TechSpot

HELP:System shutdown (services.exe)

By rizal
Jun 23, 2012
  1. before sorry for my english

    hi

    I've a trouble in my computer ,when my computer connected to internet a few minutes later I got a message that says "Services and Controller app has encountered a problem and needs to close." when I click on "close", a "system shutdown" message comes up, which says "The system process 'C:\WINDOWS\system32\services.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart.", it is apparently initiated by NT AUTHORITY\SYSTEM. I can cancel the shutdown (by going to start/run and typing 'shutdown -a') but after this the system runs almost impossibly slowly, I have tried sasser&blaster removal tool from symantec no virus detected

    my oprating system is XP sp2

    this log from combofix

    ComboFix 12-06-21.03 - S@phire 06/23/2012 12:31:20.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1290 [GMT 7:00]
    Running from: c:\documents and settings\S@phire\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\TNod User & Password Finder\TNODUP.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-23 02:17 . 2012-06-23 02:17 -------- d-----w- c:\program files\SystemRequirementsLab
    2012-06-23 02:17 . 2012-06-23 02:17 -------- d-----w- c:\documents and settings\S@phire\Application Data\SystemRequirementsLab
    2012-06-22 04:50 . 2012-06-22 04:50 -------- d-----w- c:\program files\ATI Technologies
    2012-06-22 04:48 . 2012-06-22 04:48 -------- d-----w- C:\AMD
    2012-06-20 07:21 . 2012-06-20 07:21 -------- d-----w- c:\documents and settings\S@phire\Application Data\IDM
    2012-06-20 07:20 . 2012-06-22 13:18 -------- d-----w- c:\windows\system32\wbem\Logs
    2012-06-20 04:56 . 2012-06-20 04:56 -------- d-----r- C:\ARTAV Lock
    2012-06-20 04:56 . 2012-06-22 16:33 -------- d-----w- c:\program files\ARTAV Team
    2012-06-20 04:32 . 2012-06-20 04:35 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\Rockstar Games
    2012-06-20 04:29 . 2012-06-20 04:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2012-06-20 04:28 . 2012-06-20 04:28 -------- d-----w- c:\windows\system32\LogFiles
    2012-06-20 04:27 . 2012-06-20 04:28 -------- d-----w- c:\windows\system32\drivers\umdf
    2012-06-20 04:26 . 2012-06-20 04:26 -------- d-----w- c:\windows\system32\xlive
    2012-06-20 04:26 . 2012-06-20 04:26 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2012-06-20 03:43 . 2012-06-20 03:43 -------- d-----w- c:\windows\system32\XPSViewer
    2012-06-20 03:43 . 2012-06-20 03:43 -------- d-----w- c:\program files\Reference Assemblies
    2012-06-20 03:43 . 2006-10-14 09:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2012-06-20 03:42 . 2006-06-29 06:07 14048 ------w- c:\windows\system32\spmsg2.dll
    2012-06-17 11:04 . 2012-06-17 11:04 -------- d-----w- c:\documents and settings\S@phire\Application Data\Malwarebytes
    2012-06-17 11:03 . 2012-06-17 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-06-17 11:03 . 2012-06-17 11:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-17 11:03 . 2012-04-04 08:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\documents and settings\S@phire\Application Data\DriverCure
    2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\documents and settings\S@phire\Application Data\SpeedyPC Software
    2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
    2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
    2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\program files\SpeedyPC Software
    2012-06-09 05:49 . 2012-06-09 05:49 43776 ----a-w- c:\windows\system32\drivers\catchurl.sys
    2012-06-09 05:49 . 2012-03-15 11:03 209408 ----a-w- c:\windows\system32\PCMext.dll
    2012-06-09 05:49 . 2012-06-09 05:49 2432 ----a-w- c:\windows\system32\drivers\KernelMemory.sys
    2012-06-09 05:49 . 2012-06-09 05:49 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\PC Media Antivirus
    2012-06-09 05:32 . 2012-06-23 01:09 -------- d-----w- c:\documents and settings\Administrator
    2012-06-08 00:16 . 2012-06-08 00:16 -------- d-----w- c:\program files\EVDO Modem
    2012-06-07 06:18 . 2012-01-27 00:48 104072 ----a-w- c:\windows\system32\drivers\idmtdi.sys
    2012-05-31 16:37 . 2012-05-31 16:37 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\Wondershare
    2012-05-31 16:37 . 2012-05-31 16:37 -------- d-----w- c:\program files\Common Files\Wondershare
    2012-05-31 16:37 . 2012-05-31 16:37 -------- d-----w- c:\program files\Wondershare
    2012-05-29 11:07 . 2000-12-05 23:00 415176 ----a-w- c:\windows\system32\comct332.ocx
    2012-05-29 11:07 . 2000-05-21 15:00 244416 ----a-w- c:\windows\system32\msflxgrd.ocx
    2012-05-29 11:07 . 2000-05-21 15:00 140488 ----a-w- c:\windows\system32\comdlg32.ocx
    2012-05-29 11:07 . 2000-05-21 14:00 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
    2012-05-29 11:07 . 1999-09-28 09:42 1050896 ----a-w- c:\windows\system32\msjet35.dll
    2012-05-29 11:07 . 1998-06-23 14:00 164144 ----a-w- c:\windows\system32\COMCT232.OCX
    2012-05-29 11:07 . 1998-04-26 15:00 570128 ----a-w- c:\windows\system32\dao350.dll
    2012-05-29 11:07 . 1998-04-23 15:00 24848 ----a-w- c:\windows\system32\msjter35.dll
    2012-05-29 11:07 . 1998-04-23 15:00 123664 ----a-w- c:\windows\system32\msjint35.dll
    2012-05-27 11:46 . 2012-05-27 11:46 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\ACD Systems
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-12 05:09 . 2012-01-13 13:24 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2012-04-13 08:51 . 2012-04-13 08:51 81920 ----a-w- c:\documents and settings\S@phire\Application Data\ezpinst.exe
    2012-04-13 08:51 . 2012-04-13 08:51 47360 ----a-w- c:\documents and settings\S@phire\Application Data\pcouffin.sys
    2012-05-13 01:45 . 2011-12-23 13:43 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960]
    .
    [HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-11-18 05:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
    2009-07-02 03:18 2215960 ----a-w- c:\program files\PHPNukeEN\tbPHPN.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-12-19 19:46 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\documents and settings\S@phire\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-01-28 3462552]
    "RGSC"="d:\games\Rockstar games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "BiosNotice"="c:\program files\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]
    "RTHDCPL"="RTHDCPL.EXE" [2010-10-05 19580520]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
    "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
    "Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
    "EVDOServer"="c:\windows\EVDOServer.exe" [2011-11-12 45056]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-2-28 119296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2006-10-26 17:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 03:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-02 13:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Gemscool\\LostSaga\\autoupgrade.exe"=
    "c:\\Gemscool\\LostSaga\\lostsaga.exe"=
    "e:\\PES12\\pes2012.exe"=
    "c:\\Documents and Settings\\S@phire\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    "d:\\GAMES\\Copy of NFS\\NFS Most Wanted Setup\\Need for Speed Most Wanted Rip\\speed.exe"=
    "d:\\GAMES\\IRON MAN\\IMRip_idocxxx\\IronMan.exe"=
    "d:\\GAMES\\Rockstar games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "d:\\GAMES\\Rockstar games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1043:TCP"= 1043:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [1/14/2012 9:43 AM 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [1/14/2012 9:43 AM 5248]
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/25/2011 4:43 PM 13696]
    R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [11/25/2011 4:43 PM 6272]
    R1 catchurl;catchurl;c:\windows\system32\drivers\catchurl.sys [6/9/2012 12:49 PM 43776]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
    R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [6/7/2012 1:18 PM 104072]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [12/18/2011 9:50 AM 21992]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/22/2011 12:03 PM 974944]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/17/2012 6:03 PM 654408]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [12/14/2011 12:47 PM 1514304]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/17/2012 6:03 PM 22344]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [12/12/2011 7:31 PM 10064]
    S3 ALSysIO;ALSysIO;\??\c:\docume~1\S@phire\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\S@phire\LOCALS~1\Temp\ALSysIO.sys [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/25/2011 4:44 PM 1691480]
    S3 AtiDCM;AtiDCM;c:\amd\ATI_Redwood-Pro2_WinXP_8.70_Feb3\Bin\atidcmxx.sys [1/14/2010 10:26 AM 23312]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 GPUTool;GPUTool;\??\c:\docume~1\S@phire\LOCALS~1\Temp\GPUTool.sys --> c:\docume~1\S@phire\LOCALS~1\Temp\GPUTool.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/13/2012 8:45 AM 129976]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [12/24/2011 9:12 AM 114704]
    S3 tctusbser;TCT Mobilephone USB Device for Legacy Serial Communication;c:\windows\system32\drivers\tctusbser.sys [12/13/2011 9:34 AM 107776]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [5/6/2012 3:54 PM 14416]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-23 c:\windows\Tasks\Game_Booster_AutoUpdate.job
    - c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-03-22 04:21]
    .
    2012-06-17 c:\windows\Tasks\SpeedyPC Pro.job
    - c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 19:00]
    .
    2012-06-17 c:\windows\Tasks\SpeedyPC Update Version3.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
    uInternet Settings,ProxyServer = 118.97.165.234:8080
    uInternet Settings,ProxyOverride = <local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: Interfaces\{11885652-163E-4CA0-A76A-D9E4138A747B}: NameServer = 208.67.222.222,208.67.220.220
    FF - ProfilePath - c:\documents and settings\S@phire\Application Data\Mozilla\Firefox\Profiles\y1vswott.default\
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-TNOD UP - c:\program files\TNod User & Password Finder\TNODUP.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-23 12:33
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{027489cb-52c0-4b44-929f-339c519c2976}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000056
    "Therad"=dword:0000001c
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):8f,ab,5b,af,68,df,8c,9d,4f,89,07,a4,fc,ba,83,74,14,bb,af,32,4e,
    71,9e,15,12,e3,55,2b,99,56,fe,11,9f,82,b0,7d,ac,7d,bd,46,00,00,00,00,00,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1224)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    Completion time: 2012-06-23 12:34:48
    ComboFix-quarantined-files.txt 2012-06-23 05:34
    ComboFix2.txt 2012-06-23 01:18
    .
    Pre-Run: 23,000,813,568 bytes free
    Post-Run: 22,961,872,896 bytes free
    .
    - - End Of File - - BB67775E631EA0625923D112B52116E1
     
