Inactive [A] System check/delayed write failed?

P

PSYOPSChaos

Posts: 11   +0
I have this system check popping up and over 20 delayed write failed (failed to save all the components for the file \\system32\\000024f6. The file is corrupted or unreadable. This error may be caused by a PC hardware problem) and a couple pop ups saying critical error (hard drive critical error) and one about my RAM. The pc is useless thus I am posting using my Motorola photon. Please help, is this fixable or do I need a new laptop?
Thanks :)
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

Same problems in safe mode?
 
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
I have the internet working while in safe mode. do you still want me to download the file? would a usb stick work instead of a cd?
 
Ok, obviously I am retarded and should just fallow your instuctions exactly. I do not have any blank CD's right now, but I will get some after work tomorrow morning. Thank you for your help and I will update tomorrow.
 
downloaded avast tried to run and I get this: "the application has failed to start because its side-by-side configuration is incorrect". I am running windows vista home premium in safe mode with networking.
 
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.29.04

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Bill :: BILL-PC [administrator]

Protection: Disabled

1/29/2012 10:19:59 PM
mbam-log-2012-01-29 (22-19-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 161221
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|jLyiTUCQBK.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\jLyiTUCQBK.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security 2012 (Trojan.FakeAlert) -> Data: C:\ProgramData\isecurity.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\ProgramData\jLyiTUCQBK.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\isecurity.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\ZBa9weL2JYAlHG.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Bill\AppData\Local\Temp\4CDB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Bill\AppData\Local\Temp\EE92.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Bill\AppData\Local\Temp\Low\VesfaRqis0Yhm0.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
ListParts by Farbar
Ran by Bill on 30-01-2012 at 13:42:41
Windows Vista (X86)
Running From: C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ATOZJKW
************************************************************

========================= Memory info ======================

Percentage of memory in use: 29%
Total physical RAM: 1917.32 MB
Available physical RAM: 1360.01 MB
Total Pagefile: 4075.92 MB
Available Pagefile: 3648.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.56 MB

======================= Partitions =========================

1 Drive c: (SQ004513V03) (Fixed) (Total:147.58 GB) (Free:104.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 148 GB 1501 MB
Partition 3 Primary 848 KB 149 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SQ004513V03 NTFS Partition 148 GB Healthy System (partition with boot components)

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.



****** End Of Log ******
 
We have the newest TDL rootkit there.

Download GETxPUD.exe to the desktop of your clean computer

  • Double click on GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Insert blank CD into your CD drive.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Boot bad computer from the CD
  • Press Tool at the top
  • Choose Open Terminal
  • Type parted /dev/sda set 2 boot on
  • Press Enter
  • Type parted /dev/sda rm 3
  • Press Enter
  • Remove xPUD CD, reboot, run aswMBR and post the log

Post new ListParts by Farbar log.
 

Similar threads

S
European Central Bank system crash delayed salaries and welfare funds across Europe
Replies
3
Views
98
Carlos GarPov
C
gubarrr
New build PC - seems to run mostly very well - but not shutting down cleanly
Replies
2
Views
633
theupsstorelosan
T
Daniel Sims
Microsoft emails Windows 10 users, recommending recycling or trade-in of outdated PCs
2
Replies
31
Views
488
captaincranky
captaincranky

Latest posts

Back