Solved Help with Windows Security Essentials not cleaning trojans

[Martin Johnson]

I am having the same problem that many users have had "windows has encountered a critical error and will be restarted in one minute." I cannot get some of the scanners loaded to my desktop to run. I have run Maleware bytes and it found nothing. I was able to run FRST64 and I will paste the file below.

Scan result of Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 14-08-2012 23:37:37
Running from H:\
(X64) OS Language: English(US)
Attention: Could not load system hive.Attention: System hive is missing.
========================== Registry (Whitelisted) =============
Attention: Software hive is missing.
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
HKLM-x32\...\Winlogon: [Shell] [x ] ()
==================== Services (Whitelisted) ======

========================== Drivers (Whitelisted) =============

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-08-14 23:33 - 2012-08-14 23:33 - 00000000 ___AD \ProgramData\Recovery
2012-08-14 23:32 - 2012-08-14 23:32 - 00000000 ___AD \Windows\ServiceProfiles
2012-08-14 23:32 - 2012-08-14 23:32 - 00000000 ___AD \Windows\debug
============ 3 Months Modified Files ========================

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 3836.02 MB
Available physical RAM: 3260.92 MB
Total Pagefile: 3834.17 MB
Available Pagefile: 3241.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
======================= Partitions =========================
2 Drive e: (RECOVERY) (Fixed) (Total:14.5 GB) (Free:2.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT32
4 Drive g: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
5 Drive h: () (Removable) (Total:7.44 GB) (Free:5.26 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7643 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 283 GB 200 MB
Partition 3 Primary 14 GB 283 GB
Partition 4 Primary 101 MB 297 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RAW Partition 283 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 14 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 101 MB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7639 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7639 MB Healthy
==================================================================================
======================= End Of Log ==========================

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Are you sure your computer is x64?

 

[Martin Johnson]

Yes, I have the OS disk that I used to install it onto my laptop that is having the problem.

 

[Jay Pfoutz]

We are going to be using a Windows Recovery Environment to help disinfect the system.

Download the OTLPE Network REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPENet.exe and double-click on it to burn to a CD using ISO Burner.
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

 

[Martin Johnson]

After double clicking the OTLPENet.exe icon, a dialog box called Browse for Folder comes up and is asking me to choose Windows Directory.

 

[Jay Pfoutz]

Don't quite understand. Over here on my PC, it works fine.

Could you take a screenshot please?

 

[Martin Johnson]

I canno find the Windows folder on the c drive. Attached is screenshot

 

[Jay Pfoutz]

Attempt to the select the SYSTEM ( C: ) drive there and see what happens...

 

[Martin Johnson]

All I get is " Target is not windows 2000 or later" It is a RunScanner Error.

 

[Jay Pfoutz]

Ahh mercy. Please run FRST and post a new log.

 

[Martin Johnson]

Let me know if I ran it correctly. I ran from inside Reatogo. I ran the 32 bit version.




Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 18-08-2012
Ran by SYSTEM at 18-08-2012 13:15:11
Running from D:\
(X86) OS Language: English(US)
Attention: Could not load system hive.Attention: System hive is missing.
========================== Registry (Whitelisted) =============
Attention: Software hive is missing.
HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
================================ Services (Whitelisted) ==================

========================== Drivers (Whitelisted) =============

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

============ 3 Months Modified Files ========================

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
==================== Restore Points (XP) =====================

========================= Memory info ======================
Percentage of memory in use: 6%
Total physical RAM: 3579.98 MB
Available physical RAM: 3362.84 MB
Total Pagefile: 3401.69 MB
Available Pagefile: 3342.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.02 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive d: () (Removable) (Total:7.44 GB) (Free:5.26 GB) FAT32
4 Drive f: (RECOVERY) (Fixed) (Total:14.5 GB) (Free:2.39 GB) NTFS
5 Drive g: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT32
6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.17 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 283 GB 200 MB
Partition 3 Primary 14 GB 283 GB
Partition 4 Primary 101 MB 298 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Partition 283 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F RECOVERY NTFS Partition 14 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G HP_TOOLS FAT32 Partition 101 MB Healthy
==================================================================================
======================= End Of Log ==========================

 

[Jay Pfoutz]

Please boot to Safe Mode and tell me if it stays on (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

 

[Martin Johnson]

No. It does not stay on. I get the same error, " Windows has encountered a critical error and will restart in one minute"

 

[Jay Pfoutz]

At this point, seeing that there is high system damage, there is no choice but to reformat your hard drive and reinstall your operating system.

Do you have your OEM discs such as operating system install, recovery discs, etc?

If not, what is the make/model of your system?

 

[Martin Johnson]

Yes. I have discs

 

[Jay Pfoutz]

Guide for format and reinstall: http://www.helpmyos.com/tutorials-s...-operating-system-the-easy-way-t1307.htm#3143

I'm going to mark this topic as solved. If you need any help on formatting and reinstalling, please consult one of our other forums here: https://www.techspot.com/community/forums/windows-os.15/