Malware removed - But windows now does not start

Discussion in 'Malware Help (A Specialist Will Reply)' started by gtrockefellar, Mar 14, 2013.

  1. gtrockefellar

    gtrockefellar Private E-2

    Hi,

    I can't get windows explorer to open after I remove the malware from my system. It goes through normal booting, and gets to the windows startup screen, then when windows is going to open, the screen is blank except for my desktop image. Anyone know what the problem is? Thankfully I knew how to use system restore.

    This is what my malware log from malwarebytes says.



    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.14.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Gerald :: YOUR- [administrator]

    Protection: Disabled

    3/14/2013 1:58:26 AM
    MBAM-log-2013-03-14 (02-08-46).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 262302
    Time elapsed: 7 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> No action taken.

    Registry Values Detected: 4
    HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: f4c1b8ab2fc1584dfa1a1d5e97711d29 -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_XMLLookup (Hijacker.XMLLookup) -> Data: http://shell.windows...gID=x&Ext=%s -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://shell.windows...edir.asp?Ext=%s -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_intl (Hijacker.intl) -> Data: http://shell.windows...gID=x&Ext=%s -> No action taken.

    Registry Data Items Detected: 5
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeope...p&l=x&ext=%s) Good: (http://shell.windows...gID=x&Ext=%s) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeope...p&l=x&ext=%s) Good: (http://shell.windows...edir.asp?Ext=%s) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|intl (Hijacker.intl) -> Bad: (http://www.helpmeope...p&l=x&ext=%s) Good: (http://shell.windows...gID=x&Ext=%s) -> No action taken.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Documents and Settings\Gerald\My Documents\Downloads\Unconfirmed 92759.crdownload (PUP.Bundle.Installer.OI) -> No action taken.

    (end)
     
    gtrockefellar, Mar 14, 2013
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Kestrel13!, Mar 14, 2013
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds