Please can some one help me.? Last year I bought a laptop and a nexus. I bought Norton antivirus that allowed me cover 3 devices. Cover ran out beginning of November. I renewed on line as per the request still covering 3 devices. However it seems I can’t cover my nexus under this renewal…I don’t get it…wjy have a package to cover 3 when it won’t let me. Am I doing something wrong. I bought Norton 360.

My 2nd request for assistance after my 1st was spoiled by an unnamed individual....

My mothers laptop was apparently infected with one or more virus's, at which point she used NPE to remove the threat. Now the laptop will not boot in any mode. I know she has Window 7 home premium SP1 x64, but that is about it. I have no idea what version of Norton she has since I have not actually used the laptop previously. Quads,  I have very limited knowledge but I can follow instructions very well and any assistance you can provide me will be greatly appreciated. She has pictures of her grandchildren on the laptop she hopes to keep (no back up of course). And she may soon go into Facebook withdrawals.

Thanks for your consideration

-Matt

In hindsight I see now that I shouldn't have downloaded and ran FRST scan without assistance, so going forward I will only follow your directions and won't attempt to jump ahead. Yes I downloaded and ran the FRST64.exe 64 bit version and scanned only. 

You have a Bootkit (BCD) and zeroaccess, plus system restore is stuck

I am going to ask FRST for more information.

Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again. Like previously

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe or frst64.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press the Fix button just once and wait.
• The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply (attach).

Quads

Got it!

If after this with Windows Vista or Windows 7 gives you an option screen to choose,

a) Startup Repair

b) Start Normally

Choose Start Normally, although for the first time it will take longer to load.

First, Delete the .txt files on the Flash Drive so you are left with just FRST on the Flash Drive.

Download the script attached, needs to be the same file name as well (fixlist.txt), Copy across to flash drive

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again. Like previously

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe or frst64.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press the Fix button just once and wait.
• The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply (attach).

Quads

It booted normally into windows, and a window popped up say Catalyst Control Center stopped working. Other than that everything seems normal. Your a genuis! I will patiently await the next steps for repair.

Did it go though booting Normally, cos that is strange the system has been altered since your FRST.txt

You have no message in your post just attachment with log.

Quads

Sorry got carried away and posted the attatchment without any further info. just finished editing the post when I saw your reply

Cancel System Restore also if that starts up, I forgot to remove that startup entry.

Quads

It did say "system was sucessfully restored to 8/22/12" after I logged into windows even though it didnt prompt me to restore or give any indication it was performing a system restore

 Catalyst Control Center  is the ATI Video / Graphics software, deal with that near the end (probably by uninstall and reinstall) of there software and drivers for your graphics make and model etc.

Now to look for the File System / partition, that should still be there

 Normal Mode from now on

Please read carefully and follow these steps.

Download TDSSKiller from http://support.kaspersky.com/faq/?qid=208280684  click on the TDSSkiller.exe green link.

Double click on TDSSKiller.exe to run the application,

Open the Change Parameters option and select the detect TDL File system

Click OK

Then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.

Look for the Filesystem detection

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste into Notepad and attach back here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ ) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please attach the log in the post back.

Quads

Ran TDSSKiller as instructed. Scan ended with no threats found. Attached log

Interesting, either already removed, or is the new MaxSS v3 that looks like is around and is hard to detect,   But it will be dead

Step 3.

Please read carefully Read all of this message first

Download Combofix http://www.bleepingcomputer.com/download/anti-virus/combofix

• Ensure that Combofix is saved directly to the Desktop <--- Very important  (Not in the Download(s) or Temp folders)
  
  
• Disable all security programs as they will have a negative effect on Combofix, Disabled for say 1 hour or more.
• Close any open browsers and any other programs you might have running

Right click the combofix.exe on the desktop and select from the menu "Run as Administrator"

• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

*EXTRA NOTES*

• If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
• If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
• If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Quads

Ran ComboFix. Log attached

Ok, I see more files to deal with later

Now for PUPs

Download Adwcleaner http://general-changelog-team.fr/fr/downloads/view.download/2   The Green Arrow and run a scan (Search)..  It will create a log after.

Quads

Quads, are you still waiting for a log or has matt0305 retired?