dll
[2006/11/24 07:43:44 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
[2004/08/03 22:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 11:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/12 01:31:54 | 000,004,164 | ---- | C] () -- C:\WINDOWS\PWRPLAY.INI
[2001/08/23 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 10:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 10:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 10:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/10 00:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\md\Application Data\AVG10
[2011/05/01 10:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\md\Application Data\DAEMON Tools Lite
[2011/04/22 08:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\md\Application Data\Digiarty
[2011/06/29 02:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\md\Application Data\HTC
[2011/03/27 09:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\md\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010/11/24 13:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\md\Application Data\InterVideo
[2010/11/10 00:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/10 00:39:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/01 09:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/11/10 03:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/11/10 00:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

========== Purity Check ==========


< End of report >
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Step 18. is optional. If you have any important data you can insert your USB memory stick while running OTLPE bootable CD and copy paste your data on it. That is easy way to backup.

Please start OTLPE
Double-click on the MBRFix icon, a command window will open
Posted Image

In the command window type in the following lines and press enter after each:

MbrFix  /drive  0  savembr  C:\Backup_MBR_0.bin

then this line:

MbrFix  /drive  0  fixmbr  /yes

Try and reboot normally into your computer.
  • 0

#5
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I couldnt do the first part

I took a photo of the attempts i made
Am i typing it in incorrectly?
sorry im such a noob

Attached Thumbnails

  • IMAG0111-1.jpg

  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Yes. You are typing it wrong. You must type actually full line as I put them in boxes. After you double click on MbrFix on desktop you must write: Mbrfix, space, /drive, space, 0, space, savembr, space, C:\Backup_MBR_0.bin, Enter. The same way for the second one. Type exactly what is writen in these two boxes:

MbrFix  /drive  0  savembr  C:\Backup_MBR_0.bin

then this line:

MbrFix  /drive  0  fixmbr  /yes

  • 0

#7
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
no it still has the same msg "verifying DMI pool data...
  • 0

#8
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
No wait I lied. it has booted back to the normal desktop
woohoo!
:)
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice! Glad to hear that :). Now we have work to do. AVP sometimes takes couple of hours to finish so please be patient.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#10
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hey
I did the scan but there was no threats detected

on the report tab
i can save the automatic scan report.
however i cant save under the Detected reports scan.
  • 0

#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That's good. How is your system now? Problems?
  • 0

#12
profphat

profphat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Nope all good.
thank you so much for ur help. :)

So does that mean this malware change something in the bootup sequence, hence thats why windows couldnt load up?

My other comp has exactly the same problem. Should i run the mbrfix program?
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
This fix if only for this PC. Because I can't see what is going on on your other system I can't recommend you to do that. Please start new topic for that system and I hope you'll get some help for it.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP