Ran Malwarebytes, fixed problems, now computer hangs during startup

[KPierson]

Yesterday I noticed that I was getting Google redirects. I did a full scan using AVG and it found nothing. I then upgraded to the latest version of AVG and performed another scan - still nothing.

Next, I opened Malwarebytes and updated it. I ran a full system scan and it found 30 problems, but hung up between the "scan finished" and "show results" step. No matter what I did I couldn't see the results. I had to end the program and reboot. Upon reboot I had all kinds of pop ups and messages telling me I was infected. I ran Malwarebytes again and found the same 30 infections but this time it did not hang up. I was able to see the results and I clicked on "fix". A box popped up that stated I had to restart to finish deleting and so I did.

However, the computer never restarted. It will post, but it hangs before it makes it to the XP splash screen. I get no blue screens, no error messages, just a blank black screen.

I tried to use the recovery console - both the chkdsk function and the fixboot function, but was hesitant to try anything else. I removed the harddrive from the Dell D510 laptop and installed it in my desktop so I could retrieve the log file:

Malwarebytes' Anti-Malware 1.43

Database version: 3458

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 6.0.2900.2180

1/2/2010 11:51:02 PM

mbam-log-2010-01-02 (23-51-02).txt

Scan type: Full Scan (C:\|)

Objects scanned: 266200

Time elapsed: 50 minute(s), 56 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 1

Registry Keys Infected: 7

Registry Values Infected: 2

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:

C:\WINDOWS\system32\winhelper86.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvswmpfk (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon86.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon86.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\winlogon86.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\Temp\517be096.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\AVR10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winhelper86.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Winlogon86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\dfgdgdfgrgdgfdrdfs.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

I appreciate everyones time - thank you,

Kevin

[mountaintree16]

Hello KPierson, and welcome to the forums here at Malwarebytes.org

Firstly, you should have used a quick scan

Secondly, you should re-post your post here:

http://www.malwarebytes.org/forums/index.php?showforum=7

As we do not work on malware removal in the general forums. An expert will be along to assist you in cleaning your system as soon as someone is available. Please be patient and do not reply to your own post unless its been longer than 48 hours without a response; this can make it appear as though you are already being helped and can make the wait longer for you.

Also, as a side note, when replying, please use the "add reply" button at the bottom of the page or erase what the person you are replying to said, as this makes the forum easier to read.

Thank you