Windows won't boot up

Did SUPERAntiSpyware actually finish running and remove malware? Did it ask you to reboot or did it automatically?

Do you have your Windows XP bootable CD?

 

If downloaded from the link in the READ & RUN ME yesterday it should be 4.20.1046. And if downloaded from our links before yesterday it would be 4.20.1044

 

Did you download it from one of our links when you started working on this? Or did you already have it installed or was it downloaded from somewhere else?

Since you have your Windows CD, the below may be your only option now.


http://forums.majorgeeks.com/showthread.php?t=168038

 

You mean it takes you to here: http://www.majorgeeks.com/SUPERAntiSpyware_d5116.html

Which is where you downloaded from? This means as I stated, you were using at least version 4.20.1044 and possibly 4.20.1046 which is the info the Nick was interested in. I have asked him to check back in. In the meantime, start looking at that link I gave you from Microsoft as it may be the only work around other than a Windows repair or reinstall.

 

Ooops! Copy & Paste buffer problem. Here is the correct link.

http://support.microsoft.com/default.aspx?scid=kb;en-us;307545&sd=tech



But you did download SAS from our download links which is the point I was trying to make.

 

Okay let me know if you have any questions too.

 

Man when things go wrong....they really go wrong.

What kind of keyboard do you have? PS/2 or USB? If USB, there may be a setting to enable your USB ports in DOS mode. Maybe it reads as "USB DOS"

 

That's because you are suppose to have a command prompt that says c:\Windows when you get into the Recovery Console. You are not supposed to be in the root folder which is C:\. The prompt should have looked like C:\Windows>

Okay then before doing anything else. See if you can locate a log from SUPERAntispyware. It will be in a folder like below where USERNAME will be your user account name.

Code:

"C:\Documents and Settings\USERNAME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
supera~1.log  Jun 11 2008        1190  "SUPERAntiSpyware Scan Log - 06-11-2008 - 22-36-57.log"

The log shown and date above is just an example. Yours will be different if it even exists. I first want to see if SAS actually removed anything at all.

 

Yes it does. It is a required folder of Windows. Are you logging into your account, and do you have viewing of hidden and system files and folders enabled like mentioned in step 1 of the READ & RUN ME. Check again.

Also if you are able to run in safe mode as stated, then download the MGtools.exe file given in the READ & RUN ME (if not already downloaded). And then run it by double clicking on it. Wait for it to finish running and then find the C:\MGlogs.zip file and attach it here. This will also show me if the SAS log exists along with giving us other information.

 

Please attach the log.

This was explained in the Using MGtools instructions. Please attach the MGlogs.zip file.

Similar functions but we prefer CCleaner which also has other features.

 

SAS just remove a Nero keygenerator (bad idea!!! ) and nothing else. This is no reason for your PC to become unbootable. Since now it has all of a sudden become bootable in safe mode, perhaps you should be trying normal boot mode. There is no other malware showing in the logs you attached so I'm not even sure what problems you had that caused you to start running the cleaning steps to begin with.

If your PC can still not boot in normal mode, you should try running System Restore from safe mode and restore to a point in time before your problems began (which we would be before Aug 24th). Otherwise backup your important data and then attemp either a Windows Repair or a reinstall if the repair does not work.

 

You're welcome. Let us know the results of the System Restore. As I stated in my last message, it is your last option before a repair or a reinstall. And I repeat, you should not hestitate in backing up important data before you go any further. Your PC could become unbootable again at any time.

 

Does that mean you can boot in normal mode now? If so, only run Malwarebytes and MGtools and attach the logs. Make sure you use the current versions.

 

Your logs are clean, but you do need to do the below.

Uninstall the below old versions of Sun Java:
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5

Then reboot.

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now we need to cleanup some items from running ComboFix.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix.
3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You're welcome. Surf safely!