Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virtumonde.dll infection


  • Please log in to reply

#31
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
The four digit code you need is 2008 or maybe ( 2008-CT0 )



VEW system log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/10/2013 8:15:36 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/10/2013 1:03:20 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 13/10/2013 1:03:20 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Log: 'System' Date/Time: 12/10/2013 11:40:55 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2013 11:40:55 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2013 11:40:55 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2013 11:40:55 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2013 11:40:55 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2013 11:40:55 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2013 11:40:55 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2013 11:40:55 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2013 11:40:55 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 12/10/2013 11:40:55 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

Log: 'System' Date/Time: 12/10/2013 11:40:54 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 12/10/2013 11:40:54 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 12/10/2013 11:40:48 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 12/10/2013 11:40:35 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 12/10/2013 11:40:23 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm DfsC discache lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SCDEmu spldr tdx TPPWRIF Wanarpv6 WfpLwf ws2ifsl

Log: 'System' Date/Time: 12/10/2013 11:40:23 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2013 11:40:23 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2013 11:40:23 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/10/2013 1:02:01 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0483&PID_2016\5&37c8a9dc&0&2.

Log: 'System' Date/Time: 13/10/2013 1:01:11 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 13/10/2013 12:58:28 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/10/2013 12:43:01 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 13/10/2013 12:04:18 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0483&PID_2016\5&37c8a9dc&0&2.

Log: 'System' Date/Time: 13/10/2013 12:03:34 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 12/10/2013 11:51:04 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0483&PID_2016\5&37c8a9dc&0&2.

Log: 'System' Date/Time: 12/10/2013 11:38:36 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 12/10/2013 8:53:42 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0483&PID_2016\5&37c8a9dc&0&2.

Log: 'System' Date/Time: 12/10/2013 8:52:56 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.






VEW application log:


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/10/2013 8:18:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/10/2013 1:01:08 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-2033630711-3411533705-1815766804-1000:
Process 716 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2033630711-3411533705-1815766804-1000
Process 716 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2033630711-3411533705-1815766804-1000
Process 716 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2033630711-3411533705-1815766804-1000\Software\Microsoft\SystemCertificates\My
Process 716 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2033630711-3411533705-1815766804-1000\Software\Microsoft\SystemCertificates\CA
Process 716 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2033630711-3411533705-1815766804-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 13/10/2013 12:51:02 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:51:02 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:59 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:59 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:54 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:54 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:54 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:54 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:52 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:52 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:52 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:52 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:52 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:52 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:50 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:50 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:46 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:46 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 13/10/2013 12:50:30 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, SystemConfigurationChangeEvents, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Were you able to boot into Low resolution Display mode? Did you still see the pink dots?
  • 0

#33
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Were you able to boot into Low resolution Display mode? Did you still see the pink dots?



still had dots in low resolution mode.
  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Are you sure about the 2008-CT0? Don't see one with CT0 tho there is one with CT1.

Is the battery good enough to run it for a few minutes when it is not plugged in? Do you still see pink spots?

If you shut it down, remove the main battery and power it back up do the pink spots get worse?

You might try going in to Device Manager (Right click on Computer and select Manage then Device Manager) Find the Display Adapters and click on the arrow in front. Then right click on each adapter and Uninstall then reboot.
  • 0

#35
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
positive, I couldn't find it on the lenova site either.


running on battery, taking battery out makes no difference.

Deleting and rebooting, no difference.


I'm about to give up. Sucks because the dots were not there when I started this last week Sunday and I do not remember when they first appeared. I know it was after I installed superantispyware, because that was the first program that actaully finished a scan. That one found about 100+ infections and then spybot was actaully able to finish a scan and that one found over 450 infections.

I do not remember if the dots showed up after the super scan or the spybot scan.
  • 0

#36
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
also, I ran another spybot scan today, the virtumondell.dll file still showed up....
  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Does it tell you where the virtumonde.dll file is?

IF you take the laptop into another room does that do anything to the pink spots?

I would try a new video driver for your pink spots. Speccy said you had: 128MB ATI Mobility Radeon X1400 (Lenovo) so if you can't find one on the Lenovo site (Look under 2008-ct1 or ct6) You should be able to get the latest from http://support.amd.com/en-us/download


Try sfc /scannow again and see if it goes further than before.
  • 0

#38
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
update: I uninstalled the lenova updater that was on here and reinstalled a newer version from the lenova website. This time it let me install it ( last time told me I didn't have administrative rights ) and it ran ( last time, it said it had detected a language problem ).

Anyways, downloaded a few updates, still no change.

I will run scannow after work and repost.
  • 0

#39
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
no luck with the scannow, got to 70% verification and that was it.

Attached Thumbnails

  • Scan now.jpg

  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Try booting into Safe Mode with Command prompt then run sfc /scannow
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Command Prompt. Login with your usual login.)

It might not hurt to also try

chkdsk /r

while in Command Prompt. We are still getting gaps in the OTL logs. Also GMER is sensitive to hard drive problems so that might explain why it crashed.
  • 0

Advertisements


#41
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
no luck, tried in safe mode, same result, got to 70% and quite.

dskchk /r did not work. I then tried chkdsk r/....see attachment. Note the attachment is in regular mode, but same result in safe mode.

Attached Thumbnails

  • chkdsk.jpg

  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Go in to Control Panel, User Accounts, Manage another account,scroll down and click on Create a new Account, Click on Administrator and then type in a name. Doesn't matter what - I always use George after an idiot I went to school with. OK. Then reboot and go in to Safe Mode with Command Prompt. Log in as your new user and see if you can run chkdsk /r


I'm wondering if we might have some bad RAM. If we haven't already it would be good to run the builtin memory test:

http://www.sevenforu...stics-tool.html
  • 0

#43
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
This is a screen shot of my computer at work, but I get the same message at home in safe mode logged in under the new account.

This may be a dumb question, but how do you shut the computer down from safe mode with command prompt? The desk top is empty, no start button, no icons, nothing. I have been hitting the power button, but for the chkdsk to run upon restart I would think you would have to power down normally.

Attached Thumbnails

  • chkdsk.jpg

  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
That's what you get when you tell it to run chkdsk from Windows. Was hoping you didn't get it from the safe mode Command Prompt. See if you can get into the recovery command prompt:


Boot into the Safe Mode menu as before, Click on Repair Your Computer (If you have the option)

It should take you to

http://www.bleepingc...vironment/#skip

If you get into the second screen of the System Recovery Options menu then you can click on that Command Prompt option.

chkdsk /r should work here without wanting a reboot.

Some OEM PCs do not have this option.


To exit from safe mode with command prompt you can try
shutdown -r
  • 0

#45
saleenboy87146

saleenboy87146

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
in recovery mode command prompt, it comes up as X:\windows\system32

when I put itn chkdsk /r it says it is a NTFS sytem and can not run disk check because this volume is write protected.


Prior to going into recovery mode, I went back into safe mode and did a command prompt and said yes to doing a check upon start up...it ran through that session....at least I think it did, when i left it it was 13% through the last step and when I came back a couple of hours later, it was on the windows log in screen.

no difference so far.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP