1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive MBAM, GMER, MBR, and DDS logs

Discussion in 'Malware and Virus Removal Archive' started by MinnesotaMike, 2011/03/17.

Page 2 of 2
  1. 2011/03/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
IE - HKU\S-1-5-21-3323131343-1183404410-2123129801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>;*.local
FF - prefs.js..browser.search.defaultengine:  "Ask.com "
FF - prefs.js..browser.search.defaultenginename:  "Ask.com "
FF - prefs.js..browser.search.order.1:  "Ask.com "
FF - prefs.js..browser.search.selectedEngine:  "Ask.com "
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..keyword.URL:  "http://websearch.ask.com/redirect?client=ff&src=kw&tb=MP3R7&o=15863&locale=en_US&apn_uid=816F264D-7C85-47C7-9AED-D0AE5DB77C3D&apn_ptnrs=RV&apn_sauid=&apn_dtid=&q= "
[2010/10/24 16:05:14 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\6skf5dh3.default\ext ensions\toolbar@ask.com
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3323131343-1183404410-2123129801-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3323131343-1183404410-2123129801-1000\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-AUVVK.exe ()
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3323131343-1183404410-2123129801-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolba...lerControl.cab (Reg Error: Key error.)
O33 - MountPoints2\{0ad27394-ff9a-11de-b0c3-001b24f96626}\Shell - " " = AutoRun
O33 - MountPoints2\{0ad27394-ff9a-11de-b0c3-001b24f96626}\Shell\AutoRun\command - " " =  "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a4801be7-64e4-11df-913f-001b24f96626}\Shell - " " = AutoRun
O33 - MountPoints2\{a4801be7-64e4-11df-913f-001b24f96626}\Shell\AutoRun\command - " " =  "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ab1edc80-0af8-11e0-84e0-001b24f96626}\Shell\AutoRun\command - " " = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{b31cf697-fe39-11de-b18c-001b24f96626}\Shell - " " = AutoRun
O33 - MountPoints2\{b31cf697-fe39-11de-b18c-001b24f96626}\Shell\AutoRun\command - " " =  "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{b31cf6b0-fe39-11de-b18c-001b24f96626}\Shell - " " = AutoRun
O33 - MountPoints2\{b31cf6b0-fe39-11de-b18c-001b24f96626}\Shell\AutoRun\command - " " =  "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e1c71dfd-68d7-11df-86d4-001b24f96626}\Shell - " " = AutoRun
O33 - MountPoints2\{e1c71dfd-68d7-11df-86d4-001b24f96626}\Shell\AutoRun\command - " " =  "F:\WD SmartWare.exe" autoplay=true
[20 C:\Users\Nick\Documents\*.tmp files -> C:\Users\Nick\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2011/03/17 19:38:25 | 000,709,456 | ---- | M] () -- C:\Windows\is-AUVVK.exe
[2011/03/17 19:38:25 | 000,010,562 | ---- | M] () -- C:\Windows\is-AUVVK.msg
[2011/03/17 19:38:25 | 000,000,361 | ---- | M] () -- C:\Windows\is-AUVVK.lst
[2010/07/17 01:35:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 "DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    See, if you can boot normally....
     
    broni,
    #21
  2. 2011/03/19
    MinnesotaMike

    MinnesotaMike Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,396
    Likes Received:
    3
    I am posting this is SAFE mode and will check to see if I can boot normally after this.


    All processes killed
    ========== OTL ==========
    Service pavboot stopped successfully!
    Service pavboot deleted successfully!
    C:\Windows\System32\drivers\pavboot.sys moved successfully.
    HKU\S-1-5-21-3323131343-1183404410-2123129801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "Ask.com" removed from browser.search.order.1
    Prefs.js: "Ask.com" removed from browser.search.selectedEngine
    Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
    Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=MP3R7&o=15863&locale=en_US&apn_uid=816F264D-7C85-47C7-9AED-D0AE5DB77C3D&apn_ptnrs=RV&apn_sauid=&apn_dtid=&q=" removed from keyword.URL
    Folder C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\6skf5dh3.default\ext ensions\toolbar@ask.com\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-3323131343-1183404410-2123129801-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3323131343-1183404410-2123129801-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.0000000001 deleted successfully.
    C:\Windows\is-AUVVK.exe moved successfully.
    Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
    Registry value HKEY_USERS\S-1-5-21-3323131343-1183404410-2123129801-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control CabBuilder
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ad27394-ff9a-11de-b0c3-001b24f96626}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ad27394-ff9a-11de-b0c3-001b24f96626}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ad27394-ff9a-11de-b0c3-001b24f96626}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ad27394-ff9a-11de-b0c3-001b24f96626}\ not found.
    File "F:\WD SmartWare.exe" autoplay=true not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4801be7-64e4-11df-913f-001b24f96626}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4801be7-64e4-11df-913f-001b24f96626}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4801be7-64e4-11df-913f-001b24f96626}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4801be7-64e4-11df-913f-001b24f96626}\ not found.
    File "F:\WD SmartWare.exe" autoplay=true not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab1edc80-0af8-11e0-84e0-001b24f96626}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab1edc80-0af8-11e0-84e0-001b24f96626}\ not found.
    File F:\InstallTomTomHOME.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b31cf697-fe39-11de-b18c-001b24f96626}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b31cf697-fe39-11de-b18c-001b24f96626}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b31cf697-fe39-11de-b18c-001b24f96626}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b31cf697-fe39-11de-b18c-001b24f96626}\ not found.
    File "H:\WD SmartWare.exe" autoplay=true not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b31cf6b0-fe39-11de-b18c-001b24f96626}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b31cf6b0-fe39-11de-b18c-001b24f96626}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b31cf6b0-fe39-11de-b18c-001b24f96626}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b31cf6b0-fe39-11de-b18c-001b24f96626}\ not found.
    File "F:\WD SmartWare.exe" autoplay=true not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1c71dfd-68d7-11df-86d4-001b24f96626}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1c71dfd-68d7-11df-86d4-001b24f96626}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1c71dfd-68d7-11df-86d4-001b24f96626}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1c71dfd-68d7-11df-86d4-001b24f96626}\ not found.
    File "F:\WD SmartWare.exe" autoplay=true not found.
    C:\Users\Nick\Documents\~WRL0004.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL0336.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL0359.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL0508.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL0539.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL0554.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL0801.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL0863.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL0977.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL2200.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL2417.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL2682.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL2864.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL2881.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL2998.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL3235.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL3333.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL3484.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL3660.tmp deleted successfully.
    C:\Users\Nick\Documents\~WRL3871.tmp deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    File C:\Windows\is-AUVVK.exe not found.
    C:\Windows\is-AUVVK.msg moved successfully.
    C:\Windows\is-AUVVK.lst moved successfully.
    C:\ProgramData\ezsidmv.dat moved successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Nick
    ->Temp folder emptied: 15895068 bytes
    ->Temporary Internet Files folder emptied: 270609023 bytes
    ->Java cache emptied: 66367577 bytes
    ->FireFox cache emptied: 71176716 bytes
    ->Google Chrome cache emptied: 8343184 bytes
    ->Apple Safari cache emptied: 3644416 bytes
    ->Flash cache emptied: 1987578 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 72997569 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13165721 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 43602826 bytes
    RecycleBin emptied: 1748 bytes

    Total Files Cleaned = 541.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Nick
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03192011_063317

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Nick\AppData\Local\Temp\OICE_E0F0E221-B049-4B8F-9672-2E79F498099D.0\53A94FF5. not found!
    File\Folder C:\Users\Nick\AppData\Local\Temp\OICE_D63BEC76-2A01-4826-8E79-CD45B764540A.0\F49F59A8. not found!
    File\Folder C:\Users\Nick\AppData\Local\Temp\OICE_B820C50E-08A9-452B-8EFC-DEF40B3EA521.0\213040EA. not found!
    File\Folder C:\Users\Nick\AppData\Local\Temp\OICE_7F9592E3-D926-4571-B237-28508BEE81A6.0\415C8AD1. not found!
    File\Folder C:\Users\Nick\AppData\Local\Temp\OICE_587E414C-410A-4FAF-9A5A-1CBAF69EEE85.0\CF5856E8. not found!
    File\Folder C:\Users\Nick\AppData\Local\Temp\OICE_1D576912-C8CC-4BE6-8B22-73C63B5C6632.0\787262BB. not found!

    Registry entries deleted on Reboot...
     
    Last edited: 2011/03/19
    MinnesotaMike,
    #22


  3. to hide this advert.

  4. 2011/03/19
    MinnesotaMike

    MinnesotaMike Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,396
    Likes Received:
    3
    Broni,

    No luck on the boot into normal mode. It still hangs at the point of the black screen and progress bar.
     
