Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Endless Restart Loop in Windows Vista 64 Bit


  • This topic is locked This topic is locked
18 replies to this topic

#1 RobertMorr

RobertMorr

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, USA
  • Local time:12:19 AM

Posted 16 November 2010 - 11:05 PM

Hi there,

I attempting to help my cousin fix his only computer remotely. The Dell laptop will start up fine in safe mode with networking but keeps restarting in normal mode.
I have included the DDS log and the GMER although nothing was detected.
I attempted to run GMER but it didn't correspond with the instructions from BC exactly so I need some direction.

It's my first experience with a 64 bit OS. :)

Thank you in advance and here's the logs!


DDS (Ver_10-11-10.01) - NTFS_AMD64 NETWORK
Run by Carl at 17:52:04.30 on Tue 11/16/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4057.3070 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Instant Housecall\Instant Housecall.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carl\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.earthlink.net/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090120
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101116083923.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [<NO NAME>]
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101116083923.dll
BHO-X64: scriptproxy - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\vbs4s2hq.default\
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-9-25 529128]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-1-20 53488]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-9-25 75032]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-9-25 283360]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-25 355440]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-25 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-9-25 149032]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-9-25 441328]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-1-20 392192]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [2009-1-20 88576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-4 135664]
S2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe [2007-12-5 33960]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-25 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-25 355440]
S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-25 355440]
S2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-25 200056]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-16 1153368]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-9-25 62800]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2009-6-9 61808]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-2-6 533360]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-9-25 190136]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-9-25 94864]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\System32\drivers\OA009Ufd.sys [2009-1-20 168864]
S3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\System32\drivers\OA009Vid.sys [2009-1-20 307456]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
S4 Instant Housecall;Instant Housecall;C:\Program Files (x86)\Instant Housecall\Instant Housecall.exe [2010-11-9 2427448]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-11-16 21:09:27 -------- d-----w- C:\Windows\pss
2010-11-16 20:45:02 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2010-11-16 20:45:02 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2010-11-16 20:45:02 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2010-11-16 20:36:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-16 20:36:02 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-16 20:26:02 -------- d-----w- C:\Program Files\CCleaner
2010-11-16 20:18:04 -------- d-----w- C:\Program Files (x86)\Instant Housecall
2010-11-16 18:58:18 -------- d-----w- C:\Users\Carl\AppData\Roaming\TeamViewer
2010-11-16 16:02:51 -------- d-----w- C:\Users\Carl\AppData\Roaming\Malwarebytes
2010-11-16 16:02:28 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-16 16:02:27 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-16 16:02:26 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-16 16:02:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-16 13:59:59 -------- d-----w- C:\Program Files (x86)\SiteAdvisor
2010-11-10 12:37:13 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-10 12:37:13 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-10-27 12:04:10 1927680 ----a-w- C:\Windows\System32\gameux.dll
2010-10-27 12:04:10 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2010-10-27 12:04:09 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-10-27 12:04:09 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-10-27 12:04:08 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-10-27 12:04:08 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2010-10-14 03:28:54 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2010-10-14 03:28:54 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2010-10-14 03:28:54 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2010-10-14 03:28:54 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2010-10-14 03:28:54 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2010-10-14 03:28:54 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2010-10-14 03:28:54 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2010-10-14 03:28:54 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2010-10-14 03:28:54 149032 ----a-w- C:\Windows\System32\mfevtps.exe
2010-10-14 03:28:54 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 15:46:37 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 17:46:52 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 17:40:08 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2010-08-26 17:40:07 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-08-26 17:40:07 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2010-08-26 16:37:45 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2010-08-20 16:57:50 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-20 16:05:07 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll

============= FINISH: 17:53:15.37 ===============

Here's some additional information which might prove useful.

Before MalwareBytes AntiMalware was run in safe mode, the laptop would boot up normally but couldn't connect to the internet and was extremely sluggish. Since I'm working remotely, I asked my cousin to boot up in safe-mode with networking. I proceeded to scan the machine with MBAM and it did find infections but couldn't finish repairing 3 or more items and it wanted me to restart to continue the repair. From his description, it attempted to load but then immediately restarted itself and has been doing that all along now. Windows loads and gets to the Welcome Screen then restarts itself. It's a cycle but on a system running Windows Vista 64 bit. I have never seen this occur before ever. I'm only assuming that a virus or spyware is causing this or it could simply be a windows update. However, I've never known MBAM to cause a problem but it seems to have done just that. I appreciate any assistance in getting this machine back to running order. I hope these details help.

Thank you.

Attached Files


Edited by Pandy, 18 November 2010 - 08:56 PM.
Merged reply ~Pandy


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:19 AM

Posted 26 November 2010 - 09:11 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 RobertMorr

RobertMorr
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, USA
  • Local time:12:19 AM

Posted 28 November 2010 - 01:35 PM

I'm here! I'm so glad that you're helping me. :)

Keep in mind, I'm working remotely but I still believe the problem can be fixed. The scans may have to be re-run depending on what he did to the computer since I posted.

Edited by RobertMorr, 28 November 2010 - 01:35 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:19 AM

Posted 28 November 2010 - 04:36 PM

Hi Robert,

It looks like a TDSS-infected machine. Not booting in normal mode is what it's doing these days.

Do you have access to MBAM's logs because I would like to know what it found on it's safe mode run before we crash in here. :)
Posted Image
m0le is a proud member of UNITE

#5 RobertMorr

RobertMorr
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, USA
  • Local time:12:19 AM

Posted 28 November 2010 - 07:10 PM

Hey m0le,

It's actually not this computer I'm working on. It's another one and I'm working on it remotely so nothing will affect this computer that I'm typing on now. ;)

I can get the HBAM logs if you tell me where they are stored. The machine will only boot in safe mode atm as you know.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:19 AM

Posted 28 November 2010 - 07:19 PM

If you can go into safe mode and open MBAM there should be a tab called Logs on the control panel.

From the list, select any relevant logs and click Open. Then copy and paste the log into your reply.
Posted Image
m0le is a proud member of UNITE

#7 RobertMorr

RobertMorr
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, USA
  • Local time:12:19 AM

Posted 28 November 2010 - 09:03 PM

It will have to be tomorrow. He's not online right now.

Hope that's okay. :)

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:19 AM

Posted 29 November 2010 - 03:32 PM

No problem. Just keep me posted, Robert :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 RobertMorr

RobertMorr
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, USA
  • Local time:12:19 AM

Posted 29 November 2010 - 05:41 PM

Hey m0le,

Here's two logs from MBAM attached to this post. :)

Let's get this fixed!

Attached Files



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:19 AM

Posted 29 November 2010 - 06:31 PM

Security Tool is a nasty rogue.

We would have to access the PC without using the operating system installed (ie, Vista). The best way is to install another Linux-based system called xPUD.

You are not going to be able to do this remotely. Do you have any way of getting access to the machine?
Posted Image
m0le is a proud member of UNITE

#11 RobertMorr

RobertMorr
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, USA
  • Local time:12:19 AM

Posted 29 November 2010 - 07:50 PM

He would have to send it to me...wow! It's that bad that it needs a new OS. Me and him talked about using the restore disk that came with the laptop and then I'd upgrade it to Windows 7. :)

So what do you think would be the best course of action at this point?

Edited by RobertMorr, 29 November 2010 - 08:09 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:19 AM

Posted 29 November 2010 - 08:53 PM

It's not a new o/s it's just a substitute which would allow you to access the system and root around for the problem.

Nothing ventured, nothing gained from using the disk. If the data on the machine is backed up regularly, that is.

Is it a repair disk or a reinstallation disk?

Edited by m0le, 29 November 2010 - 08:53 PM.

Posted Image
m0le is a proud member of UNITE

#13 RobertMorr

RobertMorr
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, USA
  • Local time:12:19 AM

Posted 29 November 2010 - 09:30 PM

I'm not sure what it is. It's designed to restore the hard disc to the original way the computer was when it was brought so I assume it has Windows Vista 64 bit bundled with it. He wants to put Windows 7 on it instead.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:19 AM

Posted 30 November 2010 - 06:34 PM

The choices are to use the reinstallation disk which solves the problem but all the data goes south

or

Request the machine and run xPUD. Then backup all the data via this method before reinstalling it

or

Request the machine and run xPUD and then we attempt to fix the problems


In my experience it is often down to whether they have the data backed up and whether they can afford to set to factory settings as to what they do next.

No problem losing the data = reinstallation
Posted Image
m0le is a proud member of UNITE

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:19 AM

Posted 02 December 2010 - 07:31 PM

What did you decide, Robert?
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users