Jump to content

Forced chkdsk fails(reboots) after removal


Recommended Posts

Cleaning up my sisters machine from Packed.Hidden and FakeAlert.MN. I used process explorer to kill off the processes and be able to run Malwarebytes. Ran fine and removed just over 20 items, said 1 item required a reboot. I rebooted and now xp runs a chkdsk on boot which fails. I don't see an option to skip this scan.

I've tried safe mode, same results.

I booted to the recovery console and ran a chkdsk hoping that would clear it up, rebooted, same result.

Any suggestions?

Link to post
Share on other sites

Hi, wormfishin :)

Welcome.

Please read and follow all these instructions very carefully.

mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combofix.exe & follow the prompts.

[*]If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.

[*]Install the Recovery Console upon request.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

Link to post
Share on other sites

Currently my computer will not boot into windows. I ran MBAM with updates yesterday, it removed many items. Now I get a forced chkdsk when I boot, but the computer reboots when I hit 16%, safe mode acts in the same way.

I have used a cd to boot to the recovery console and run a chkdsk, but even after that I still am forced to run the chkdsk when I boot.

Thanks for your help!

Hi, wormfishin :)

Welcome.

Please read and follow all these instructions very carefully.

mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combofix.exe & follow the prompts.

[*]If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.

[*]Install the Recovery Console upon request.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

Link to post
Share on other sites

OK, here's what I have.

Internet does not work on this system now, so I could not get the updates.

I installed MBAM, ran it, log is attached.

I installed combofix, but could not install the recovery console. Log is attached

Ran hijack this, log is attached.

On the surface it appears to have fixed my problems, other than not getting an ip address from my network. But I am guessing a uninstall of the network card will take care of that.

Thanks for your help!

mbam_log_2009_09_28__15_52_42_.txt

combofix.txt

hijackthis.txt

Link to post
Share on other sites

Hi, wormfishin ;)

The computer is working in selective startup. Please run MSconfig and click on Normal Startup. Apply then on close, restart the computer when prompted.

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop

Registry::

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]

"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Driver::

f572678e

RegLock::

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

CFScriptB-4.gif

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Link to post
Share on other sites

Go to Start -> Run, type Services.msc and click OK. Scroll down to Windows Management Instrumantation. Double click on it. Start the service and set it to Automatic in the startup dropdown menu. Click Apply then Ok out of the properties window. Restart the computer.

  1. Enter your Control Panel and double-click on Network Connections
  2. Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.

[*]Left click on Properties

[*]Double-Click on the Internet Protocol (TCP/IP) item

[*]Select the radio dial that says Obtain DNS Servers Automatically

[*]Press OK twice to get out of the properties screen

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

netsh int ip reset C:\Resetlog.txt

netsh winsock reset catalog

ipconfig /flushdns (The space between g and / is needed)

Exit

Restart the computer. Attempt to connect.

  • Copy the entire contents of the Quote Box below to Notepad.
  • Leave an empty line at the end of the script.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, double click on the fix.reg file and merge it into the Registry.

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

If able to connect, please run the F-Secure Online Scanner

Note: You must use Internet Explorer for this scan!

  • Accept the License Agreement.
  • Once the ActiveX installs click Full System Scan
  • Once the download completes, the scan will begin automatically.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy and paste the entire report in your next reply.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following quotebox into the main textfield:
    :filefind
    iaStor.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

I can get online, but the download of the files for the F-Secure scan has failed 4 different times after slowly downloading for 10 minutes or so. I will keep trying, but here is the results of the SystemLook.

SystemLook v1.0 by jpshortstuff (29.08.09)

Log created at 08:46 on 30/09/2009 by Sheila (Administrator - Elevation successful)

========== filefind ==========

Searching for "iaStor.sys "

No files found.

-=End Of File=-

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.