1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

FBI Virus / BSOD

Discussion in 'Virus & Other Malware Removal' started by UptheCreek, Dec 29, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. UptheCreek

    UptheCreek Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    25
    Hello,

    Thanks for hosting this forum. Dan here.

    Subject: FBI Virus/ Green Circle

    I have read the "read this first" and have downloaded Hijack This and DDS. (I did not download GMER - more on that in a minute.)

    The Story:.
    1. I was safely asleep in my bed when my computer began to inform me that the FBI was arresting me.
    2. I have had this virus before. In the past, I booted into Safe Mode and ran my antivirus program (SuperAntiSpyware) and wa-lah problem solved. This method is not working this time.
    3. All efforts to boot into safemode result in the BSOD (Blue Screen of Death).

    So...

    4. I can boot off the Ultimate Boot CD or xPud.

    What I cannot do is figure out how to do a scan of my computer with my anti-virus program.

    Other facts:
    1. Windows XP
    2. Dell Laptop
    3. Antivirus is SuperAntiVirus Software - both installed and sitting on a USB.
    4. I have Hijack This and DDS sitting on a clean computer. I did not download GMER cause it was not clear how it was going to install on to a clean computer which I am borrowing from a friend.
    5. The error on the BSOD is 0x0000007b

    So, is there help on this out there?
     
  2. UptheCreek

    UptheCreek Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    25
    Update:

    I think (I am not sure) that by using the Avira rescue CD, I have removed the virus.

    However, this has not resoved error 0x0000007b

    So, anybody know how to get around that?
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    You will need a blank CD, a clean computer and a flash drive.

    Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

    Stage 1

    1. Download and Run http://www.ubcd4win.com/downloads.htm Ultimate Boot CD for Windows

    • Save it to your Desktop.
    • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
    • Follow all of the instructions/prompts that come up.

      NOTES:
    • Do not install to a folder with spaces in it's name.
    • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.

    2. Insert your XP CD with either SP1/SP2/SP3 into the CD Rom drive

    • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
    • Click "I agree" to the Builders License.
    • Click NO to Search for Windows Installation Files

    Make the following selections from the Main Screen that pops up:

    Builder

    Source:(path to Windows installation files)

    • Enter the path to the drive where your XP CD is located.
    • You can click on the "..." button on the right to navigate to the path as well.

    Custom: (include files and folders from this directory)

    • No information is necessary, leave blank.

    Output: (C:\ubcd4win\BartPE)

    • Keep the default BartPE

      Media output:
    • Choose Create ISO image
    • Do not choose Burn to CD/DVD

    Please note: If your XP install disc is SP1 then please .....

    • Disable- DComLaunch Service
    • Enable- LargeIDE Fix

    This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

    Also note: If you have a Dell XP install disc you will need to follow the instructions here:

    http://www.ubcd4win.com/faq.htm#dell


    3. Click on the "Build" button

    • You will see the Windows EULA message. Click on I Agree
    • You will now see the Build Screen. Let it run it's course
    • When the Build is finished you can click close, then exit

    4. Burn your ISO file to CD

    Please see Here on how to burn an ISO to CD.

    =====================================

    Stage 2


    Next, from your clean computer:

    Download Farbar Recovery Scan Tool and save it to your flash drive.

    Now plug your flashdrive back into your sick computer and follow the next instructions:

    =====================================

    Stage 3

    1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created

    • Insert the UBCD4Win disc in to one of your CD/DVD drives.
    • Restart your computer.
    • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.

    • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
    • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
    • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.

    You should now have a desktop that looks like this:

    [​IMG]

    ===================================

    Stage 4

    • Single click My computer from your UBCD4W desktop to navigate to the Farbar Recovery Scan Tool you saved to your flash drive.
    • Double click on it to begin running the tool.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive.

    Please copy and paste the log to your next reply.
     
  4. UptheCreek

    UptheCreek Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    25
    Kevin,

    First - Happy New Year and thank you for all you do.

    I understand all your instructions. However, I do not have the Window's XP CD. Why? This computer was a gift for me who is unemployed. It did not come with any CDs.

    Furthermore, the clean computer does not run XP.

    Anyway around this?

