Solved Trojan Win32.Sirefef, PC reboots every minute

I

ihatetrojans

Posts: 68   +0
I have a similar problem to many others on this board.
MSE detected Trojan Win32 Sirefef, (A, B I think, although there could've been others). It quarantined and tried to remove them but they kept returning and then I got stuck in the critical error / 1 minute restart issue.
I am using Vista 32-bit.
My head boggles with the tons of instructions given here - tried to get into System Recovery Options but got stuck at Command Prompt when I entered the drive where I stored FRST.
I ran pc in Safe Mode, Safe Mode with network, etc etc but no luck.

Due to this, I couldn't follow the 5 step malware removal process.

I'd appreciate any help in resolving this.
 
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-07-2012
Ran by daphene at 08-07-2012 18:34:33
Running from J:\
Service Pack 2 (X86) OS Language: French Standard
Attention: Could not load system hive.Erreur : Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-08 18:01 - 2012-07-08 18:34 - 00000000 ____D C:\FRST
2012-07-07 20:24 - 2012-07-07 20:24 - 00001063 ____A C:\Users\daphene\Desktop\Revo Uninstaller.lnk
2012-07-07 17:50 - 2012-07-07 17:50 - 00000000 ____D C:\Users\daphene\AppData\Local\Conduit
2012-07-07 17:50 - 2012-07-07 17:50 - 00000000 ____D C:\Program Files\WiseConvert
2012-07-07 17:50 - 2012-07-07 17:50 - 00000000 ____D C:\Program Files\Conduit
2012-07-07 15:05 - 2012-07-07 15:05 - 00000000 ____D C:\Program Files\VS Revo Group
2012-07-07 15:04 - 2012-07-07 15:04 - 00000000 ____D C:\Users\daphene\AppData\Roaming\Malwarebytes
2012-07-07 15:04 - 2012-07-07 15:04 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-07 14:52 - 2012-07-07 20:14 - 00000000 ____D C:\Program Files\CCleaner
2012-07-07 13:28 - 2012-07-07 13:28 - 00000000 ___SD C:\ComboFix
2012-07-07 13:00 - 2012-07-07 13:00 - 00026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-07-06 23:25 - 2012-07-06 23:25 - 00000000 ____D C:\Qoobox
2012-07-06 23:25 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-06 23:25 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-06 23:25 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-06 23:25 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-06 23:25 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-06 23:25 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-06 23:25 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-06 23:25 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-06 23:24 - 2012-07-06 23:24 - 00000000 ____D C:\Windows\erdnt
2012-07-06 19:29 - 2012-07-06 19:29 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lcfylmfc.sys
2012-07-06 00:52 - 2012-07-06 00:52 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-07-06 00:42 - 2012-07-06 00:51 - 22291296 ____A (Microsoft Corporation) C:\Users\daphene\Downloads\BOIE9_ENUS_BO0084_VIS.EXE
2012-07-04 12:32 - 2012-07-04 12:32 - 00000000 ____D C:\rei
2012-07-04 12:32 - 2012-07-04 12:32 - 00000000 ____D C:\Program Files\Reimage
2012-07-04 12:11 - 2012-07-06 00:32 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-03 20:54 - 2012-07-03 20:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-03 20:34 - 2012-07-03 20:35 - 10288512 ____A (Microsoft Corporation) C:\Users\daphene\Downloads\mseinstall(4).exe
2012-07-02 20:30 - 2012-07-02 20:30 - 00137216 ____A (DT Soft Ltd) C:\Users\daphene\AppData\Roaming\mspap.dll
2012-06-24 18:06 - 2012-06-24 18:07 - 01505959 ____A C:\Users\daphene\Downloads\To Maxime, Christopher and Kevin..wmv
2012-06-23 19:30 - 2012-06-23 19:30 - 00000000 ____D C:\Users\daphene\AppData\Local\Macromedia
2012-06-21 14:00 - 2012-06-03 00:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 14:00 - 2012-06-03 00:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 14:00 - 2012-06-03 00:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 14:00 - 2012-06-03 00:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 13:59 - 2012-06-03 00:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 13:59 - 2012-06-03 00:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 13:59 - 2012-06-03 00:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 13:59 - 2012-06-02 15:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 13:59 - 2012-06-02 15:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-16 10:01 - 2012-05-18 01:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-16 10:01 - 2012-05-18 00:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-16 10:01 - 2012-05-18 00:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-16 10:01 - 2012-05-18 00:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-16 10:01 - 2012-05-18 00:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-16 10:01 - 2012-05-18 00:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-16 10:01 - 2012-05-18 00:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-16 10:01 - 2012-05-18 00:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-16 10:01 - 2012-05-18 00:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-16 10:01 - 2012-05-18 00:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-16 10:01 - 2012-05-18 00:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-16 10:01 - 2012-05-18 00:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-16 10:01 - 2012-05-18 00:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-16 10:01 - 2012-05-18 00:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-15 17:48 - 2012-04-23 18:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-15 17:48 - 2012-04-23 18:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-15 17:48 - 2012-04-23 18:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-15 17:47 - 2012-05-15 21:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-15 17:47 - 2012-05-01 16:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 20:27 - 2012-06-13 20:27 - 00164659 ____A C:\Users\daphene\Downloads\Attachments_2012_06_13.zip

