NT authority system....

View previous topic View next topic Go down

NT authority system....

Post by pBAD on Tue Feb 09, 2010 2:27 am

shuts down my computer ever 15-60 minutes. Please help. I have no idea what to do.
something about a damn DCOM service process launcher service and then a 60 second countdown and then bam...computer resets

Thanks Guys

pBAD
Novice
Novice

Status :
Online
Offline

Posts Posts : 20
Joined Joined : 2009-12-02
OS OS : windows xp

View user profile

Back to top Go down

Re: NT authority system....

Post by Dr Jay on Tue Feb 09, 2010 2:15 pm

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: NT authority system....

Post by pBAD on Tue Feb 09, 2010 11:50 pm

here's my log.....


ComboFix 10-02-09.03 - Diana 02/09/2010 18:18:58.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.140 [GMT -8:00]
Running from: c:\documents and settings\Diana\desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
.

2010-01-23 08:00 . 2010-01-23 08:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-01-13 06:37 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 07:00 . 2007-08-19 19:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 06:59 . 2007-01-09 18:14 -------- d-----w- c:\program files\Bodog Poker
2009-12-25 23:46 . 2009-02-10 04:44 36072 ----a-w- c:\documents and settings\Diana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 05:42 . 2005-05-18 16:56 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2005-05-18 16:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-15 07:45 . 2009-12-15 07:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 07:45 . 2006-05-19 22:59 -------- d-----w- c:\program files\Java
2009-12-15 07:44 . 2009-12-15 07:44 152576 ----a-w- c:\documents and settings\Diana\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 07:44 . 2009-12-15 07:44 79488 ----a-w- c:\documents and settings\Diana\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-09 14:34 . 2009-04-16 02:46 31296 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-21 16:36 . 2005-05-18 16:53 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-04-08 22:24 . 2006-11-23 21:31 177152 ----a-w- c:\program files\utorrent.exe
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-10 02:00 . 2010-02-10 02:00 16384 c:\windows\Temp\Perflib_Perfdata_7d0.dat
- 2010-01-22 09:07 . 2010-02-10 01:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-22 09:07 . 2010-02-10 02:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-05-18 17:33 . 2010-02-10 02:00 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-05-18 17:33 . 2010-02-10 01:31 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-05-18 17:33 . 2010-02-10 02:00 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-05-18 17:33 . 2010-02-10 01:31 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-06 344064]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-02-28 81920]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-02-25 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-02-25 61440]
"Rosary Reminder"="c:\progra~1\VIRTUA~1\reminder.exe" [2001-07-10 46080]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-15 149280]

c:\documents and settings\Diana\Start Menu\Programs\Startup\
GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2009-7-26 425984]
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2005-10-23 118784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Diana^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Diana\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-12-20 06:10 88358 ----a-r- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-07-02 11:48 163840 ----a-r- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJUPDNV_Chitose]
2005-02-11 07:10 249856 ----a-w- c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1171340783\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadFUJ02E3]
2005-02-25 17:13 69632 ----a-w- c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-05-19 22:35 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre1.5.0_06\bin\jusched.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
c:\program files\Winamp\Winampa.exe [BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\utorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\1171340783\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [5/18/2005 10:55 AM 32320]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [5/18/2005 10:55 AM 23200]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 4:46 AM 92008]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/18/2005 9:43 AM 4864]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 12:20 AM 3872]
.
Contents of the 'Scheduled Tasks' folder

2009-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Diana\Application Data\Mozilla\Firefox\Profiles\w4zln4ne.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Diana\Application Data\Mozilla\Firefox\Profiles\w4zln4ne.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-09 18:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x850DC618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7592fc3
\Driver\ACPI -> ACPI.sys @ 0xf7405cb8
\Driver\atapi -> atapi.sys @ 0xf739f7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7293ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7282a0b
SendHandler -> NDIS.sys @ 0xf7296b31
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="97301180042AFD7144904671E355841BA1D61C8888175F86B8F822E235D9BFDEEF16E9695CC7269FC4625EC4BCF1EA994C9670E44E0F097A8A7087980244C3F292C853B447FC92DE03B2DCC46F5A6287C1B273D954A92C70177B63DADB6FC9370DC27E6F3C86310028A576719FC171F6E81901778B31005AA2EED56A21615E201FE1F1ABA641079A9040B54C6602ADBE5B1A4750591853722584510BA34525E6BD69857FE43129074FEF78DCCE1443FA676A4A7D9472873449599E852AE65308907FE405C97CC464A982EF2DD899F40B11A0DF9A0DF9915F6FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452A6A0AC4980AC793308F245903858DFDE80DEDBADF1F4D630219D31BAE318B1B594DE1140B7066DAA94C051341A07C32498B29AA8B47B792798B3BDC83B393C8EDED9972382C1113B6D278D45A9BD529EED360F2EDD4EC209B3AEAB031AAC25525292BDA2069E6E4C3A539E7CE035838870B9EB41FCD90BECCDA160DAC733C4175181B8BEE453FE8E07BF2A065A391251F4DEEA5B47216D2021F4C436342439A4A273C16AE8AA83E8C240DA0256A97C1B341DC56995384A205164C5EF70E962F7EE89968C79047AF341796004B8FB073D4A3FBCCDE4C8C6A163FD53D4B282E641C637F88027D22E7EB8E4EB1508B7B7C038E3945CD610CA0C3F2762A75480AFE51B46AE94A41FA588C552B32F72F9DA64E0FD925F2EDF81FAB4976B1ED309E87E43D3020CC8832FC7E6E0744547F07E9A8D538511D51DDB3D73DA6BE252D80555F7503F1E8F2E5EA50109EB387A62F68BEB7FB9255ABF8D561251631396BB376D590138F5956589C059125CE2A227DA100A7185C06B568FFE882D56420A94FAF9E9FC43321F7D49E99D9B0D0FFCAA05375EEBBF7ADE829CA135784E74BBD90BE40FB2BAE593E2FC265B95C7FD686D14C33F85C2E1AE79375F598C57265B96EA4894637A987D15C5B08748DBE36A036D2CEAA86F777683A0091B1B8342BFE7DDF6272165C48A260B7478CA9CE72994351A81952A2E767E632902A6652D64806EF459D7E1D98F3EF516E90D5FA6F05ED96C86DC5971155BCAF8FC07973C64A7E97AA2C257B9829AF468F9CF7EB03330073763E6E81EDA20E5E85CE8B5398436DFF3DD7234BDFD07BA762E295B88826F333F62EC488374E50B9C57CC60E2289BA68147CBEAAFC068BC7D6D03D42716929380B600EB68B2D950EA8504BB695B58D6788388714DAEB6B56F821AD4794BA723287301CA050A3C13E0653771F5CA844E6196B440CB4E7BA2F09C8143DDA1CDA21912A7E08614E4F33CD7E32E9FC8C92DF7ED30D5D04B58C65BD01E91293CB91369EC7E2E8D0E3AD571A157A1F5CA66D9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-02-09 18:33:18
ComboFix-quarantined-files.txt 2010-02-10 02:33

