Need a bit of help with a boot problem. Wife’s PC, running Win7 HP. Not sure what she got ahold of but it seems to have affected the boot sector. FRST log run from recovery mode is attached.
are you able to run a OTL …and post the diagnostic log http://forum.avast.com/index.php?topic=53253.0
you may run it from safe mode
Thanks for the rapid reply. Unfortunately I cannot boot to Safe Mode, the boot hangs following aswrvt.sys
Can she remember what happened prior to the non booting ?
Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
[]Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
[]Launch drwebliveusb.exe.
[*]The program will detect available USB-devices automatically and prompt you to choose the one you’d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
https://dl.dropbox.com/u/73555776/liveusb_ru.jpg
[]To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
[]Files will be copied automatically.
[]Once the copying process is completed, press the Exit button to close the application.
[]Reboot the infected computer with the USB in the drive
[]Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
[]As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.
http://i1224.photobucket.com/albums/ee362/Essexboy3/Dr%20Web%20shots/livecdbootscreen.gif
[*]Use arrow keys to select DrWeb-LiveCD (Default)
[*]When the system is loaded, check the disks or folders you want to scan, and click on ?Start?.
http://i1224.photobucket.com/albums/ee362/Essexboy3/Dr%20Web%20shots/livecdDriveselection.gif
[]The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
[]Once completed reboot to normal windows
[*]No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist
She mentioned having downloaded a .pdf file that contained a workout class schedule for the local YMCA. Any chance the .pdf was a malware drop mechanism?
I’ll go through the process you describe and post the OTL log.
There is that possibility as some of the MD5’s reported were suspect