    Thanks
    Dan
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Does the computer boot
     
  6. UptheCreek

    UptheCreek Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    25
    No.

    It does not boot.

    Attempts to boot whether regular, safe, safe with networking, safe with command prompt all result in a BOSD - 0x0000007b.

    I can boot off rescue CDs such as Avira.
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Try this please. You will need a USB flash drive and access to a clean computer:

    Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

    • Insert your USB flash drive
    • Press Start > My Computer > right click your USB flash drive > choose Format > Quick format
    • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
    • Press Run then OK
    • Select the DiskImage option then click the browse button located on the right side of the textbox field.
    • Browse to and select the xpud-0.9.2.iso file you downloaded
    • Verify the correct drive letter is selected for your USB device then click OK
    • It will install a little bootable OS on your USB device
    • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
    • After it has completed do not choose to reboot the clean computer simply close the installer

    Next,

    Download http://noahdfear.net/downloads/rst.sh save to the USB flash drive.

    • Boot the Sick computer with the USB flash drive again
    • Press File
    • Expand mnt
    • Expand your USB (sdb1)
    • Confirm that you see rst.sh that you downloaded there
    • Press Tool at the top
    • Choose Open Terminal
    • Type bash rst.sh
    • Press Enter
    • After it has finished a report will be located at sdb1 named enum.log
    • Plug that USB back into the clean computer and open it

    Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.

    Please also note - all text entries are case sensitive

    Copy and paste the enum.log to your reply....

    Thanks...
     
  8. UptheCreek

    UptheCreek Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    25
    Kevin,

    Thanks for all your help.

    Summary of our Conversation:
    1. You first instructions required me to get XP CD. I said I did not have one because this computer was a gift from a friend.
    2. You gave me a second set of instructions to deal with the fact I did not have an XP DD.

    Update: While you were writing the second set of instructions I got the XP CD from my friend. So, I have the XP CD. So, I am working from your First set of instructions that call for:

    1. Stage 1: Create an Ultimate Boot CD (UBCD).
    2. Stage 2: Download Farbar Recovery Tool to USB
    3. Stage 3: Boot Sick Computer with UBCD.
    4. STage 4: Use Farbar to clean sick computer.


    Problem: I downloaded the UBCD and attempted to build an ISO file. The ISO file failed to create. The log on the UCCD reports two errors and one warning:

    Warning: building from an OEM version of Windows can mean trouble...

    Error: loadKey() failed:

    Error: closeHive() failed: RegUnLoadKey (key="PEBuilder.exe-C:/UBCD4WIN/BARTPE/I386/SYSTEM32/CONFIG/petmphive") returned error 0: Access is denied.

    At the end of the log it says this: Builder has stopped because there are 2 build errors
    ISO image is not created, you must fix the errors!
    Building done..


    So, please advise even if you want me to try the second set of instructions. I am trying to do, as the forum wants - only to do what you tell me to do.

    Thanks again.

    Dan
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Hiya Dan,

    Go for the instructions as written in Reply #7, That will give a list of system restore points, I will then give a new fix to run to use system restore, lets see if that will get the system booting again.
    If the copy of XP CD you now have differs from the installed version it may not help,

    Kevin
     
  10. UptheCreek

    UptheCreek Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    25
    Kevin.

    Following the instructions to read the system restore included in directions #7 was a sucess.

    Here is the copy and paste of the enum log:

