Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

A Continuing Adventure Against Malware! v2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: A Continuing Adventure Against Malware! v2

Unread postby strelet007 » August 26th, 2010, 11:27 pm

The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
798 large file records processed.

0 bad file records processed.

2 EA records processed.

74 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
35393 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

488382463 KB total disk space.
312835424 KB in 266420 files.
130320 KB in 35394 indexes.
0 KB in bad sectors.
431715 KB in use by the system.
65536 KB occupied by the log file.
174985004 KB available on disk.

4096 bytes in each allocation unit.
122095615 total allocation units on disk.
43746251 allocation units available on disk.
strelet007
Regular Member
 
Posts: 37
Joined: July 20th, 2010, 1:46 pm
Advertisement
Register to Remove

Re: A Continuing Adventure Against Malware! v2

Unread postby askey127 » August 27th, 2010, 4:20 pm

strelet007,
That is a good result.
---------------------------------------------

Delete SystemLook.txt from your desktop if it's still there.

  • Right Click SystemLook.exe from your desktop and choose "Run as administrator" to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :regfind
    grpconv
    Normandy
    Ochealthmon
    
    Script
  • Click the Look button to start the scan.
  • This could take a while, but should be minutes, not hours.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: A Continuing Adventure Against Malware! v2

Unread postby strelet007 » August 27th, 2010, 5:32 pm

Hi askey127, I couldn't fit the entire log in this post. I uploaded it to Pastebin.
strelet007
Regular Member
 
Posts: 37
Joined: July 20th, 2010, 1:46 pm

Re: A Continuing Adventure Against Malware! v2

Unread postby askey127 » August 28th, 2010, 7:57 am

strelet,
That looks OK
Right click RKill and choose "Run as administrator"

Open MS Security Essentials
Have it run a full scan.
Tell me what it reports. If it errors out please note the contents of any error message

---------------------------------------------
Please download OTL.exe by OldTimer and save it to your desktop.
  • Double click on the icon to run it. For Vista or Win7, right click the icon and choose "Run as administrator".
  • Make sure all other windows are closed to let it run uninterrupted.
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box.
    Code: Select all
    netsvcs
    drivers32 
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg 
    %systemroot%\*.jpg 
    %systemroot%\*.png 
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.* 
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav 
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x 
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: A Continuing Adventure Against Malware! v2

Unread postby strelet007 » August 28th, 2010, 11:56 am

Hi askey127,

I'll be leaving until Friday starting tomorrow. This is a family member's desktop computer so I am unsure of whether or not I can bring it with me to continue working on. This is just a heads up.

I tried running a Full Scan with MSE but it never gets past scanning the first file. A quick scan did work but it found nothing. I also tried a custom scan with C: as its target but it froze while scanning a java file. Here's a pic of what it looked like when it froze. MSE can't update either.

OTL also hangs during the creation of a system restore point.
strelet007
Regular Member
 
Posts: 37
Joined: July 20th, 2010, 1:46 pm

Re: A Continuing Adventure Against Malware! v2

Unread postby askey127 » August 28th, 2010, 12:56 pm

strelet007,
It does not appear to be feasible to repair this machine using online methods. It is clear the Operating System is corrupted.
This machine needs to either :
(1) Have the hard drive reformatted and have Vista installed from scratch using the Vista DVD.
(2) Invoke the Recovery Partition at bootup (if it has one from Dell, HP, etc.) and completely return the system to its "as purchased" state.
Any "repair" install probably won't work.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: A Continuing Adventure Against Malware! v2

Unread postby strelet007 » August 28th, 2010, 1:39 pm

askey127,

Thank you so much for your assistance in this. I'll go ahead and backup what files I can and format the rest.

Sincerely,
strelet007
strelet007
Regular Member
 
Posts: 37
Joined: July 20th, 2010, 1:46 pm

Re: A Continuing Adventure Against Malware! v2

Unread postby askey127 » August 28th, 2010, 2:21 pm

This topic is now Closed.
We have done what is feasible using online methods, and determined that the best interest of the poster is served by Reformatting the drive and Re-Installing Windows.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware