also @ TechSpot: Yahoo redesigns Flickr, adds 1 terabyte of free storage and more

Stubborn infection

Discussion in 'Virus and Malware Removal' started by Michael King, Jul 23, 2012.

Post New Reply
Page 4 of 4

  1. Michael King Newcomer, in training Posts: 48

    ListParts by Farbar Version: 25-07-2012
    Ran by Administrator (administrator) on 14-08-2012 at 19:04:10
    Windows Vista (X64)
    Running From: C:\Users\Administrator\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 37%
    Total physical RAM: 8189.57 MB
    Available physical RAM: 5123.43 MB
    Total Pagefile: 16433.66 MB
    Available Pagefile: 12956.78 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:465.76 GB) (Free:162.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive e: (Rosewill) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
    4 Drive f: () (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 466 GB 0 B
    Disk 1 Online 7634 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 466 GB 1024 KB
    Partition 2 Primary 2032 KB 466 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 466 GB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7633 MB 16 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F FAT32 Removable 7633 MB Healthy

    ======================================================================================================

    ****** End Of Log ******
    Michael King, Aug 14, 2012
    #61

  2. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download Kernel Detective: http://www.kernelmode.info/ARKs/Kernel_Detective_v1.3.1.zip

    Extract the file to your Desktop.

    Enter the folder and double-click on Kernel Detective.exe to get started.

    We need four different logs, to be uploaded.

    Click on Kernel Modifications tab, then click on File > Save Current List, and give it a name. The name should be in *.txt format.

    Save the log to your Desktop.

    Do the same for the Drivers tab, System Service Descriptor Table, and the System Service Descriptor Table Shadow.

    Attach all the logs to your next reply.
    Jay Pfoutz, Aug 15, 2012
    #62

  3. Michael King Newcomer, in training Posts: 48

    Errors with "Cannot load the Kernal Driver !"

    Also, Windows Defender is also not loading on bootup, but my Avira loads fine.
    Michael King, Aug 15, 2012
    #63

  4. Jay Pfoutz Malware Helper Posts: 4,286   +49

    I want to check something out, real quick then...

    To use driver verifier:
    - First make sure you can access Safe Mode (with Networking preferably), by tapping [F8] during startup. If verifier detects a problem, you may not be able to start in normal mode, so it is very important that you can access Safe Mode to disable it.
    - Go to Start and in the run/search bar type in verifier and press [Enter].
    - At the start of wizard, click Next.
    - Click Automatically select all drivers installed on this computer followed by Finish, and then restart the PC.

    If you receive any BSOD's during the course of using verifier, please upload the logs, as they will contain the results of any driver problems.

    To turn off driver verifier, simply go back to the verifier wizard again in Safe Mode, and select Delete existing settings.


    Tutorial: http://www.sevenforums.com/crash-lo...-driver-verifier-identify-issues-drivers.html
    Jay Pfoutz, Aug 16, 2012
    #64

  5. Michael King Newcomer, in training Posts: 48

    Ok, I'm actively running the verifier. Other than being a bit slower than normal, everything seems to be running fine.
    Michael King, Aug 17, 2012
    #65

  6. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Cool. Looking forward to results, good or bad. :)
    Jay Pfoutz, Aug 18, 2012
    #66
     

  7. Michael King Newcomer, in training Posts: 48

    Is there a log or something I should post? :)
    Michael King, Aug 18, 2012
    #67

  8. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Not at all. If no bluescreen, no big deal.

    How's the computer running? Everything seems fine from my end, but it's supremely your end that matters...
    Jay Pfoutz, Aug 19, 2012
    #68

  9. Michael King Newcomer, in training Posts: 48

    Well, to be honest, I'm still concerned about the 2nd partition. Do you think it would be safe to delete it, or should I convert it to NTFS first and look inside?
    Michael King, Aug 19, 2012
    #69

  10. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes, you can delete it. (The suspicious one that is, although I thought the ListParts tool would work to delete it).

    It says there is no volume with it, which means no data is available (and the fact that it's not active, which means data can't be saved):

    Disk: 0
    Partition 2
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.
    Jay Pfoutz, Aug 20, 2012
    #70

  11. Michael King Newcomer, in training Posts: 48

    Also, Windows Defender gives an error upon startup, and cannot be started manually.
    Michael King, Aug 20, 2012
    #71

  12. Michael King Newcomer, in training Posts: 48

    To be more explicit, I'm getting this error message:

    [IMG]


    Also, I did delete the suspicious partition.
    Michael King, Aug 20, 2012
    #72

  13. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Jay Pfoutz, Aug 21, 2012
    #73
Page 4 of 4

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.