    MinnesotaMike,
    #23
  5. 2011/03/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    While in safe mode....

    Go Start>Run (Start Search in Vista), type in:
    msconfig
    Click OK (hit Enter in Vista).

    Click on Startup tab.
    Click Disable all
    IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

    Click Services tab.
    Put checkmark in Hide all Microsoft services
    Click Disable all.

    Click OK.
    Restart computer in Normal Mode.

    NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
    If you use Windows firewall, you're fine.

    Same problem?
     
    broni,
    #24
  6. 2011/03/19
    MinnesotaMike

    MinnesotaMike Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,396
    Likes Received:
    3
    Everything was disabled on the Startup tab except SuperAntiSpyware. I disabled that and disabled all non-Microsoft services. It's been running about 20 minutes now and it's still stuck on the black screen with the progress bar. So, it's a no go. :(
     
    MinnesotaMike,
    #25
  7. 2011/03/20
    MinnesotaMike

    MinnesotaMike Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,396
    Likes Received:
    3
    Hi Broni,

    I made some progress last night, or early this morning to be exact. :) I decided to try old F11 again even though my son had been through that route and nothing helped. But, with all the cleaning you had me do, something worked. I went into the repair option and ended up doing a scandisk on the C: drive. It took forever to run and it looked like it fixed some files. At any rate, the scandisk finished and I rebooted as instructed. I let it boot normally and Windows came up. No problems. I immediately backed up all important files and folders, just in case. I rebooted to see if I could get in again and no problems again.

    So, I went into MSCONFIG and re-enabled all startups and services. I rebooted and no problems getting in. I connected to the Internet to update a couple things and Windows Update proceeded to download updates. I stopped that, changed the settings to only notify before doing anything, and unchecked all downloaded updates hoping to stop them from installing. I thought I was fine and decided to reboot again.

    I have been stuck on the "Configuring Updates" screen for about an hour now. So, obviously, that will still be a problem. Since my son is leaving tomorrow morning, I think we will just recover the system and start fresh. The only problem is figuring out which update is messing up the system. We'll have to go slow I guess.

    Thanks for all your help!! I appreciate your time and efforts. I'll mark this thread resolved since it was until Windows Update got a hold of things.

    Mike

    OK, maybe you need to mark it resolved since I don't have that option.
     
    MinnesotaMike,
    #26
  8. 2011/03/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good job you've done :)

    I'm not sure, if this computer is really clean, but since you decided to reinstall, it really doesn't matter.

    However, since chkdsk found some issues, I'd strongly recommend you run hard drive diagnostic before going through all reinstallation trouble.

    Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287 (or http://www.bleepingcomputer.com/forums/index.php?showtopic=28744&hl=hard+drive+diagnostic)
    Make sure, you select tool, which is appropriate for the brand of your hard drive.
    Depending on the program, it'll create bootable floppy, or bootable CD.
    If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
    For Toshiba hard drives, see here: http://sdd.toshiba.com/main.aspx?Pa...rivesUSandCanada/SoftwareUtilities#diagnostic

    Note : If you do not know how to set your computer to boot from CD follow the steps HERE

    I'll mark this thread as "Inactive" since we really didn't solve anything.

    Good luck.
     
    broni,
    #27
  9. 2011/03/20
    MinnesotaMike

    MinnesotaMike Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,396
    Likes Received:
    3
    Sounds good, I'll check the hard drive before I reinstall.
     
    MinnesotaMike,
    #28
  10. 2011/03/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Cool :)
     
    broni,
    #29
  11. 2011/03/20
    MinnesotaMike

    MinnesotaMike Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,396
    Likes Received:
    3
    The drive is showing numerous errors with the manufacturer's (Samsung) testing program. Looks like I'll need a new hard drive after only 3 years. :mad:
     
    MinnesotaMike,
    #30
  12. 2011/03/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good thing, you ran it before going for reinstall.
    Hard drive are weird animals.
    I had one, which failed after 6 weeks!
     
    broni,
    #31
  13. 2011/03/20
    MinnesotaMike

    MinnesotaMike Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,396
    Likes Received:
    3
    I've always had really good luck. Then again, i stick with Western Digital drives. Unfortunately, you never have a choice when they build the system for you. :rolleyes: I couldn't find one in town, so I'll have to wait a couple days until the new one arrives.
     
    MinnesotaMike,
    #32
  14. 2011/03/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It really doesn't matter, which known brand you buy.
    As you said, sometimes.....just bad luck.
     
    broni,
    #33
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...