============ 3 Months Modified Files ========================

2012-07-08 18:22 - 2012-05-27 15:48 - 00001054 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-08 18:22 - 2009-09-20 15:34 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-08 18:20 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-08 18:20 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-08 18:20 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-08 17:54 - 2006-11-02 15:01 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-07 20:24 - 2012-07-07 20:24 - 00001063 ____A C:\Users\daphene\Desktop\Revo Uninstaller.lnk
2012-07-07 17:51 - 2010-03-24 19:07 - 00035894 ____A C:\Windows\PFRO.log
2012-07-07 13:59 - 2012-05-27 15:48 - 00001058 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-07 13:00 - 2012-07-07 13:00 - 00026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-07-06 23:19 - 2009-08-23 11:46 - 00005892 ____A C:\Users\daphene\AppData\Local\d3d9caps.dat
2012-07-06 19:29 - 2012-07-06 19:29 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\lcfylmfc.sys
2012-07-06 01:27 - 2006-11-02 12:22 - 46399488 ____A C:\Windows\System32\config\software_previous
2012-07-06 01:27 - 2006-11-02 12:22 - 33030144 ____A C:\Windows\System32\config\system_previous
2012-07-06 01:22 - 2006-11-02 12:22 - 38535168 ____A C:\Windows\System32\config\components_previous
2012-07-06 01:22 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-07-06 00:54 - 2008-04-15 21:10 - 01587038 ____A C:\Windows\WindowsUpdate.log
2012-07-06 00:52 - 2012-02-08 11:02 - 00014785 ____A C:\Windows\IE9_main.log
2012-07-06 00:51 - 2012-07-06 00:42 - 22291296 ____A (Microsoft Corporation) C:\Users\daphene\Downloads\BOIE9_ENUS_BO0084_VIS.EXE
2012-07-05 23:14 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-07-05 23:14 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-07-05 20:36 - 2010-02-28 11:04 - 00010379 ____A C:\Windows\setupact.log
2012-07-03 21:18 - 2012-03-30 11:37 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-03 20:54 - 2012-04-06 13:10 - 00001912 ____A C:\Windows\epplauncher.mif
2012-07-03 20:54 - 2006-11-02 12:33 - 01525384 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-03 20:35 - 2012-07-03 20:34 - 10288512 ____A (Microsoft Corporation) C:\Users\daphene\Downloads\mseinstall(4).exe
2012-07-02 20:30 - 2012-07-02 20:30 - 00137216 ____A (DT Soft Ltd) C:\Users\daphene\AppData\Roaming\mspap.dll
2012-07-02 20:25 - 2012-06-03 14:20 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000UA.job
2012-07-01 14:25 - 2012-06-03 14:20 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000Core.job
2012-07-01 11:22 - 2008-06-30 21:27 - 00024064 ____A C:\Users\daphene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-24 18:07 - 2012-06-24 18:06 - 01505959 ____A C:\Users\daphene\Downloads\To Maxime, Christopher and Kevin..wmv
2012-06-23 17:19 - 2012-03-30 11:37 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-23 17:19 - 2011-05-21 11:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-22 17:15 - 2008-10-07 14:10 - 00000394 ____A C:\Windows\Tasks\1-Click Maintenance.job
2012-06-21 21:23 - 2009-12-26 22:13 - 00000330 ____A C:\Windows\Tasks\HPCeeScheduleFordaphene.job
2012-06-16 10:32 - 2006-11-02 14:47 - 00395776 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-16 10:08 - 2006-11-02 12:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-13 20:27 - 2012-06-13 20:27 - 00164659 ____A C:\Users\daphene\Downloads\Attachments_2012_06_13.zip
2012-06-03 14:19 - 2012-06-03 14:19 - 00493520 ____A (Facebook Inc.) C:\Users\daphene\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
2012-06-03 00:19 - 2012-06-21 14:00 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-03 00:19 - 2012-06-21 14:00 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-03 00:19 - 2012-06-21 14:00 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-03 00:19 - 2012-06-21 13:59 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-03 00:19 - 2012-06-21 13:59 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-03 00:12 - 2012-06-21 14:00 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-03 00:12 - 2012-06-21 13:59 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-21 13:59 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:12 - 2012-06-21 13:59 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 15:44 - 2008-07-01 00:17 - 00013796 ____A C:\Users\daphene\AppData\Roaming\wklnhst.dat
2012-05-31 15:42 - 2012-04-05 21:10 - 00750592 ____A C:\Users\daphene\Desktop\cv daphene.wps
2012-05-30 21:40 - 2012-05-30 21:36 - 10288512 ____A (Microsoft Corporation) C:\Users\daphene\Downloads\mseinstall(3).exe
2012-05-30 19:47 - 2012-05-30 19:44 - 10288512 ____A (Microsoft Corporation) C:\Users\daphene\Downloads\mseinstall(2).exe
2012-05-27 15:51 - 2012-05-27 15:51 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-05-27 15:50 - 2012-05-27 15:50 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-05-27 15:50 - 2012-05-27 15:50 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-05-27 15:50 - 2012-05-27 15:50 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-05-27 15:50 - 2008-03-27 00:45 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-05-27 15:16 - 2012-05-27 15:15 - 00693504 ____A (RealNetworks, Inc.) C:\Users\daphene\Downloads\RealPlayer_fr.exe
2012-05-18 01:11 - 2012-06-16 10:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-18 00:48 - 2012-06-16 10:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-18 00:45 - 2012-06-16 10:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-18 00:36 - 2012-06-16 10:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-18 00:35 - 2012-06-16 10:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-18 00:35 - 2012-06-16 10:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-18 00:33 - 2012-06-16 10:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-18 00:31 - 2012-06-16 10:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-18 00:29 - 2012-06-16 10:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-18 00:29 - 2012-06-16 10:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-18 00:27 - 2012-06-16 10:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-18 00:25 - 2012-06-16 10:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-18 00:24 - 2012-06-16 10:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-18 00:20 - 2012-06-16 10:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-15 21:51 - 2012-06-15 17:47 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 10:09 - 2008-10-19 13:39 - 00230424 ____A C:\Windows\00000000.STI
2012-05-07 14:07 - 2012-05-07 14:03 - 05370523 ____A C:\Users\daphene\Downloads\pics(1).zip
2012-05-01 16:03 - 2012-06-15 17:47 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-23 18:00 - 2012-06-15 17:48 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 18:00 - 2012-06-15 17:48 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 18:00 - 2012-06-15 17:48 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-16 10:12 - 2012-04-16 10:12 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk


ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 26%
Total physical RAM: 2036.45 MB
Available physical RAM: 1504.07 MB
Total Pagefile: 4310.16 MB
Available Pagefile: 3925.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.92 MB

======================= Partitions =========================

1 Drive c: (COMPAQ) (Fixed) (Total:222.91 GB) (Free:142.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.97 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: (Nano) (Removable) (Total:3.76 GB) (Free:2.52 GB) FAT32

Nø disque Statut Taille Libre Dyn GPT
---------- ------------- ------- ------------ --- ---
Disque 0 En ligne 233 G octets 0 octets
Disque 1 En ligne 3854 M octets 0 octets
Disque 2 Aucun m‚di 0 octets 0 octets
Disque 3 Aucun m‚di 0 octets 0 octets
Disque 4 Aucun m‚di 0 octets 0 octets
Disque 5 Aucun m‚di 0 octets 0 octets

Partitions of Disk 0:
===============

Nø partition Type Taille D‚calage
------------- ---------------- ------- --------
Partition 1 Principale 223 G 32 K
Partition 2 Principale 10 G 223 G

==================================================================================

Disk: 0
Partition 1
Type : 07
Masqu‚ : Non
Active : Oui

Nø volume Ltr Nom Fs Type Taille Statut Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C COMPAQ NTFS Partition 223 G Sain SystŠme

==================================================================================

Disk: 0
Partition 2
Type : 07
Masqu‚ : Non
Active : Non

Nø volume Ltr Nom Fs Type Taille Statut Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FACTORY_IMA NTFS Partition 10 G Sain

==================================================================================

Partitions of Disk 1:
===============

Nø partition Type Taille D‚calage
------------- ---------------- ------- --------
* Partition 1 Principale 3854 M 0 o

==================================================================================

Disk: 1
Aucune partition n'est s‚lectionn‚e.

Aucune partition n'est s‚lectionn‚e.
S‚lectionnez une partition et essayez … nouveau.

