Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware

Started by md262 , May 06 2011 02:58 PM

  • This topic is locked This topic is locked

#16
emeraldnzl
Posted 11 May 2011 - 11:02 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hmm...

See what we find when we do this:

Right click on Start > Explore and navigate to:

:\Qoobox folder (most likely C:\Qoobox\ComboFix.txt) and pasting the contents of the text file back here.

Note: ComboFix.txt are numbered so if there was more than one run for instance you might find C:\Qoobox\ComboFix2.txt. etc.
  • 0

Advertisements

#17
md262
Posted 12 May 2011 - 12:12 AM

md262

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Found it! Thanks for responding back with that suggestion; here is the log entitled Combofix2.txt:


ComboFix 11-05-10.02 - jklm 05/11/2011 5:53.10.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1489 [GMT -7:00]
Running from: c:\users\jklm\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-11 13:00 . 2011-05-11 13:00 -------- d-----w- c:\users\jklm\AppData\Local\temp
2011-05-11 13:00 . 2011-05-11 13:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-11 13:00 . 2011-05-11 13:00 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-05-11 13:00 . 2011-05-11 13:00 -------- d-----w- c:\users\Leslie\AppData\Local\temp
2011-05-11 13:00 . 2011-05-11 13:00 -------- d-----w- c:\users\Kayla\AppData\Local\temp
2011-05-11 13:00 . 2011-05-11 13:00 -------- d-----w- c:\users\Jenna\AppData\Local\temp
2011-05-11 13:00 . 2011-05-11 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-11 06:45 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0612ACE9-2A5F-495D-9F14-7E451F93ABE8}\mpengine.dll
2011-05-11 02:44 . 2011-05-11 02:44 -------- d-----w- C:\_OTL
2011-05-08 05:20 . 2011-05-08 05:20 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2011-02-11 02:50 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-19 22:21 . 2011-02-09 13:44 7168 ----a-w- c:\windows\system32\drivers\utm5ndm3.sys
2011-02-12 23:30 . 2011-02-12 23:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-12 23:29 . 2011-02-12 23:29 396800 ----a-w- c:\windows\system32\drivers\http.sys
2011-02-12 23:29 . 2011-02-12 23:29 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-02-12 23:29 . 2011-02-12 23:29 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-07-21 20:18 . 2010-07-21 20:18 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
<pre>
c:\program files\ATT-SST\McciTrayApp .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Google\Google Desktop Search\GoogleDesktop .exe
c:\program files\Hewlett-Packard\OrderReminder\OrderReminder .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Microsoft Security Client\msseces .exe
c:\program files\QuickTime\QTTask .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-14 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-14 138008]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"<NO NAME>"="" [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2010-5-31 161160]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-5 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl05122a8b;MpKsl05122a8b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl05122a8b.sys [x]
R1 MpKsl05671e18;MpKsl05671e18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl05671e18.sys [x]
R1 MpKsl0d686f1d;MpKsl0d686f1d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl0d686f1d.sys [x]
R1 MpKsl105993f9;MpKsl105993f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl105993f9.sys [x]
R1 MpKsl131d5cbc;MpKsl131d5cbc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl131d5cbc.sys [x]
R1 MpKsl15459026;MpKsl15459026;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl15459026.sys [x]
R1 MpKsl16dc691b;MpKsl16dc691b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl16dc691b.sys [x]
R1 MpKsl1827f77f;MpKsl1827f77f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl1827f77f.sys [x]
R1 MpKsl1f57339a;MpKsl1f57339a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl1f57339a.sys [x]
R1 MpKsl226f02db;MpKsl226f02db;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl226f02db.sys [x]
R1 MpKsl25a6d2fb;MpKsl25a6d2fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl25a6d2fb.sys [x]
R1 MpKsl263c93b2;MpKsl263c93b2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl263c93b2.sys [x]
R1 MpKsl383ff3de;MpKsl383ff3de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl383ff3de.sys [x]
R1 MpKsl39cccd03;MpKsl39cccd03;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl39cccd03.sys [x]
R1 MpKsl39d542ce;MpKsl39d542ce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl39d542ce.sys [x]
R1 MpKsl3b5093e9;MpKsl3b5093e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl3b5093e9.sys [x]
R1 MpKsl3c50334b;MpKsl3c50334b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl3c50334b.sys [x]
R1 MpKsl464c6428;MpKsl464c6428;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl464c6428.sys [x]
R1 MpKsl4f8c8453;MpKsl4f8c8453;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl4f8c8453.sys [x]
R1 MpKsl51d3b77d;MpKsl51d3b77d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl51d3b77d.sys [x]
R1 MpKsl5202f2fa;MpKsl5202f2fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl5202f2fa.sys [x]
R1 MpKsl5c5b17aa;MpKsl5c5b17aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl5c5b17aa.sys [x]
R1 MpKsl61579ca0;MpKsl61579ca0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl61579ca0.sys [x]
R1 MpKsl6b3411d5;MpKsl6b3411d5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl6b3411d5.sys [x]
R1 MpKsl7f7a024f;MpKsl7f7a024f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl7f7a024f.sys [x]
R1 MpKsl93d52003;MpKsl93d52003;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl93d52003.sys [x]
R1 MpKsl94b85baa;MpKsl94b85baa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl94b85baa.sys [x]
R1 MpKsl9b3b6fe3;MpKsl9b3b6fe3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl9b3b6fe3.sys [x]
R1 MpKsl9f057cca;MpKsl9f057cca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl9f057cca.sys [x]
R1 MpKsla2e7b1eb;MpKsla2e7b1eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsla2e7b1eb.sys [x]
R1 MpKsla57f232b;MpKsla57f232b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsla57f232b.sys [x]
R1 MpKslb0a41b36;MpKslb0a41b36;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslb0a41b36.sys [x]
R1 MpKslb29da2e4;MpKslb29da2e4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslb29da2e4.sys [x]
R1 MpKslbbff5934;MpKslbbff5934;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslbbff5934.sys [x]
R1 MpKslbcbe5725;MpKslbcbe5725;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslbcbe5725.sys [x]
R1 MpKslc93dacc6;MpKslc93dacc6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslc93dacc6.sys [x]
R1 MpKslce548baa;MpKslce548baa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslce548baa.sys [x]
R1 MpKsld96ab5de;MpKsld96ab5de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsld96ab5de.sys [x]
R1 MpKsldb52d373;MpKsldb52d373;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsldb52d373.sys [x]
R1 MpKslde0596fa;MpKslde0596fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslde0596fa.sys [x]
R1 MpKslf64432ad;MpKslf64432ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslf64432ad.sys [x]
R1 MpKslfb0b5383;MpKslfb0b5383;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslfb0b5383.sys [x]
R1 MpKslfb7ca551;MpKslfb7ca551;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslfb7ca551.sys [x]
R1 MpKslfc30cac7;MpKslfc30cac7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78000E4D-1A6E-4C06-AF83-8434BF12C9F7}\MpKslfc30cac7.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 utm5ndm3;AVZ Kernel Driver;c:\windows\system32\Drivers\utm5ndm3.sys [2011-02-19 7168]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 03:06]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 03:06]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2296283253-215777900-395999709-1000Core.job
- c:\users\jklm\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 08:32]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2296283253-215777900-395999709-1000UA.job
- c:\users\jklm\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 08:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 06:00
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-11 06:01:22
ComboFix-quarantined-files.txt 2011-05-11 13:01
.
Pre-Run: 284,112,826,368 bytes free
Post-Run: 284,570,468,352 bytes free
.
- - End Of File - - 272084C222DD04C3FC5E56137218EE40
  • 0

#18
emeraldnzl
Posted 12 May 2011 - 12:30 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okay, I am not sure what is going on here. I think that log is the same one you posted after running ComboFix.

There is also something funny happening with Microsoft Security Essentials.

Let's try this:

First uninstall Microsoft Security Essentials.

Then

Please delete your version of ComboFix, including the folders C:\Qoobox and C:\Combofix, and download a new version of Combofix.

Download ComboFix from one of these locations:

Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#19
md262
Posted 12 May 2011 - 08:03 AM

md262

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Hi, still having the endless rebooting problem so I'm only able to operate in safe mode. Unfortunately it won't let me facilitate the uninstall process for Microsoft Essentials in safe mode. Please advise.

I can still reinstall ComboFix and re-run the process. Appreciate your thoughts.
  • 0

#20
md262
Posted 12 May 2011 - 08:24 AM

md262

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Here is the log; I don't know if not being able to uninstall Microsoft Essentials is going to have an impact. Thanks again:


ComboFix 11-05-11.03 - jklm 05/12/2011 7:07.10.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.1499 [GMT -7:00]
Running from: c:\users\jklm\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 )))))))))))))))))))))))))))))))
.
.
2011-05-12 14:13 . 2011-05-12 14:13 -------- d-----w- c:\users\jklm\AppData\Local\temp
2011-05-12 14:13 . 2011-05-12 14:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-12 14:13 . 2011-05-12 14:13 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-05-12 14:13 . 2011-05-12 14:13 -------- d-----w- c:\users\Leslie\AppData\Local\temp
2011-05-12 14:13 . 2011-05-12 14:13 -------- d-----w- c:\users\Kayla\AppData\Local\temp
2011-05-12 14:13 . 2011-05-12 14:13 -------- d-----w- c:\users\Jenna\AppData\Local\temp
2011-05-12 14:13 . 2011-05-12 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-12 13:50 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C544D307-463B-469F-8245-C1B06DACA2AE}\mpengine.dll
2011-05-11 02:44 . 2011-05-11 02:44 -------- d-----w- C:\_OTL
2011-05-08 05:20 . 2011-05-08 05:20 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2011-02-11 02:50 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-19 22:21 . 2011-02-09 13:44 7168 ----a-w- c:\windows\system32\drivers\utm5ndm3.sys
2011-02-12 23:30 . 2011-02-12 23:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-12 23:29 . 2011-02-12 23:29 396800 ----a-w- c:\windows\system32\drivers\http.sys
2011-02-12 23:29 . 2011-02-12 23:29 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-02-12 23:29 . 2011-02-12 23:29 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-07-21 20:18 . 2010-07-21 20:18 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-14 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-14 138008]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2010-5-31 161160]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-5 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl05122a8b;MpKsl05122a8b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl05122a8b.sys [x]
R1 MpKsl05671e18;MpKsl05671e18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl05671e18.sys [x]
R1 MpKsl0d686f1d;MpKsl0d686f1d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl0d686f1d.sys [x]
R1 MpKsl105993f9;MpKsl105993f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl105993f9.sys [x]
R1 MpKsl131d5cbc;MpKsl131d5cbc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl131d5cbc.sys [x]
R1 MpKsl15459026;MpKsl15459026;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl15459026.sys [x]
R1 MpKsl16dc691b;MpKsl16dc691b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl16dc691b.sys [x]
R1 MpKsl1827f77f;MpKsl1827f77f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl1827f77f.sys [x]
R1 MpKsl1f57339a;MpKsl1f57339a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl1f57339a.sys [x]
R1 MpKsl226f02db;MpKsl226f02db;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl226f02db.sys [x]
R1 MpKsl25a6d2fb;MpKsl25a6d2fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl25a6d2fb.sys [x]
R1 MpKsl263c93b2;MpKsl263c93b2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl263c93b2.sys [x]
R1 MpKsl383ff3de;MpKsl383ff3de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl383ff3de.sys [x]
R1 MpKsl39cccd03;MpKsl39cccd03;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl39cccd03.sys [x]
R1 MpKsl39d542ce;MpKsl39d542ce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl39d542ce.sys [x]
R1 MpKsl3b5093e9;MpKsl3b5093e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl3b5093e9.sys [x]
R1 MpKsl3c50334b;MpKsl3c50334b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl3c50334b.sys [x]
R1 MpKsl464c6428;MpKsl464c6428;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl464c6428.sys [x]
R1 MpKsl4f8c8453;MpKsl4f8c8453;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl4f8c8453.sys [x]
R1 MpKsl51d3b77d;MpKsl51d3b77d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl51d3b77d.sys [x]
R1 MpKsl5202f2fa;MpKsl5202f2fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl5202f2fa.sys [x]
R1 MpKsl5c5b17aa;MpKsl5c5b17aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl5c5b17aa.sys [x]
R1 MpKsl61579ca0;MpKsl61579ca0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl61579ca0.sys [x]
R1 MpKsl6b3411d5;MpKsl6b3411d5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl6b3411d5.sys [x]
R1 MpKsl7f7a024f;MpKsl7f7a024f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl7f7a024f.sys [x]
R1 MpKsl93d52003;MpKsl93d52003;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl93d52003.sys [x]
R1 MpKsl94b85baa;MpKsl94b85baa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl94b85baa.sys [x]
R1 MpKsl9b3b6fe3;MpKsl9b3b6fe3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl9b3b6fe3.sys [x]
R1 MpKsl9f057cca;MpKsl9f057cca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsl9f057cca.sys [x]
R1 MpKsla2e7b1eb;MpKsla2e7b1eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsla2e7b1eb.sys [x]
R1 MpKsla57f232b;MpKsla57f232b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsla57f232b.sys [x]
R1 MpKslb0a41b36;MpKslb0a41b36;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslb0a41b36.sys [x]
R1 MpKslb29da2e4;MpKslb29da2e4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslb29da2e4.sys [x]
R1 MpKslbbff5934;MpKslbbff5934;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslbbff5934.sys [x]
R1 MpKslbcbe5725;MpKslbcbe5725;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslbcbe5725.sys [x]
R1 MpKslc93dacc6;MpKslc93dacc6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslc93dacc6.sys [x]
R1 MpKslce548baa;MpKslce548baa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslce548baa.sys [x]
R1 MpKsld96ab5de;MpKsld96ab5de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsld96ab5de.sys [x]
R1 MpKsldb52d373;MpKsldb52d373;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKsldb52d373.sys [x]
R1 MpKslde0596fa;MpKslde0596fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslde0596fa.sys [x]
R1 MpKslf64432ad;MpKslf64432ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslf64432ad.sys [x]
R1 MpKslfb0b5383;MpKslfb0b5383;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslfb0b5383.sys [x]
R1 MpKslfb7ca551;MpKslfb7ca551;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E48D9C4-F3A5-4A9A-8DC0-2ADB3564A62C}\MpKslfb7ca551.sys [x]
R1 MpKslfc30cac7;MpKslfc30cac7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78000E4D-1A6E-4C06-AF83-8434BF12C9F7}\MpKslfc30cac7.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 utm5ndm3;AVZ Kernel Driver;c:\windows\system32\Drivers\utm5ndm3.sys [2011-02-19 7168]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 03:06]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 03:06]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2296283253-215777900-395999709-1000Core.job
- c:\users\jklm\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 08:32]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2296283253-215777900-395999709-1000UA.job
- c:\users\jklm\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 08:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\jklm\AppData\Roaming\Mozilla\Firefox\Profiles\k9fdndyk.default\
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-12 07:13
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-12 07:15:01
ComboFix-quarantined-files.txt 2011-05-12 14:14
ComboFix2.txt 2011-05-11 13:01
.
Pre-Run: 284,571,525,120 bytes free
Post-Run: 284,547,604,480 bytes free
.
- - End Of File - - 49B0723A3B4CE921BDB04D9066176A01
  • 0

#21
emeraldnzl
Posted 12 May 2011 - 01:42 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi md262,

still having the endless rebooting problem so I'm only able to operate in safe mode.


Let's see if running chkdsk helps matters.

CHKDSK (short for Checkdisk) is a command on computers running DOS, OS/2 and Microsoft Windows operating systems that displays the file system integrity status of hard disks and floppy disk and can fix logical file system errors.

How to run Chkdsk using the Command Line:

Before running Chkdsk, be aware of the following:

* Chkdsk requires exclusive access to a volume while it is running. Chkdsk might display a prompt asking if you want to check the disk the next time you restart your computer.

* Chkdsk might take a long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

* Chkdsk might not accurately report information in read-only mode.

Now

Go to Start > Run and type:

chkdsk C: /f /r note the spaces. They are meant to be there.

Hit OK

If chkdsk does not start immediately reboot your computer. Chkdsk will run during the start up process. It can take a very long time... so be patient.

Come back and tell me if that has made any difference.
  • 0

#22
md262
Posted 12 May 2011 - 07:28 PM

md262

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Unfortunately, when Chkdsk is run in safe mode, the following message is displayed; when I say Yes to schedule it the next time the system restarts, Chkdsk still doesn't run:

The type of file system is NTFS.
Cannot lock current drive.
Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts (y/n)
  • 0

#23
emeraldnzl
Posted 12 May 2011 - 07:33 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Have you rebooted your computer after answering yes to the schedule question?

Usually it will run chkdsk at reboot.
  • 0

#24
md262
Posted 12 May 2011 - 08:25 PM

md262

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Yes, after answering yes, I hit restart and going into safe mode, the chkdsk didnot start. Apologies.

Edited by md262, 12 May 2011 - 08:35 PM.

  • 0

#25
emeraldnzl
Posted 12 May 2011 - 09:17 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello md262,

Sorry about the delay, had to go out for a short while.

Now

Please download Event Viewer by Vino Rosso and save it to your desktop.
  • Double-click VEW.exe
  • Under 'Select log to query', Check the System box
  • Under 'Select type to list', Check Error & Warning boxes
  • Under Number or date of Events > 'Number of events' Type 20 in the 1 to 20 box
  • Click the Run button.
Notepad will open with a log. Please post the log back here.
  • 0

Advertisements

#26
md262
Posted 13 May 2011 - 12:42 AM

md262

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Thanks. Here is the log:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 12/05/2011 11:40:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#27
emeraldnzl
Posted 13 May 2011 - 01:12 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello md262,

Oh dear I guess that doesn't work with Vista. :)

Try this:
  • Click on Start > Control Panel
  • In the task pane on the left, click the Advanced system settings link.
  • Locate the Startup and Recovery area and click on the Settings button.
  • In the Startup and Recovery window, locate and uncheck the check box next to Automatically restart.
  • Click OK in the Startup and Recovery window.
  • Click OK in the System Properties window.

Reboot and see if you get into normal mode.

If you are able to get into normal mode go to System Restore Vista for some useful tips on how to use System Restore.

Restore your machine to a time before the problem started.

Come back and tell me how you got on.
  • 0

#28
md262
Posted 13 May 2011 - 02:03 AM

md262

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Hi, even after I uncheck the check box next to Automatically restart, after I reboot I'm still unable to get into normal mode. :)
  • 0

#29
emeraldnzl
Posted 13 May 2011 - 03:05 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Do you have your Windows Vista installation disk?
  • 0

#30
md262
Posted 13 May 2011 - 09:29 AM

md262

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Yes, I have the Vista reinstallation disk.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP