177 replies to this topic

[oldman960]

Hi Ithsinc,

I see a few things in your logs.

• No antivirus program??
• DDS reports no current System Restore points
• some mangled file associations
• some old programs

The file associations may explain the slowness you experienced and most certainly the problem with DDS.scr. They may have been changed by malware. We'll deal with these in order.

First make sure System Restore is turned on.

• Click your start button
• right click on My Computer and select properties
• Click the System Restore tab
• Make sure there isn't a check mark beside Turn off System Restore
• If it is checked click it to clear it
• click Apply, click OK

If everthing is ok there, create a Restore point

• Go to Start - All Programs - Accessories - System Tools - System Restore.
• Click Create a restore point, and then click Next.
• In the text box labeled Restore Point Description, type a name for this restore point
• click create

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield
• Do not copy the word CODE , please note the script starts with the :
  

  :filefind
  notepad.*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Let's see if MBAM will straighten out the file associations.

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

• Click the Update tab
• Click Check for Updates
• If an update is found, it will download and install the latest version.
• The program will close to update and reopen.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with

• SystemLook.txt
• MBAM log

Are you still experiencing problems?

[oldman960]

Hi, Still with us?

[oldman960]

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

[oldman960]

This topic has been reopened by request of the starter of this topic. Or it has been moved to the correct forum

[lthsinc]

Hello again, Below are the two logs, and right now the only other thing that has come back is looping twice when I reboot. It had gone away, but is doing it again most of the time. It will go through to the Windows splash screen, then restart again before fully loading. System Look log: SystemLook 04.09.10 by jpshortstuff Log created at 09:11 on 03/01/2011 by TEST Administrator - Elevation successful ========== filefind ========== Searching for "notepad.*" C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk --a--c- 1519 bytes [03:08 28/12/2007] [07:25 01/10/2008] 1EFD63C2BF7F02328AFE80A94292EB37 C:\Documents and Settings\All Users\Application Data\Avery\DesignPro5\Graphics\Backgrounds\Black & White\Notepad.jpg --a--c- 54984 bytes [17:17 26/01/2004] [17:17 26/01/2004] 48775D9AAEF27B1F5C8F24D7B2DC285A C:\Documents and Settings\All Users\Application Data\Avery\DesignPro5\Graphics\Backgrounds\Color\Notepad.jpg --a--c- 78705 bytes [17:21 26/01/2004] [17:21 26/01/2004] 60C9ED021F9A2E150B491A831CED66AD C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE --a--c- 69120 bytes [21:07 08/10/2007] [21:07 08/10/2007] 388B8FBC36A8558587AFC90FB23A3B99 C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk --a--c- 1519 bytes [19:04 10/08/2004] [19:45 11/09/2009] B917A6677CE5F73FC6F48E45003D22A6 C:\Documents and Settings\TEST\Start Menu\Programs\Accessories\Notepad.lnk --a---- 1519 bytes [03:39 28/12/2007] [16:05 12/09/2009] B6B9165118D23016D0B86B37124FEC9E C:\i386\notepad.chm --a--c- 25236 bytes [05:26 27/12/2007] [11:00 04/08/2004] CC28209EAE1F1C3012ACD5FE3E2BF9B9 C:\i386\notepad.exe --a--c- 69120 bytes [05:22 27/12/2007] [11:00 04/08/2004] 388B8FBC36A8558587AFC90FB23A3B99 C:\i386\notepad.hlp --a--c- 12521 bytes [05:26 27/12/2007] [11:00 04/08/2004] EB9D47ECA3C4621620C37170E70AE647 C:\i386\Notepad.lnk --a--c- 1495 bytes [05:16 27/12/2007] [07:33 01/10/2008] 9FA683568C1571D798CCAFB5D2A3D2E4 C:\Program Files\Adobe\Photoshop 7.0\Helpers\Jump To HTML Editor\Notepad.lnk --a--c- 534 bytes [08:11 27/12/2007] [08:11 27/12/2007] EB2EB71CC725EB44FA1DC721CF1164E9 C:\WINDOWS\notepad.exe --a---- 69120 bytes [10:00 04/08/2004] [10:00 04/08/2004] 388B8FBC36A8558587AFC90FB23A3B99 C:\WINDOWS\Help\notepad.chm --a---- 25236 bytes [10:00 04/08/2004] [10:00 04/08/2004] CC28209EAE1F1C3012ACD5FE3E2BF9B9 C:\WINDOWS\Help\notepad.hlp --a---- 12521 bytes [10:00 04/08/2004] [10:00 04/08/2004] EB9D47ECA3C4621620C37170E70AE647 C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf --a---- 53250 bytes [15:39 13/12/2010] [17:17 03/01/2011] 325E90221A57B7238FF38C480DFE79BE C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\notepad.exe --a---- 69120 bytes [16:34 19/03/2010] [00:12 14/04/2008] 5E28284F9B5F9097640D58A73D38AD4C C:\WINDOWS\system32\notepad.exe --a---- 69120 bytes [10:00 04/08/2004] [10:00 04/08/2004] 388B8FBC36A8558587AFC90FB23A3B99 C:\WINDOWS\system32\dllcache\notepad.exe --a--c- 69120 bytes [10:00 04/08/2004] [10:00 04/08/2004] 388B8FBC36A8558587AFC90FB23A3B99 -= EOF =- ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ MBAM log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5448 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 1/3/2011 10:19:51 AM mbam-log-2011-01-03 (10-19-51).txt Scan type: Quick scan Objects scanned: 189007 Time elapsed: 35 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Thank you.

[oldman960]

Hi lthsinc,

Notepad seems to be in the correct location and file associations have been corrected.

Let's see if we can get a BSOD code or error message.

• Click your start button
• Right click on My Computer
• Click properties
• Click the Advanced tab
• In the Startup and Recovery section click settings
• Uncheck Automatic Restart
• Click ok, click apply, click ok

When you start your computer it should give you an error message instead of rebooting. Please post all of the message including the name and any codes on the screen.

Thanks

[lthsinc]

Ok, followed the instructions, restarted, and it started normally. (of course) I tried again, and again, no relooping, then figured one more shot, and here is the error message I finally got on a blue screen: STOP: C0000145 {application error} The application failed to initialize properly (0xc0000005). Click on OK to terminate the application. Naturally there was no way to click on anything, so I forced quit and restarted, which it then started normally again. It seems to do the restart thing every 2nd or 3rd restart for now. Anyway, hope that helps.

[oldman960]

Hi lthsinc,

Sorry about the delays, I'm fighting with a lousy internet connection. I get disconnected after each page. According to the provider there isn't a problem. Go figure.

This may be a symptom or a darddrive failure or a corrupted file system. Let's see if we can get checkdisk to run from the recovery console.

Restat your computer. You should be presented with a screen asking you which operating system do you wish to start. Use the arrow keys to select Microsoft Windows Recovery Console

1. When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
2. You should now see a list of installations and the prompt "Which Windows Installation would you like to log on to?"
3. Select the appropriate number for the Windows installation that you want to repair. If you only have one, press 1.
4. When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

You should now have a C:\windows> prompt

-From the recovery console, type the following command:

chkdsk /r

Hit enter

Note there is a space after chkdsk. It needs to be there.

After it has finished make a note of the results.

Type exit and hit enter . Your computer will now boot to windows. Still having the same problem?

[lthsinc]

I don't get an option to go into the Recovery Console, however I did try to schedule a chkdsk through a command window, where it says it will run on the next restart, I've run those before, but when the computer restarts, it doesn't run it, I've tried twice. (this has happened before as well), and I also tried to make it run by going through the tools tab in the properties window for the hard drive, but to no avail either.

[oldman960]

Hi lthsinc,

Sorry I thought we had used combofix. No matter we'll make a disk.

Please read the instuctions and ask any questions if they are not clear.

Burn recovery console cd

• Download recovery_console_cd.zip file to your drive and extract it to its own folder (c:\recoverycd for example).
• Download floppy disk setup package xp pro for your operating system (XP pro) and save it to the folder you extracted the zip to.
• Rename the floppy disk setup package to Bootdisk.exe.
• Insert a blank cd into your burner.
• Double-click the RecoveryCD.bat file and follow the prompts to burn a cd that will allow you to boot to the recovery console.

Once the CD is made use it to boot the computer.

• Mak sure the computer is set to boot from the CD (you may have that option with the F12 key or will need to set in in the bios. The key to press to enter the bios should appear during startup. It may say something like "Press X key to enter set up.)
• Insert the CD in the computer
• Reboot the computer

Follow the previous instructions for entering the Recovery Console.

Try running chkdsk /r now.

Thanks

[lthsinc]

All your instructions worked perfectly...except it could still not run chkdsk. It identified the volume, etc., but then would just say disc could not be checked. I tried chkdsk /r and chkdsk c: /r but nothing worked.

[oldman960]

Hi lthsinc,

Let's try chkdsk frm a different program.

Download Bootable CD image and save it to your desktop.

• Double click on NTBR_CD.exe and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd
• When BurnCDCC opens, click Start - the CD tray will open
• Insert the disk and click ok.
• Follow the prompts to burn the CD.

When the disk has been burned the CD tray will open.

Close the tray and reboot the computer to the CD

* Once presented with the boot screen please hit ENTER to boot from CD.
* After a warning screen there is a keyboard language options screen - press ENTER to leave it at EN-US.

You should now be at the Tool options screen.

* Type 5 and press ENTER to go to a command prompt.

At the command prompt type the following bolded command then press ENTER

tools\ntfs4dos\chkdsk

You will be prompted (in German) to press Enter.

* Press ENTER to start the check disk utility.

Check Disk will check all attached drives and attempt to correct any errors. Please make a note of any errors found or corrections made.

* When it completes type menu and press ENTER to return to the tools menu.
* Type 6 and press ENTER to quit, then press the Ctrl+Alt+Del keys to restart.


Let us know how you make out.

Thanks

[lthsinc]

Once again, your instructions worked perfectly, right up until I typed in the command tools\ntfs4dos\chkdsk, then all I got as a line .......... (ten periods), then it went back to the command line, nothing else. Tried several times, but could only get another command line.

[oldman960]

Hi lthsinc, Let me check with the developer to see what may be happening. Any other problems, new or old? Thanks

[lthsinc]

Not really, just the double starts, and the occasional stall in a program, but not too bad, mostly running pretty good.