==================================================================================

==========================================================

Last Boot: 2012-07-06 00:39

======================= End Of Log ==========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Ok, pleeeze don't roll your eyes....
where do I run FRST after going to System Recovery Options?
Do I plug in the usb where I have saved the FRST.exe ?
Do I run the pc in safe mode or normally? As it is, I have to type rapidly to beat the minute before I get the dreaded message about rebooting.
 
Please don't quote my replies.

You go the very same way as you went to create FRST log but this time you want to search for a file.
 
Please don't quote my replies.
Click to expand...

You're doing something wrong.
Don't boot to Windows.
Boot to System Recovery Options so you can run FRST and search from it.
Read my replies carefully.
 
ihatetrojans said:
Thanks , got it!
However, before the search is finished, the pc reboots itself :-(
Click to expand...

Evidently I'm doing something wrong....
I went into Safe Mode , ran FARBAR and got my FRST log.
Now, whenever I do that to run FRST, the pc reboots.
When I go into System Recovery Options, there is a list of menu.
There's nothing to indicate where I can run FRST.... sorry :-(
 
OK, I just noticed you ran FRST from within Windows.
That's not how you do it.
My fault I overlooked it.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Thanks for your patience...I managed to get these steps ;
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
I found the FRST.EXE in my J drive but was shown the message that it isn't known...
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
I tried all the letters from C to J , lowercase and uppercase but same message or one which says : the peripheral is not ready ( in French it is Le peripherique n'est pas pret )
 
By
ihatetrojans said:
Thanks for your patience...I managed to get these steps ;
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
I found the FRST.EXE in my J drive but was shown the message that it isn't known...
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
I tried all the letters from C to J , lowercase and uppercase but same message or one which says : the peripheral is not ready ( in French it is Le peripherique n'est pas pret )
Click to expand...


BTW, my keyboard is French so I should choose French as the keyboard language setting tight?
In addition, after this, I am directed to USER ACCOUNT, there isn't one asking about operating system.
 
ihatetrojans said:
By



BTW, my keyboard is French so I should choose French as the keyboard language setting tight?
In addition, after this, I am directed to USER ACCOUNT, there isn't one asking about operating system.
Click to expand...


Ok, in the admin box,
X:\windows\system32> j:\frst.exe
'j:\frst.exe' n'est pas reconnu en tant que commande interne ou externe, un programme executable ou un fichier de commande

Yes, I feel like executing the machine!
 
1. If you quote my reply one more time I'll close this topic. I asked you three times already not to quote my replies.

2. You're nor reading my instructions carefully enough. It clearly says:
Select US as the keyboard language settings
Click to expand...
 
Broni said:
1. If you quote my reply one more time I'll close this topic. I asked you three times already not to quote my replies.

2. You're nor reading my instructions carefully enough. It clearly says:
Click to expand...

Sorry....NOW I get what you meant about quoting you! My apologies, I got it.
 
Ok, I have chosen US as the keyboard language but there isn't the step asking about the operating system, when I clicked NEXT after the keyboard language, it went to User Account.
Same thing happened , when I typed J as the drive which stored the FRST.EXE , the message that it is not recognized.
 
A rough translation is :
j:\frst.exe is not recognized as internal or external command, operable program or batch file
 
Thank you for putting up with me and my ignorance.
Unfortunately, I don't have the dvd as it is a pre-installed store-bought pc.
 
Hello again,
I used the Windows Installation disc, got to Advance Boots Options but there is no Repair Your Computer
I see the box
Choose Advanced Options for : Windows Setup
( Use the arrow keys to highlight your choice.)
Safe Mode
Safe Mode with Networking
.....
 
Hello again,
Please accept my humblest apologies for not being able to continue with the assistance yesterday. If you'd allow me, shall we pick this up this weekend when I've more time to stay focused and pay very close attention ?
Please don't give up on me even though I'm such a pc dork?
I appreciate your patience and kind comprehension very very much.
 
No worries.
If you find your topic closed after 5 days you can always PM me and I'll reopen it.

You're doing something wrong.
The very first screen after booting form the disk should look like this:

setup-option.jpg


Make sure you're booting from the DVD.
You may need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
 
You must log in or register to reply here.

Similar threads

TimTom
PC Blue screens but works in safe mode
Replies
5
Views
1K
Kshipper
Kshipper
Ivan Franco
New Microsoft Surface devices and HP PCs show off ongoing PC innovation
Replies
0
Views
1K
Ivan Franco
Ivan Franco
C
PC works in safe mode but keeps rebooting in normal mode
Replies
14
Views
4K
ravisunny2
ravisunny2

Latest posts

Back