03-05-2012 07:43 AM
My boss got a series of emails and letters from Comcast instructing him to fix hid DNS server bot issue due to the DNS Changer Bot problem they encountered. If he didn't do what they wanted his internet service would be disconnected or interrupted. He asked me to do the "do-it-yourself" process to correct the problem because I am better with computers than he is.NOTE: He is running Windows Vista on an Acer Desktop Computer.
So I went to the site Comcast said to go to: http://xfinity.comcast.net/constantguard/botassist
Tried the F8 trick to restart from the Last Good Configuration - NO GO. Tried restarting it in Debug mode, NO GO. Tried to boot using "msconfig" and only boot using certain programs from Microsoft only, NO GO. Tried to do a System Restore in Safe Mode (via Command Prompt), NO GO.I have tried all these things in Administrator mode and in the regular user mode, NO GO.
I'm at a loss at this point - I've been on many forums and cannot find anyone that is using Windows Vista who has a fix for this. It is clearly because of this Eraser tool but it won't let me go back to my restore point, it gives me another error code, in addition to the BSOD error codes. If anyone can help I would appreciate it - if you need the Norton logs, Error codes, etc. please respond and I'll be happy to post.
03-05-2012 11:30 AM - edited 03-05-2012 11:47 AM
What is the BSOD code that appears??
You still have Safe Mode, Just no other mode including Normal Mode.
Did Norton Power Eraser (NPE) do a scan or did you have the Rootkit scan selected so that NPE restarted the PC before any scan and that is where it is stuck.
03-06-2012 08:24 AM
@Quads: To answer your questions first - I think it's 0x0000008e (0xc0000005e, etc....) I will have to post the screen shot of it when I get home, at work atm. And yes, Safe Mode is working fine, Normal Mode is what is having the issue. NPE did the scan yes, and prompted me to restart when it was done.
UPDATE (from Bleeping Computer - if you have not read that post already): I was able to bypass the BSOD by simultaneously clicking F10 and Alt while computer was booting up. This allowed me TEMPORARILY to boot up normally (not in safe mode). I was logged in for 3 hours, in which I did a system restore to 3 days ago, ran 3 anti-virus and anti-malware programs (microsoft's pc fix, AVG, and Malware Bytes), removed 7 or 8 Trojans. I searched extensively for the Norton program but it was no where to be found. I then did a restart (because I was prompted after all the spring cleaning I was doing) and guess what....BSOD again with the same error codes.
I will post all logs, codes, and back-up material when I get home.
03-06-2012 10:56 AM
Start NPE and instead look at the previous scan results to see if it tells you what you can restore so that is wht it would have taken. Don't do another scan just close the program.
Please attach the Malwarebytes log(s). AVG and Norton will conflict with each other.
03-06-2012 01:30 PM - edited 03-06-2012 01:32 PM
One thing by symptoms that seems to be the case, (though logs or a file name from NPE would be helpful).
Safe Mode loading has not problem but Normal Mode causes and error code BSOD. Reasons,
a) NPE is trying to load after the restart in Normal Mode but can't causing a BSOD, NPE doesn't try to load in Safe Mode not causing the BSOD error.
b) A file(s) (eg. driver) is wanted to load in Nornal Mode, or anything connected to that, like a registry entry, The file (object) was removed by NPE and on restart with the Object missing but Windows wants it to load in Normal Mode causes the BSOD. The file or object like some services are not loaded in Safe Mode so Safe Mode loads OK. Safe Mode with Networking starts more services than Safe Mode (min).
The object may still be there but now corrupt.
c) AVG and Norton are conflicting seriously in Normal Mode causing the BSOD after some sort of removal, Norton and AVG don't run in realtime in Safe mode compared to Normal Mode, so with either AV software loading realtime in Safe Mode the BSOD does not occur.
03-08-2012 03:53 PM
As Quads mentioned, the NPE history/undo feature would be useful here. If your Safe Mode has no networking you may need to cancel out of NPE's attempts to restore network connections, but even without a network connection you can still get to the main window and use the History feature. After you find your repair session and hit Next, it will show what was removed. You can click on the "hyperlink" for each item to see the exact file path, which would be good to know. And you can run Undo, which is the normal procedure in NPE to undo any changes it may have made to your system.
03-09-2012 05:50 PM
NPE won't let me start - even in Safe mode (it wouldn't let me before I did the system restore during the 4 hours I was allowed in normal mode a couple of days before I read this either. - it kept sying there was an error loading the log and couldn't retreive scan results) That's why I couldn't I undo what I did in the first place - the program locked up on me and would not let me in to do anything.
Attached are a few logs that may help:
1. Malwarebytes scan log
2. aswMBR scan log
3. NPE logs (2)
4. TDSSKiller scan logs
5. GMER scan log
03-09-2012 05:51 PM
Here are 2 more logs to review that I couldn't attach to last post.
03-09-2012 05:58 PM
The error code when I try to see history is this:
AN ERROR HAS OCCURED
Error getting system path
Error code 0x80045006,0
NPE will not let me in to review system files or undue what I did.