    37.0M Dec 29 16:55 /mnt/sda1/WINDOWS/system32/config/software
    6.0M Dec 29 16:55 /mnt/sda1/WINDOWS/system32/config/system
    34.7M Aug 30 17:03 /sda1/~/RP300/~SOFTWARE
    34.7M Aug 31 17:46 /sda1/~/RP301/~SOFTWARE
    34.7M Sep 1 18:14 /sda1/~/RP302/~SOFTWARE
    34.7M Sep 3 02:38 /sda1/~/RP303/~SOFTWARE
    34.7M Sep 4 04:53 /sda1/~/RP304/~SOFTWARE
    34.7M Sep 5 05:15 /sda1/~/RP305/~SOFTWARE
    34.7M Sep 6 05:35 /sda1/~/RP306/~SOFTWARE
    34.7M Sep 7 06:09 /sda1/~/RP307/~SOFTWARE
    34.7M Sep 8 11:41 /sda1/~/RP308/~SOFTWARE
    34.7M Sep 9 13:51 /sda1/~/RP309/~SOFTWARE
    34.7M Sep 10 15:18 /sda1/~/RP310/~SOFTWARE
    34.7M Sep 11 15:38 /sda1/~/RP311/~SOFTWARE
    34.7M Sep 12 05:35 /sda1/~/RP312/~SOFTWARE
    34.7M Sep 13 06:04 /sda1/~/RP313/~SOFTWARE
    34.7M Sep 14 14:46 /sda1/~/RP314/~SOFTWARE
    34.7M Sep 15 19:39 /sda1/~/RP315/~SOFTWARE
    34.7M Sep 16 20:42 /sda1/~/RP316/~SOFTWARE
    34.7M Sep 17 20:53 /sda1/~/RP317/~SOFTWARE
    34.7M Sep 18 22:18 /sda1/~/RP318/~SOFTWARE
    34.7M Sep 19 22:50 /sda1/~/RP319/~SOFTWARE
    34.7M Sep 20 23:50 /sda1/~/RP320/~SOFTWARE
    34.7M Sep 22 07:13 /sda1/~/RP321/~SOFTWARE
    34.7M Sep 22 08:00 /sda1/~/RP322/~SOFTWARE
    34.7M Sep 23 08:22 /sda1/~/RP323/~SOFTWARE
    34.7M Sep 24 09:17 /sda1/~/RP324/~SOFTWARE
    34.7M Sep 25 11:31 /sda1/~/RP325/~SOFTWARE
    34.7M Sep 27 20:22 /sda1/~/RP326/~SOFTWARE
    34.7M Sep 29 00:24 /sda1/~/RP327/~SOFTWARE
    34.7M Sep 30 00:54 /sda1/~/RP328/~SOFTWARE
    34.7M Oct 1 06:48 /sda1/~/RP329/~SOFTWARE
    34.7M Oct 2 16:03 /sda1/~/RP330/~SOFTWARE
    34.7M Jul 14 14:40 /sda1/~/RP258/~SOFTWARE
    34.7M Jul 15 15:52 /sda1/~/RP259/~SOFTWARE
    34.7M Jul 16 15:53 /sda1/~/RP260/~SOFTWARE
    34.7M Jul 17 22:12 /sda1/~/RP261/~SOFTWARE
    34.7M Jul 19 00:18 /sda1/~/RP262/~SOFTWARE
    34.7M Jul 20 01:07 /sda1/~/RP263/~SOFTWARE
    34.7M Jul 21 02:05 /sda1/~/RP264/~SOFTWARE
    34.7M Jul 22 02:20 /sda1/~/RP265/~SOFTWARE
    34.7M Jul 23 03:10 /sda1/~/RP266/~SOFTWARE
    34.7M Jul 24 03:46 /sda1/~/RP267/~SOFTWARE
    34.7M Jul 25 06:53 /sda1/~/RP268/~SOFTWARE
    34.7M Jul 26 07:11 /sda1/~/RP269/~SOFTWARE
    34.7M Jul 27 07:11 /sda1/~/RP270/~SOFTWARE
    34.7M Jul 28 08:11 /sda1/~/RP271/~SOFTWARE
    34.7M Jul 29 09:11 /sda1/~/RP272/~SOFTWARE
    34.7M Jul 30 10:11 /sda1/~/RP273/~SOFTWARE
    34.7M Jul 31 11:11 /sda1/~/RP274/~SOFTWARE
    34.7M Aug 1 12:11 /sda1/~/RP275/~SOFTWARE
    34.7M Aug 2 22:29 /sda1/~/RP276/~SOFTWARE
    34.7M Aug 4 19:01 /sda1/~/RP277/~SOFTWARE
    34.7M Jul 5 20:35 /sda1/~/RP249/~SOFTWARE
    34.7M Jul 6 21:23 /sda1/~/RP250/~SOFTWARE
    34.7M Jul 7 21:27 /sda1/~/RP251/~SOFTWARE
    34.7M Jul 8 22:23 /sda1/~/RP252/~SOFTWARE
    34.7M Jul 10 06:16 /sda1/~/RP253/~SOFTWARE
    34.7M Jul 11 07:03 /sda1/~/RP254/~SOFTWARE
    34.7M Jul 11 08:00 /sda1/~/RP255/~SOFTWARE
    34.7M Jul 12 08:40 /sda1/~/RP256/~SOFTWARE
    34.7M Aug 6 19:38 /sda1/~/RP279/~SOFTWARE
    34.7M Aug 7 19:46 /sda1/~/RP280/~SOFTWARE
    34.7M Aug 9 05:11 /sda1/~/RP281/~SOFTWARE
    34.7M Aug 10 05:37 /sda1/~/RP282/~SOFTWARE
    34.7M Aug 11 06:37 /sda1/~/RP283/~SOFTWARE
    34.7M Aug 12 07:37 /sda1/~/RP284/~SOFTWARE
    34.7M Aug 13 08:50 /sda1/~/RP285/~SOFTWARE
    34.7M Aug 14 18:58 /sda1/~/RP286/~SOFTWARE
    34.7M Aug 15 08:00 /sda1/~/RP287/~SOFTWARE
    34.7M Aug 16 08:47 /sda1/~/RP288/~SOFTWARE
    34.7M Aug 17 18:16 /sda1/~/RP289/~SOFTWARE
    34.7M Aug 18 18:45 /sda1/~/RP290/~SOFTWARE
    34.7M Aug 20 14:30 /sda1/~/RP291/~SOFTWARE
    34.7M Aug 21 14:58 /sda1/~/RP292/~SOFTWARE
    34.7M Aug 22 16:27 /sda1/~/RP293/~SOFTWARE
    34.7M Aug 23 17:55 /sda1/~/RP294/~SOFTWARE
    34.7M Aug 24 18:54 /sda1/~/RP295/~SOFTWARE
    34.7M Aug 26 05:25 /sda1/~/RP296/~SOFTWARE
    34.7M Aug 27 06:36 /sda1/~/RP297/~SOFTWARE
    34.7M Aug 28 06:37 /sda1/~/RP298/~SOFTWARE
    34.7M Jul 13 13:52 /sda1/~/RP257/~SOFTWARE
    34.7M Aug 5 19:20 /sda1/~/RP278/~SOFTWARE
    34.7M Aug 29 15:13 /sda1/~/RP299/~SOFTWARE
    5.8M Aug 30 17:03 /sda1/~/RP300/~SYSTEM
    5.8M Aug 31 17:46 /sda1/~/RP301/~SYSTEM
    5.8M Sep 1 18:14 /sda1/~/RP302/~SYSTEM
    5.8M Sep 3 02:38 /sda1/~/RP303/~SYSTEM
    5.8M Sep 4 04:53 /sda1/~/RP304/~SYSTEM
    5.8M Sep 5 05:15 /sda1/~/RP305/~SYSTEM
    5.8M Sep 6 05:35 /sda1/~/RP306/~SYSTEM
    5.8M Sep 7 06:09 /sda1/~/RP307/~SYSTEM
    5.8M Sep 8 11:41 /sda1/~/RP308/~SYSTEM
    5.8M Sep 9 13:51 /sda1/~/RP309/~SYSTEM
    5.8M Sep 10 15:18 /sda1/~/RP310/~SYSTEM
    5.8M Sep 11 15:38 /sda1/~/RP311/~SYSTEM
    5.8M Sep 12 05:35 /sda1/~/RP312/~SYSTEM
    5.8M Sep 13 06:04 /sda1/~/RP313/~SYSTEM
    5.8M Sep 14 14:46 /sda1/~/RP314/~SYSTEM
    5.8M Sep 15 19:39 /sda1/~/RP315/~SYSTEM
    5.8M Sep 16 20:42 /sda1/~/RP316/~SYSTEM
    5.8M Sep 17 20:53 /sda1/~/RP317/~SYSTEM
    5.8M Sep 18 22:18 /sda1/~/RP318/~SYSTEM
    5.8M Sep 19 22:50 /sda1/~/RP319/~SYSTEM
    5.8M Sep 20 23:50 /sda1/~/RP320/~SYSTEM
    5.8M Sep 22 07:13 /sda1/~/RP321/~SYSTEM
    5.8M Sep 22 08:00 /sda1/~/RP322/~SYSTEM
    5.8M Sep 23 08:22 /sda1/~/RP323/~SYSTEM
    5.8M Sep 24 09:17 /sda1/~/RP324/~SYSTEM
