Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problem booting PC, Sys Error Msg that changes have been made


  • Please log in to reply

#16
sdgirl

sdgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Jintan!

OK so I fixed that issue... The ATI drivers you requested I uninstall, never re-installed. It's not corrected!
PC however is still moving slow. I will wait for your instructions to check for Malware, etc.

Thanks,
Marie
  • 0

Advertisements


#17
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts

OK so I fixed that issue... The ATI drivers you requested I uninstall, never re-installed. It's not corrected!


Please reread what you post and make sure it is clear. Not sure right now what was "fixed", and I assume your graphics drivers are still lacking (your graphics are still large).

Let's assume then that something has messed with the graphics drivers.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
  • 0

#18
sdgirl

sdgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Jintan!

Pardon the typo. What I meant to type was that I re-installed the ATI drivers, and got everything working back as normal.
I will now do as you've suggested and proceed forward with the ComboFix scan.

I will update you shortly!

Marie
  • 0

#19
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Post when ready.
  • 0

#20
sdgirl

sdgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ComboFix 13-04-08.03 - User 04/08/2013 19:15:38.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1177 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-08 to 2013-04-08 )))))))))))))))))))))))))))))))
.
.
2013-03-26 19:10 . 2013-03-26 19:10 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-23 22:14 . 2013-03-23 22:14 -------- d-----w- c:\windows\system32\wbem\Repository
2013-03-23 22:13 . 2013-03-23 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-03-23 22:13 . 2013-03-23 22:13 -------- d-----w- c:\program files\Bonjour
2013-03-23 22:13 . 2013-03-23 22:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-22 22:57 . 2013-03-23 22:13 -------- d-s---w- c:\documents and settings\Administrator
2013-03-21 19:47 . 2013-03-21 21:54 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\NPE
2013-03-21 16:41 . 2013-03-22 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2013-03-17 01:02 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-17 01:02 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-17 01:02 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-20 19:13 . 2012-05-25 09:22 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-20 19:13 . 2011-05-17 19:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-06 22:33 . 2011-08-19 15:13 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2011-08-19 15:13 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2011-08-19 15:13 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2011-08-19 15:13 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2011-08-19 15:13 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2011-08-19 15:13 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2011-08-19 15:13 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-05 18:47 . 2013-03-05 18:47 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-05 18:47 . 2011-12-31 15:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-05 18:47 . 2012-10-14 17:38 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-05 18:47 . 2010-08-20 02:32 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 17:17 . 2013-03-08 17:17 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-05 23:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-10 45056]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 07:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-07-02 11:11 18665472 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 19:45 18708224 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-01-24 23:28 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/16/2013 9:02 PM 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/19/2011 11:13 AM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/19/2011 11:13 AM 368176]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/19/2011 11:13 AM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/16/2013 9:02 PM 66336]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [10/23/2009 12:25 PM 22328]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/23/2009 12:47 PM 1684736]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/16/2013 9:02 PM 164736]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2/12/2010 10:41 AM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2/12/2010 10:40 AM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2/12/2010 10:41 AM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2/12/2010 10:41 AM 10368]
S3 EraserUtilDrv11220;EraserUtilDrv11220;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/26/2013 3:10 PM 40776]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 3:41 PM 161536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-31 22:55 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 19:13]
.
2013-04-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-03 22:32]
.
2013-04-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3a296ec9-a9da-49d4-b7cf-df31bd23c436.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\jat6louc.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-WinLiveSuite_Wave3 - c:\program files\Windows Live\Installer\wlarp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-08 19:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-796845957-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{01767313-9EF8-ED95-4E34-0FCCA27F3724}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(432)
c:\windows\system32\WININET.dll
c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-04-08 19:30:21
ComboFix-quarantined-files.txt 2013-04-08 23:30
.
Pre-Run: 627,417,583,616 bytes free
Post-Run: 628,142,096,384 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3B716FE07C666B421FB96670DD398748
  • 0

#21
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
A lost driver, installed from a disk, but more importantly, a Norton driver still hanging around. And a questionable Proxy setting.


REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-
"ProxyServer"=-
Open Notepad (Start Search, type Notepad then click the notepad file that shows in the display), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

-----

Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

sc delete MSICDSetup

You should get a confirmation of that change. Then type exit and press Enter to close the window.

------

Go here and download the Norton Removal Tool that is appropriate for your version. Then close all open windows and disable all protective software, and click the downloaded file to completely remove Norton from your system. If the removal does not cause a reboot, reboot after the tool has completed the removal. Be sure to save all registration keys before running the tool if you plan to reinstall Norton later.

If you do not recall the version that is okay - the same tool is used for most versions. The exception is Norton 360, which requires you run a BUdump.exe tool first.

Reboot, and check for improvement.
  • 0

#22
sdgirl

sdgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Jintan!

Quick question... I completed the fixer.reg successfully! When I follow the instructions for cmd.exe and right click on it to "run as admin" ... it asks for a password. If I click OK it says:
Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restructions, or a policy restriction has been enforced.

I do not recall setting up any of the above.

Please advise.

-Marie
  • 0

#23
sdgirl

sdgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Also.. where you have "go here" to download Norton removal... I don't see an actual link, and the words "go here" are not clickable.

Thanks,
Marie
  • 0

#24
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Sorry, I used my saved Norton speech, and the link must not work in every forum.

https://www-secure.s...n=1&lg=en&ct=us

Why not do that, and reboot, then check that cmd admin issue again. Though it is curious your one user system is asking for an Admin password. Not sure I have run into that before.

Either way, reboot into Safe Mode. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

Log in under the Administrator account, then do the following:


Click Here and download Bobbi Flekman's SWWhoAmI (swwhoami.exe) to your Desktop (important you save it to your desktop).


Then go to Go to Start > Run and type

cmd

and OK. At the prompt copy/paste the following (Enter after).

"%userprofile%\desktop\swwhoami.exe" >c:\userlook.txt & start notepad c:\userlook.txt

Once the scan completes a textbox will open - please copy/paste those contents back here (the file can be found at C:\userlook.txt).
  • 0

#25
sdgirl

sdgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi! Sorry for the delay... I was traveling for work.

I am back by my PC and will complete your above recommendations. I will also post some messages
on things that occurred on my PC while I was gone.

Thanks,
Marie
  • 0

Advertisements


#26
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Post when ready.
  • 0

#27
sdgirl

sdgirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OK! I'm running into some issues following your instructions.

The issue is that when I press F8, nothing... and I do mean "nothing" happens.

The screen that would normally appear which would allow me to boot up in safe mode, with or without networking, etc. does not appear.

It appears that when I ran ComboFix.exe, it installed a restore program that loads for a quick second during boot-up.

It allows me to boot up normally in XP Professional or use the restore feature. At the bottom it says for more advanced options, press f8.

However, when I press it... and I've tried this now for over 2 hours... when I press it during this screen, before this screen and after this
screen... absolutely NOTHING happens.

Please advise.

I considered doing a windows restore before I installed ComboFix.exe to see if that worked, but I did not and figured I'd wait for your reply.

Also, each and every night at or around 2am, my PC either reboots or it goes black, the time freezes and I lose total control over my keyboard and mouse.

I did not have any of these issues before so I'm not really sure what's going on??

Thanks,
Marie
  • 0

#28
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts

tap the F8 key about once per half-second


It's a matter of timing, and it takes some techniqueing at times to get it right. But you have to tap, not hold the key down.

ComboFix installs the Recovery Console access, which yes, shows briefly when the boot options are displayed. Handy way to correct things, when needed, but we don't need it right now.

As for the 2 AM reboot, you may actually have a setting that does that. I'll have to look up how that is done, to provide some steps to undo it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP