Welcome aboard
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
====================================
Please observe forum rules.
All logs have to be pasted not attached.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 18 days old)
Ran by SYSTEM at 31-03-2013 16:09:42
Running from J:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
Tcpip\Parameters: [DhcpNameServer] 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10
==================== Services (Whitelisted) ===================
==================== Drivers (Whitelisted) =====================
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
==================== One Month Modified Files and Folders =======
2013-03-31 16:09 - 2013-03-31 16:09 - 00000000 ____D C:\FRST
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
c:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 6126.46 MB
Available physical RAM: 5450.96 MB
Total Pagefile: 6124.66 MB
Available Pagefile: 5454.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:888.46 GB) NTFS
2 Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF
7 Drive j: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:4.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 980 MB 0 B
Partitions of Disk 0:
===============
Disk ID: 2C0C533A
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 919 GB Healthy
=========================================================
Partitions of Disk 5:
===============
Disk ID: 01287000
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 980 MB 16 KB
==================================================================================
Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J FAT32 Removable 980 MB Healthy
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: 2C0C533A
Partition 1:
=========
Hex: 80002C00000000002B00000000000000
Active: YES
Type: 00
Size: 0 byte
ATTENTION ===> 0 byte partition bootkit on partition 1
Partition 2:
=========
Hex: 00010100DEFE3F043F00000086390100
Active: NO
Type: DE
Size: 39 MB
Partition 3:
=========
Hex: 8019150507FEFFFF0040010000F08701
Active: YES
Type: 07 (NTFS)
Size: 12 GB
Partition 4:
=========
Hex: 00FEFFFF07FEFFFF003089010030E772
Active: NO
Type: 07 (NTFS)
Size: 919 GB
==============================
Partitions of Disk 5:
===============
Disk ID: 01287000
Partition 1:
=========
Hex: 800101000B01FFFF20000000E0A31E00
Active: YES
Type: 0B
Size: 980 MB
==================== End Of Log =============================
*****************************************************************************************************
*****************************************************************************************************
- For 64bit systems, download Listparts64 and save it to your flashdrive
- Download attached fix.txt file.
Save it to your flash drive.
Enter
System Recovery Options again.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
- Select Command Prompt
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\listparts (for x64 bit version type e:\listparts64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
- The tool will start to run.
- Press Fix button.
- ListParts will process the script in Fix.txt
- When finished please press the Scan button.
- It will make a log (Result.txt) on the flash drive. Please copy and paste it to your reply.
See if you can boot normally.
If not re-run FRST and post new log.