    5.8M Sep 25 11:31 /sda1/~/RP325/~SYSTEM
    5.8M Sep 27 20:22 /sda1/~/RP326/~SYSTEM
    5.8M Sep 29 00:24 /sda1/~/RP327/~SYSTEM
    5.8M Sep 30 00:54 /sda1/~/RP328/~SYSTEM
    5.8M Oct 1 06:48 /sda1/~/RP329/~SYSTEM
    5.8M Oct 2 16:03 /sda1/~/RP330/~SYSTEM
    5.4M Jul 14 14:40 /sda1/~/RP258/~SYSTEM
    5.4M Jul 15 15:52 /sda1/~/RP259/~SYSTEM
    5.4M Jul 16 15:53 /sda1/~/RP260/~SYSTEM
    5.4M Jul 17 22:12 /sda1/~/RP261/~SYSTEM
    5.4M Jul 19 00:18 /sda1/~/RP262/~SYSTEM
    5.4M Jul 20 01:07 /sda1/~/RP263/~SYSTEM
    5.4M Jul 21 02:05 /sda1/~/RP264/~SYSTEM
    5.4M Jul 22 02:20 /sda1/~/RP265/~SYSTEM
    7.2M Jul 23 03:10 /sda1/~/RP266/~SYSTEM
    7.2M Jul 24 03:46 /sda1/~/RP267/~SYSTEM
    7.2M Jul 25 06:53 /sda1/~/RP268/~SYSTEM
    7.2M Jul 26 07:11 /sda1/~/RP269/~SYSTEM
    7.2M Jul 27 07:11 /sda1/~/RP270/~SYSTEM
    7.2M Jul 28 08:11 /sda1/~/RP271/~SYSTEM
    7.2M Jul 29 09:11 /sda1/~/RP272/~SYSTEM
    7.2M Jul 30 10:11 /sda1/~/RP273/~SYSTEM
    7.2M Jul 31 11:11 /sda1/~/RP274/~SYSTEM
    7.2M Aug 1 12:11 /sda1/~/RP275/~SYSTEM
    7.2M Aug 2 22:29 /sda1/~/RP276/~SYSTEM
    7.2M Aug 4 19:01 /sda1/~/RP277/~SYSTEM
    5.4M Jul 5 20:35 /sda1/~/RP249/~SYSTEM
    5.4M Jul 6 21:23 /sda1/~/RP250/~SYSTEM
    5.4M Jul 7 21:27 /sda1/~/RP251/~SYSTEM
    5.4M Jul 8 22:23 /sda1/~/RP252/~SYSTEM
    5.4M Jul 10 06:16 /sda1/~/RP253/~SYSTEM
    5.4M Jul 11 07:03 /sda1/~/RP254/~SYSTEM
    5.4M Jul 11 08:00 /sda1/~/RP255/~SYSTEM
    5.4M Jul 12 08:40 /sda1/~/RP256/~SYSTEM
    7.2M Aug 6 19:38 /sda1/~/RP279/~SYSTEM
    7.2M Aug 7 19:46 /sda1/~/RP280/~SYSTEM
    7.2M Aug 9 05:11 /sda1/~/RP281/~SYSTEM
    5.3M Aug 10 05:37 /sda1/~/RP282/~SYSTEM
    5.3M Aug 11 06:37 /sda1/~/RP283/~SYSTEM
    5.3M Aug 12 07:37 /sda1/~/RP284/~SYSTEM
    5.3M Aug 13 08:50 /sda1/~/RP285/~SYSTEM
    5.3M Aug 14 18:58 /sda1/~/RP286/~SYSTEM
    5.3M Aug 15 08:00 /sda1/~/RP287/~SYSTEM
    5.3M Aug 16 08:47 /sda1/~/RP288/~SYSTEM
    5.3M Aug 17 18:16 /sda1/~/RP289/~SYSTEM
    5.3M Aug 18 18:45 /sda1/~/RP290/~SYSTEM
    5.3M Aug 20 14:30 /sda1/~/RP291/~SYSTEM
    5.3M Aug 21 14:58 /sda1/~/RP292/~SYSTEM
    5.3M Aug 22 16:27 /sda1/~/RP293/~SYSTEM
    5.3M Aug 23 17:55 /sda1/~/RP294/~SYSTEM
    5.3M Aug 24 18:54 /sda1/~/RP295/~SYSTEM
    5.3M Aug 26 05:25 /sda1/~/RP296/~SYSTEM
    5.3M Aug 27 06:36 /sda1/~/RP297/~SYSTEM
    5.3M Aug 28 06:37 /sda1/~/RP298/~SYSTEM
    5.4M Jul 13 13:52 /sda1/~/RP257/~SYSTEM
    7.2M Aug 5 19:20 /sda1/~/RP278/~SYSTEM
    5.8M Aug 29 15:13 /sda1/~/RP299/~SYSTEM

    Is it just me, or should I be concerned there is not a more recent date?

    Well, fingers crossed.

    Thanks, Kevin
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Hiya Dan,

    Yes strange that we do not see a more upto date restore point, ok I give the most recent, RP330. do the following:

    • Boot the Sick computer with the USB drive again
    • Press File
    • Expand mnt
    • Expand your USB (sdb1)
    • Press Tool at the top
    • Choose Open Terminal
    • Type bash rst.sh -r
    • Type RP330
    • Press Enter
    • After it has finished a report will be located at sdb1 named restore.log
    • Please try to boot into normal Windows now and indicate if you were successful

    Please note - all text entries are case sensitive

    Copy and paste the restore.log from your USB drive for my review

    Kevin...
     
  12. UptheCreek

    UptheCreek Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    25
    Kevin,

    1. Booted sick computer.
    2. Input the Bash Command.
    3. Computer asked for Restore Point.
    4. Typed RP330.

    It said "Please wait while hives are created"

    It cam back and said "Resotre Point 330 nout found!"

    Here is a copy and paste of the log:

    Restore point RP330 not found!
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    mmmm, not what we wanted to see, ok, try another run from Sept, then Aug. use any RP you want, pot luck really. If we still get negative result we`ll have to try another way.....

    ***Edit

    Do you have any logs or information that would indicate what was removed, Avira scan possibly??

    This error you mention BOSD - 0x0000007b may possibly indicate a defunct MBR. You have mentioned having access to an XP CD, maybe we can access the Recovery Console and use it to fix the MBR, see what happens with xPUD SR first...
     
  14. UptheCreek

    UptheCreek Thread Starter

    Joined:
    Dec 29, 2012
    Messages:
    25
    Kevin,

    I tried multipe RP Points - Same result.

    I do not have any longs from Avira

    Any suggestions on what to try next?

    Thanks
    Dan
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Download xPUD Testdisk from here: http://noahdfear.net/downloads/xPUDtestdisk.exe and save it to the USB device

    • Double click xPUDtestdisk.exe to extract the contents to your USB flash device
    • Remove the USB and insert it in the sick computer
    • Boot the Sick computer
    • Press F12 and choose to boot from the USB
    • Follow the prompts
    • A Welcome to xPUD screen will appear
    • Press File
    • Expand mnt
    • sda1,2...usually corresponds to your HDD
    • sdb1 is likely your USB
    • Click on the folder that represents your USB drive (sdb1 ?)
    • Press Tool at the top
    • Choose Open Terminal
    • Type testdisk/testdisk_static
    • Press Enter

    • The TestDisk command window will open
    • Choose Create and press Enter
    • TestDisk will now detect all local hard drives
    • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter
    • If your not sure then note everything you see and post it for my review
    • Select Intel (even if you have an AMD processor) and press Enter
    • Select Advanced and press Enter
    • Select [Boot] and press Enter
    • Select [Dump] and press Enter
    • Select [Quit] to exit

    A log will be created in the root of the usb device. Remove the USB drive and insert back in your working computer

    Please note - all text entries are case sensitive

    Copy and paste the resultant log for my review...

    Kevin..
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1082913

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice