Jump to content

windows 7 help


Recommended Posts

Hello thecolonel and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Check for updates your Microsoft Security Essentials and then perform a full system scan. Let me know about the results.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

here is the log when i ran it today

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.20.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Susan :: SUSAN-PC [administrator]

Protection: Enabled

11/22/2012 9:28:19 AM

mbam-log-2012-11-22 (09-28-19).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223002

Time elapsed: 15 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

here is the log from the 1st time i ran this 2 days ago

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.20.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Susan :: SUSAN-PC [administrator]

Protection: Enabled

11/20/2012 12:32:36 PM

mbam-log-2012-11-20 (12-32-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223064

Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Susan\Downloads\gimp_app_1201.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

i downloaded and ran combofix, it ran and the program stopped responding for a long time then finally after like 6 hours it gave a log then froze and I couldn't do anything. i restarted the computer now it wont load windows, the computer says to try running startup repair which i did and it doesn't work. so i tried starting normally and it just comes back to a screen saying it can't load windows. suggestions?

Link to post
Share on other sites

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

This is very frustrating because the infected computer will not recognize flash drives. I burned the file to a cd and ran the frst.exe program but I can't get the text file to post the whole log so I'll try to write what looks important. If I miss something let me know.

Running from F:\(x64) OS Language: English (US)

Attention: Could not load system hive. Attention: System hive is missing

----Registry (Whitelisted)------

Attention: Software hive is missing

Attention: unable to load software hive.

----Bamital & volsnap check----

C:\windows\system32\winlogon.exe is missing <--- attention

C:\windows\system32\wininit.exe is missing <--- attention

C:\windows\syswow64\wininit.exe is missing <---- attention

C:\windows\explorer.exe is missing <--- attention

C:\windows\syswow64\explorer.exe is missing <--- attention

C:\windows\system32\svchost.exe is missing <--- attention

C:\windows\syswow64\svchost.exe is missing <--- attention

C:\windows\system32\services.exe is missing <--- attention

C:\windows\system32\user32.dll is missing <--- attention

C:\windows\syswow64\user32.dll is missing <--- attention

C:\windows\system32\userinit.exe is missing <--- attention

C:\windows\syswow64\userinit.exe is missing <--- attention

C:\windows\system32\drivers\volsnap.sys is missing <--- attention

C:\windows\system32\codeintegrity\bootcat.cache is missing <--- attention

----------EXE Association ---------

HKLM\...\.exe: <---- Attention

HKLM\...\exeflie\defaulticon: <----- Attention

HKLM\...\exefile\open\command: <--- Attention

-----Memory Info------

Percantage of memory in use: 19%

Total physical RAM: 2806.71 MB

Available physical RAM: 2249.4 MB

Total Pagefile: 2804.86 MB

Available Pagefile: 2230.08 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

Link to post
Share on other sites

when the main screen comes up there is an option to get into setup (F2) or change boot device (F12) I got into both but I don't see anything for safe mode. It likes to start itself over and over again as well. I seem to be going in the wrong direction here. I had a computer that semi worked before now it's basically a paperweight.

Link to post
Share on other sites

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

CMD: bootrec /FixMbr

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Link to post
Share on other sites

Ok, before I try to do things besides what you're writing I want to be clear. I CANNOT boot to safe mode. The only way I can get to notepad is by command prompt. Also flash drives DO NOT WORK on my infected computer. I can run FRST again and write the log by hand but not on a flash drive as you said. Is that what you'd like me to do?

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012

Ran by SYSTEM at 2012-11-27 15:02:30 Run:1

Running from H:\

==============================================

========= bootrec/FixMbr =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

==== End of Fixlog ====

Link to post
Share on other sites

when I click on the problems details it says

Problem signature:

problem event name: StartupRepairOffline

problem signature01: 6.1.7600.16385

problem signature02: 6.1.7600.16385

problem signature03: unknown

problem signature04: -1

problem signature05: AutoFailover

problem signature06: 9

problem signature07: NoRootCause

OS Version: 6.1.7600.2.0.0.256.1

Locale ID: 1033

Link to post
Share on other sites

Download Peazip to the desktop

Run and install the programme

As it installs this page will show, deselect the AVG ticks

Press decline and it will then install cleanly

peazip.jpg

Download the following files to the desktop .. Right click the links and select save as...then select desktop

IsoToUsb

OTLPE_standard

Right click OTLPE on your desktop and select Peazip ..Open as archive

Unzup%20archive.png

Select OTLPE standard

select%20archive.PNG

Click Extract, ensure that desktop is selected

extract%20archive.PNG

Insert the USB stick Then run ISO to USB

isotousb.JPG

Select the ISO file on the desktop, tick bootable . press burn

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.