Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP computer shuts down when running Malwarebytes in Safe Mode


  • Please log in to reply
16 replies to this topic

#1 brainticket

brainticket

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 26 April 2012 - 11:39 PM

This Windows XP computer shuts down when running Malwarebytes in Safe Mode. This is my problem, this is my concern.

A brief history:

A few weeks back I mounted an old HD from back around 2003, on it a lil something nasty was laying in wait.

---
4/14/2012 1:08:29 AM
mbam-log-2012-04-14 (01-08-29).txt

Files Detected: 2
C:\Documents and Settings\mgk\Desktop\utility\CS3 Master\KG\Keygen.EXE
(Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\mgk\x.exe (Trojan.KillAV) -> Quarantined and
deleted successfully.
---

Which put me in the habit of booting up in Safe Mode every so often and running Malwarebytes. All had been well ever since.

Then, on 4.25.12 I happened to be at the computer when Microsoft Security Essentials was running it's daily scheduled full scan, caught it alerting me to:

---
Exploit:JS/Blacole.EY

Items:
containerfile:C:\Documents and Settings\mgk\Local Settings\Application
Data\Mozilla\Firefox\Profiles\3vxp40ra.default\Cache\B\52\DD4E7d01
file:C:\Documents and Settings\mgk\Local Settings\Application
Data\Mozilla\Firefox\Profiles\3vxp40ra.default\Cache\B\52\DD4E7d01->(GZip)->(SCRIPT0000)
---

which was quarantined and removed.

Now that my ears were perked, I checked the Microsoft Security Essentials logs, I found that on 4.21.12

---
Exploit:JS/Pdfjsc.AH

Items:
containerfile:C:\Documents and Settings\mgk\Local Settings\Application
Data\Mozilla\Firefox\Profiles\3vxp40ra.default\Cache(3)\85FE3CA6d01
file:C:\Documents and Settings\mgk\Local Settings\Application
Data\Mozilla\Firefox\Profiles\3vxp40ra.default\Cache(3)\85FE3CA6d01->(GZip)->(pdf0000:)
---

had been quarantined/Removed automatically, without my even noticing.

Then I booted in to Safe Mode and ran Malwarebytes, to find that it would simply shut the computer down after a short period of time.

I did a successful System Restore to 4.18.12, and reupdated everything.

Now...

None of my antivirus/protection programs show any signs of trouble in normal operating mode - Spybot S&D, Microsoft Security Essentials, and Malwarebytes - yet when in Safe Mode, Malwarebytes will run briefly before the machine simply shuts down.

I found this forum when Google searching my problem, the topic of this very thread, which led me to THIS thread. I've followed the first set of instructions, scanned with SecurityCheck, Farbar Service Scanner, MiniToolBox, aswMBR(which crashed once and bluescreened the machine once before completing a successful scan), Malwarebytes Full Scan in Normal XP operating mode, Temp File Cleaner, and ESET Online Scanner. The logs are attached, and I'm looking for help, what are the next steps I take?

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Adobe After Effects CS3 Presets
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 31
Out of date Java installed!
Adobe Flash Player 11.1.102.63
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````


Farbar Service Scanner Version: 24-04-2012
Ran by mgk (administrator) on 26-04-2012 at 20:02:47
Running from "C:\Documents and Settings\mgk\Desktop\uhoh\bleeping"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(8) NwlnkNb(9) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****


MiniToolBox by Farbar Version: 18-01-2012
Ran by mgk (administrator) on 26-04-2012 at 20:04:04
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
Intel® 82566MM Gigabit Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : quannumire

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN

Physical Address. . . . . . . . . : 00-1D-E0-A4-B6-C3

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.213

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Thursday, April 26, 2012 7:44:44 PM

Lease Expires . . . . . . . . . . : Friday, April 27, 2012 7:44:44 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® 82566MM Gigabit Network Connection

Physical Address. . . . . . . . . : 00-1B-38-F3-02-EC

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 72.14.204.101, 72.14.204.113, 72.14.204.100, 72.14.204.138
72.14.204.102



Pinging google.com [72.14.204.102] with 32 bytes of data:



Reply from 72.14.204.102: bytes=32 time=20ms TTL=54

Request timed out.



Ping statistics for 72.14.204.102:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 20ms, Average = 20ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=63ms TTL=55

Reply from 209.191.122.70: bytes=32 time=63ms TTL=55



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 63ms, Maximum = 63ms, Average = 63ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=48

Reply from 127.0.0.1: bytes=32 time<1ms TTL=48



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d e0 a4 b6 c3 ...... Intel® Wireless WiFi Link 4965AGN - Packet Scheduler Miniport
0x3 ...00 1b 38 f3 02 ec ...... Intel® 82566MM Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.213 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.213 192.168.1.213 30
192.168.1.0 255.255.255.0 192.168.1.213 192.168.1.213 25
192.168.1.213 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.213 192.168.1.213 25
224.0.0.0 240.0.0.0 192.168.1.213 192.168.1.213 25
255.255.255.255 255.255.255.255 192.168.1.213 3 1
255.255.255.255 255.255.255.255 192.168.1.213 192.168.1.213 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/26/2012 07:45:01 PM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 07:24:09 PM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 07:24:04 PM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 04:53:54 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/26/2012 04:21:42 PM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 04:21:37 PM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 04:21:29 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (04/26/2012 04:12:16 PM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 04:06:23 AM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 02:17:48 AM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.


System errors:
=============
Error: (04/26/2012 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MpFilter
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
RsvLock
Tcpip

Error: (04/26/2012 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (04/26/2012 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (04/26/2012 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (04/26/2012 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (04/26/2012 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (04/26/2012 07:27:06 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/26/2012 07:26:57 PM) (Source: DCOM) (User: mgk)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (04/26/2012 07:22:41 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/26/2012 07:22:37 PM) (Source: DCOM) (User: mgk)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================
Error: (04/26/2012 07:45:01 PM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 07:24:09 PM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 07:24:04 PM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 04:53:54 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.0.1526.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (04/26/2012 04:21:42 PM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 04:21:37 PM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 04:21:29 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (04/26/2012 04:12:16 PM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 04:06:23 AM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (04/26/2012 02:17:48 AM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.


=========================== Installed Programs ============================

Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe After Effects CS3 Presets (Version: 8)
Adobe AIR (Version: 2.0.2.12610)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Media Live Encoder 3.2 (Version: 3.2.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.1.102.63)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
AIM 7
Apple Application Support (Version: 1.1.0)
Apple Software Update (Version: 2.1.1.116)
Ares 2.1.5 (Version: 2.1.5-Build#3039)
Audacity 1.2.6
Banshee Screamer Alarm 2.55
CDex extraction audio
Device Access Manager for HP ProtectTools (Version: 2.0.0.0)
DJ_SF_03_D4300_Software_Min (Version: 110.0.206.000)
Drive Encryption for HP ProtectTools (Version: 1.0.2)
Embedded Security for HP ProtectTools (Version: 5.0.1)
FlashFXP v3 (Version: 3.6.0.1240.4)
Free Mp3 Wma Converter V 1.91 (Version: 1.91.0.0)
GonVisor 1.74
Google Update Helper (Version: 1.3.21.111)
HP 3D DriveGuard (Version: 1.00 A4)
HP Deskjet D4300 Printer Driver 11.0 Rel .3 (Version: 11.0)
HP ProtectTools Security Manager (Version: 3.00 A10)
Intel® Active Management Technology Device Software
Intel® Management Engine Interface
Intel® PRO Network Connections Drivers
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
LAME v3.98.2 for Audacity
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mIRC (Version: 6.35)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.1 (Version: 3.1.9420)
PDF Settings (Version: 1.0)
QuickTime (Version: 7.65.17.80)
RICOH R5C853 Driver Ver.1.00.02 (Version: 1.00.02)
Soft Data Fax Modem with SmartCP
SoundMAX (Version: 5.10.01.5180)
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 9.1.11.0)
Toolbox (Version: 110.0.180.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
Veetle TV (Version: 0.9.19)
VisualRoute Lite Edition
VLC media player 1.0.3 (Version: 1.0.3)
vShare Plugin
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.572 )
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip 12.1 (Version: 12.1.8519)
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 2031.23 MB
Available physical RAM: 1143.15 MB
Total Pagefile: 3922.72 MB
Available Pagefile: 3403.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.04 GB) (Free:30.83 GB) NTFS

========================= Users: ========================================

User accounts for \\QUANNUMIRE

Administrator Guest HelpAssistant
mgk SUPPORT_388945a0


**** End of log ****


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 20:11:21
-----------------------------
20:11:21.625 OS Version: Windows 5.1.2600 Service Pack 3
20:11:21.625 Number of processors: 2 586 0xF0B
20:11:21.625 ComputerName: QUANNUMIRE UserName: mgk
20:11:27.781 Initialize success
20:11:43.531 AVAST engine defs: 12042601
20:11:45.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:11:45.515 Disk 0 Vendor: Hitachi_ BBCO Size: 152627MB BusType: 3
20:11:45.578 Disk 0 MBR read successfully
20:11:45.578 Disk 0 MBR scan
20:11:45.765 Disk 0 Windows XP default MBR code
20:11:45.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
20:11:45.812 Disk 0 scanning sectors +312560640
20:11:45.937 Disk 0 scanning C:\WINDOWS\system32\drivers
20:12:07.625 Service scanning
20:12:26.984 Service MpKsleed62b2c c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50AB302B-F5AB-405C-9A1A-6DB2DC73A48E}\MpKsleed62b2c.sys **LOCKED** 32
20:12:39.062 Service SafeBoot C:\WINDOWS\System32\Drivers\SafeBoot.sys **LOCKED** 32
20:12:47.968 Modules scanning
20:13:10.171 Disk 0 trace - called modules:
20:13:10.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
20:13:10.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6c06b0]
20:13:10.187 3 CLASSPNP.SYS[f74f7fd7] -> nt!IofCallDriver -> [0x8a67b0e0]
20:13:10.187 5 hpdskflt.sys[f7508ffd] -> nt!IofCallDriver -> \Device\00000096[0x8a681998]
20:13:10.187 7 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a706030]
20:13:10.906 AVAST engine scan C:\WINDOWS
20:13:32.781 AVAST engine scan C:\WINDOWS\system32
20:17:06.359 AVAST engine scan C:\WINDOWS\system32\drivers
20:17:25.765 AVAST engine scan C:\Documents and Settings\mgk
20:36:45.656 AVAST engine scan C:\Documents and Settings\All Users
20:37:34.000 Scan finished successfully
20:38:17.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mgk\Desktop\uhoh\bleeping\MBR.dat"
20:38:17.343 The log file has been saved successfully to "C:\Documents and Settings\mgk\Desktop\uhoh\bleeping\aswMBRLOGFILE.txt"


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.26.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mgk :: QUANNUMIRE [administrator]

4/26/2012 8:41:17 PM
mbam-log-2012-04-26 (20-41-17).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278966
Time elapsed: 1 hour(s), 31 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 99977 bytes

User: mgk
->Temp folder emptied: 147259947 bytes
->Temporary Internet Files folder emptied: 112972169 bytes
->Java cache emptied: 37453923 bytes
->FireFox cache emptied: 256748309 bytes
->Flash cache emptied: 4351395 bytes

User: NetworkService
->Temp folder emptied: 3458444 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31161 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 214237539 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 10083543 bytes
Process complete!

Total Files Cleaned = 752.00 mb


I've just run ESET Online Scanner with "No threats found." Though I did not have an option to save the log.

That's where I'm at now. The only trouble I am noticing is Malwarebytes inability to complete a scan in Safe Mode.

What's going on here? Am I in trouble?

Thank you in advance for any help.

BC AdBot (Login to Remove)

 


#2 brainticket

brainticket
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 26 April 2012 - 11:45 PM

Reviewing my own post here, I noticed Security Check telling me I have an outdated version of Java running, which is untrue.

---
Verified Java Version
Congratulations!
You have the recommended Java installed (Version 6 Update 31).
---

as told to me by

http://www.java.com/en/download/installed.jsp?jre_version=1.6.0_31&vendor=Sun+Microsystems+Inc.&os=Windows+XP&os_version=5.1


And I even used JavaRa to uninstall all antiquated Java files remaining on my HD.

Just thought I'd add that, for the record.

#3 brainticket

brainticket
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 30 April 2012 - 10:15 PM

I've also tried running SUPERAntiSpyware Free Edition as suggested in one of the stickied posts on this forum.

In Normal Mode it picks up nothing but tracking cookies.
In Safe Mode the machine shuts down, same as it does when running Malwarebytes.

Looking for some insight here, please.

Edited by brainticket, 30 April 2012 - 10:15 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 01 May 2012 - 07:37 PM

Hello. I can promise you that JAVA is at Ver 7.4

See if this fixes MBAM:
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.



About JAVA here is my canned to repair it. From the download page see (2nd from bottom)
Windows x86 Offline (32-bit) 20.08 MB jre-7u4-windows-i586.exe


Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.



Now you have a lot of errors. Possibly they are regisistry errors,perheps from a cracked software.

See the System errors: segment of the Minitoolbox log. If you incidencs oy=ther that the MBAm,say internet issues,yu will need to ask about those in XP forum.
=============
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 brainticket

brainticket
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 02 May 2012 - 12:19 AM

boopme, thanks for your time and the help!

I've followed your fist set of instructions regarding Malwarebytes, here is that log.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.02.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mgk :: QUANNUMIRE [administrator]

Protection: Enabled

5/2/2012 1:09:23 AM
mbam-log-2012-05-02 (01-09-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186970
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Now I'm off to mess with Java, and test out things in Safe Mode.

#6 brainticket

brainticket
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 02 May 2012 - 12:42 AM

Alright, Java issues handled as per your instructions. Thank you again boopme!

I was able to complete a Quick Scan in Safe Mode with Malwarebytes, here is that log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.02.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
mgk :: QUANNUMIRE [administrator]

Protection: Disabled

5/2/2012 1:32:31 AM
mbam-log-2012-05-02 (01-32-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185746
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Getting pretty excited over here!!!

Later on when I have some time I'll run a full scan with Malwarebytes in Safe Mode and report back.

I do see all the other errors you pointed out, but I really haven't noticed any other troubles... Will keep an eye out though.

Thank you so much.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 02 May 2012 - 10:03 AM

OK, sounds good to me.. You're welcome..

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:

Edited by boopme, 02 May 2012 - 09:14 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 brainticket

brainticket
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 02 May 2012 - 08:56 PM

boopme, I'm afraid I may not be out of the woods quite yet =(

This afternoon I booted up in Safe Mode and ran a Malwarebytes Full Scan - and the PC shut down part way through.

Please advise.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 02 May 2012 - 09:17 PM

OK, Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 brainticket

brainticket
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 02 May 2012 - 09:53 PM

Right on, it'll take me a day or two to dig up the system cd... it's around here somewhere, for sure. Thanks for your attentiveness boopme. Talk again in a couple days.

Edited by brainticket, 02 May 2012 - 09:53 PM.


#11 brainticket

brainticket
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 09 May 2012 - 04:51 PM

boopme, I'm actually in the middle of a move here, and while going through my things as I pack them, I can not for the life of me locate the XP disc that came along with this laptop... Safe Mode problems persist.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 09 May 2012 - 06:16 PM

A couple Few options.
One ..you can run it and it may not ask for the disk.
Two .. you can use anyone's XP disk as you are not installing the system.
three .. Write down what it asks for and we can ask in XP if any one has what you need.

Edited by boopme, 09 May 2012 - 06:17 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 brainticket

brainticket
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 10 May 2012 - 02:25 PM

Found my XP disc last night. Ran System File Checker, which did in fact need the disc - something about .DLL files very early on. Progress bar moved from left to right, and upon finish simply disappeared without saying a thing... so I ran SFC again, same results.

Boot to Safe Mode, still can not complete a full scan without shutdown.

#14 brainticket

brainticket
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 10 May 2012 - 02:29 PM

Again, my laptop seems to be running fine - it's just that I'm worried that if I find myself in a similar bind as to what got me here in the first place, I'd be in deep trouble.

Talking to a couple computer literates in my inner circle, and they've suggested I back up my HD elsewhere, wipe the drive, starting anew with a fresh install... which is I guess the best/safest bet, just not how I *wanted* to spend a day.

Could be I'm running out of options though, and do need to play it safe.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:24 PM

Posted 10 May 2012 - 08:06 PM

Do the DLL items still come up after a reboot?

Having no sfae mode is a problem.

Let us see if we can get Safe mode to run.
Vista users my need to save it to the desktop first then right-click the icon and choose "Run as Administrator".

Please download and run SafeBootKeyRepair.exe.

Once it has completed, please try booting into Safe Mode.


I cannot argue the reinstall if that is what the final answer is and I can post you some info if you want.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users