  2. rizal

    rizal TS Rookie Topic Starter

    help me please..
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================

    Never run Combofix on your own!

    Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

    Please print this guide for future reference!

    You will need a blank CD, a clean computer and a flash drive.

    Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

    :step1:

    1. Download and Run Ultimate Boot CD for Windows
    • Save it to your Desktop.
    • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
    • Follow all of the instructions/prompts that come up.
      NOTES:
      • Do not install to a folder with spaces in it's name.
      • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
    2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
    • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
    • Click "I agree" to the Builders License.
    • Click NO to Search for Windows Installation Files
    • Make the following selections from the Main Screen that pops up:
      • Builder
        • Source:(path to Windows installation files)
          • Enter the path to the drive where your XP CD is located.
          • You can click on the "..." button on the right to navigate to the path as well.
        • Custom: (include files and folders from this directory)
          • No information is necessary, leave blank.
        • Output: (C:\ubcd4win\BartPE)
          • Keep the default BartPE
      • Media output
        • Choose Create ISO image
        • Do not choose Burn to CD/DVD


        Please note: If your XP install disc is SP1 then please .....
        1. Disable- DComLaunch Service
        2. Enable- LargeIDE Fix

          This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

        Also note: If you have a Dell XP install disc you will need to follow the instructions here
        http://www.ubcd4win.com/faq.htm#dell

      3. Click on the "Build" button
      • You will see the Windows EULA message. Click on I Agree
      • You will now see the Build Screen. Let it run it's course
      • When the Build is finished you can click close, then exit


      4. Burn your ISO file to CD
      • Please see HERE on how to burn an ISO to CD.

    ==========

    :step2:

    Next, from your clean computer:

    Download Farbar Recovery Scan Tool
    and save it to your flash drive.

    Now plug your flashdrive back into your sick computer and follow the next instructions:

    ==========

    :step3:

    1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
    • Insert the UBCD4Win disc in to one of your CD/DVD drives.
    • Restart your computer.
      • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
    • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
      • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
    • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
      • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
    • You should now have a desktop that looks like this:
      [​IMG]

    ==========

    :step4:

    • Single click My computer from your UBCD4W desktop to navigate to the Farbar Recovery Scan Tool you saved to your flash drive.
    • Double click on it to begin running the tool.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your next reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...