Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Hannu on September 21, 2013, 04:07:00 PM
-
Hi
I have HP Pavilion dv6000 laptop. It has Windows Vista home premium 32 bit OS. I got the laptop used, and have been cleaning and uninstalling programs I don't need.
I deleted recovery partition with HP tools (can't remember program name) to get more HDD space. After that I uninstalled previous antivirus (F-secure) and installed Microsoft secyurity essentials and installed Windows Vista Service pack 2. There was also some malware (can't remember what) MSE tried tried to remove. MSE asked to reboot windows to fully remove malware, and I think this messed windows boot somehow. I also run Norton unistall tool to remove previous Norton software. I then booted, and now I can't get boot into windows. I get STOP 0x0000007B BSOD if remember correctly. I can't do startup repair because it gives me 0xc00000f error too. Also, I can't even boot into safe mode! I am at a loss and don't know what to do next.
I don't have Vista repair disc, but I do have full image backup which I made with Macrium reflect earlier this week.
Now I am running Hard disk self test (through bios). I'll post results later.
-
essexboy is notified....
-
What malware did MSE find ?
This sounds like the MBR is broken
Are you able to get to safe mode menu ?
From the repair menu can you access command prompt ?
-
What malware did MSE find ?
This sounds like the MBR is broken
Are you able to get to safe mode menu ?
From the repair menu can you access command prompt ?
Malware was related to Java and Internet explorer cache, I can't remember and I don't have picture from it. I can get into safe mode menu, but it just reboots when trying to enter safe mode. Windows startup repair does not work.
How can be MBR be repaired?
-
On the safe mode menu is the option Command Prompt
Can you select that ?
Also do you have a spare USB
-
On the safe mode menu is the option Command Prompt
Can you select that ?
Also do you have a spare USB
Hard drive test did not found nothing. See pic:
Yes, I have spare USB.
It has the option safe mode and command prompt. Do you mean that?
update:
I can select the safe mode command prompt, but it just loads for some time and then reboots :(
-
That's the one
Download to a USB
Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)
Insert the USB and boot to the safe mode menu
Select Command prompt
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
(https://dl.dropbox.com/u/73555776/FRST%20Start%20scan.gif)
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
-
Usb stick plugged in -> trying to boot into safe mode fails. It just reboots
-
When you select command prompt it just fails is that correct
-
When you select command prompt it just fails is that correct
yes it just fails
-
OK lets use the same USB and work from a PE environment
Download Peazip (http://peazip.googlecode.com/files/peazip-4.7.3.WINDOWS.exe) to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly
(https://dl.dropbox.com/u/73555776/peazip.jpg)
Download the following files to the desktop .. Right click the links and select save as...then select desktop
Rufus (http://rufus.akeo.ie/downloads/rufus_v1.3.2.exe)
OTLPE_standard (http://oldtimer.geekstogo.com/OTLPEStd.exe)
Right click OTLPE on your desktop and select ..Open as archive
(https://dl.dropbox.com/u/73555776/Unzup%20archive.png)
Select OTLPE standard
(https://dl.dropbox.com/u/73555776/select%20archive.PNG)
Click Extract, ensure that desktop is selected
(https://dl.dropbox.com/u/73555776/extract%20archive.PNG)
Insert the USB stick Then run Rufus
(https://dl.dropbox.com/u/73555776/rufus.JPG)
Select the ISO file on the desktop via the ISO icon.
Press Start Burn
(https://dl.dropbox.com/u/73555776/RufusISO.JPG)
Once the USB has burnt then
- Download Farbar Recovery Scan Tool (http://download.bleepingcomputer.com/farbar/FRST.exe) and save it to the flash drive.
- Reboot your system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
- As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
- Your system should now display a Reatogo desktop.
- Locate the flash drive and run FSRT
- The tool will start to run.
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FRST2.gif)
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
-
Finally! A log file for you:
-
OK lets see what this achieves :)
Download the attached fixlist.txt to the same location as FRST
Run FRST as before and press fix
On completion a log will be saved on the USB I will need that
I will also need an upload later of the quarantine folder
Then try a boot to normal mode
-
Here ya go :) At least some services were deleted
-
I missed two
Run this fixlist.txt as before and let me know what stage you get to in the reboot
-
Still can't boot into safe mode, or into windows
-
Could you run a fresh FRST scan please
-
Hannu, macrium reflect boot disk/restore disk has a "fix boot problems" utility that you might try if what you're doing now doesn't work. :)
Just thought I'd pass this along.
-
Could you run a fresh FRST scan please
I made a new scan and here is the log
-
OK we are going to have to edit the BCD to get it to boot now
Unfortunately we will need a Vista recovery console on USB or CD do you have access to either a running vista system or a Vista CD
-
OK we are going to have to edit the BCD to get it to boot now
Unfortunately we will need a Vista recovery console on USB or CD do you have access to either a running vista system or a Vista CD
No I don't have any Vista cds :(
I am continuing this tomorrow.
-
Hannu, macrium reflect boot disk/restore disk has a "fix boot problems" utility that you might try if what you're doing now doesn't work. :)
Just thought I'd pass this along.
You mean this? http://kb.macrium.com/KnowledgebaseArticle50011.aspx I tiried it, but no luck :(
-
I borrowed a Vista recovery cd from friend and did startup repair, which could not make repairs (see pics)
But at least I can now access recovery console:
-
OK from the CD command prompt :
Type BOOTREC /FIXMBR, and then press ENTER.
Type BOOTREC /FIXBOOT, and then press ENTER.
Type BOOTREC /REBUILDBCD, and then press ENTER.
Now retry a normal boot
-
did a normal boot, and got 0x0000007B BSOD.
what concerns me, is this: total identified windows intallations: 0 ?? (see pic)
-
It looks as though you will need to reinstall I am afraid as the MFT may well be corrupted
You can use the Reatogo desktop to backup any data you need
-
You mean this? http://kb.macrium.com/KnowledgebaseArticle50011.aspx I tiried it, but no luck :(
Hi, yes it is.
Is macrium able to restore the image you made and start over again?
-
You mean this? http://kb.macrium.com/KnowledgebaseArticle50011.aspx I tiried it, but no luck :(
Hi, yes it is.
Is macrium able to restore the image you made and start over again?
It seems that Macrium was able to restore image!
-
So you are back up and running now ?
Was the image prior to the bad boys that I removed ?
-
So you are back up and running now ?
Was the image prior to the bad boys that I removed ?
Yes, Windows Vista seems to be working fine now.
I don't know yet if there is malware on this image, but made a scan with Hitman pro and it found nothing. My guess is that malware got into computer after I turned off UAC. I don't know.
There seems to be remnants of F-secure, Norton 360 and its backup files (don't know what to do with them) and Mcafee security tool. I have to get rid of those first and then make new image.
Right now I'm so fed up with that laptop that I won't be touching it for a few days!
-
Hello again!
Laptop (and windows) is working fine now, installed Service pack 2 and all available updates from windows update.
I ran ESET online scan one day and it found something. Also ran OTL scan today and i would be nice if someone could check if there is something of interest in the logs. Thanks.
-
Looks good. The ESET detections are signature files for Spybot S&D and are of no import
-
Looks good. The ESET detections are signature files for Spybot S&D and are of no import
Good to know :) and thanks for your help! This thread can be closed.