Pre-Run: 16,061,222,912 bytes free
Post-Run: 16,026,402,816 bytes free

- - End Of File - - 443CE2561C9A8171C288537E4C46B6E6

pBAD
Novice
Novice

Status :
Online
Offline

Posts Posts : 20
Joined Joined : 2009-12-02
OS OS : windows xp

View user profile

Back to top Go down

Re: NT authority system....

Post by Dr Jay on Wed Feb 10, 2010 4:26 am

Please download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: NT authority system....

Post by pBAD on Thu Feb 11, 2010 2:38 am

I can't get the program to complete it's scan before the virus kicks in and resets my comp.

any suggestions?

pBAD
Novice
Novice

Status :
Online
Offline

Posts Posts : 20
Joined Joined : 2009-12-02
OS OS : windows xp

View user profile

Back to top Go down

Re: NT authority system....

Post by Dr Jay on Thu Feb 11, 2010 4:13 am

Copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

Code:
@echo off
Copy /y gmer.exe ark.exe
Start ark.exe

Save it into the gmer folder as File name: ark.cmd
Save as type: All Files

Once done, double click ark.cmd to run it.

This should start GMER, follow the steps I have outlined earlier to save a log file, then post me the contents in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: NT authority system....

Post by pBAD on Thu Feb 11, 2010 9:57 pm

ok thanks...i'll try that in a bit.

now i get a message come up when i start that says:

to help protect your computer, windows has closed this program.
name: generic host process for win32 services
publisher: microsoft corporation

pBAD
Novice
Novice

Status :
Online
Offline

Posts Posts : 20
Joined Joined : 2009-12-02
OS OS : windows xp

View user profile

Back to top Go down

Re: NT authority system....

Post by pBAD on Thu Feb 11, 2010 10:12 pm

now i'm completely incapable of starting windows...

i get some blue screen with text but it flashes to fast to make out what it says then the system restarts?

sounds like i'm gonna need a new comp Annoyed or Unimpress

pBAD
Novice
Novice

Status :
Online
Offline

Posts Posts : 20
Joined Joined : 2009-12-02
OS OS : windows xp

View user profile

Back to top Go down

Re: NT authority system....

Post by Dr Jay on Fri Feb 12, 2010 5:24 pm

The rootkit shut you down. Bah!

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the [You must be registered and logged in to see this link.] file format. Avira uses an EXE that has built-in CD burning capability.
If you are not sure how to burn an image, please read [You must be registered and logged in to see this link.]. If you need a FREE utility to burn the ISO image, download and use [You must be registered and logged in to see this link.].

Let me know how it goes.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: NT authority system....

Post by pBAD on Tue Feb 23, 2010 1:12 am

sorry for the delay.

running a scan now but i didn't let me update. I downloaded the kaspersky rescue disk

I'll post the report shortly.

Thanks again.

pBAD
Novice
Novice

Status :
Online
Offline

Posts Posts : 20
Joined Joined : 2009-12-02
OS OS : windows xp

View user profile

Back to top Go down

Re: NT authority system....

Post by Dr Jay on Tue Feb 23, 2010 2:15 am

Oh ok.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: NT authority system....

Post by pBAD on Tue Feb 23, 2010 3:12 am

hmm....

after a few tries the computer just shuts off mid scan

pBAD
Novice
Novice

Status :
Online
Offline

Posts Posts : 20
Joined Joined : 2009-12-02
OS OS : windows xp

View user profile

Back to top Go down

Re: NT authority system....

Post by Dr Jay on Wed Feb 24, 2010 4:14 am

First
[You must be registered and logged in to see this link.] this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. [You must be registered and logged in to see this link.]

Second
  • Download [You must be registered and logged in to see this link.] and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: NT authority system....

Post by pBAD on Sun Feb 28, 2010 3:23 am

ok so computer now doesn't stay on long enough to even run the boot disk. anymore suggestions before it's time to pull the plug?

pBAD
Novice
Novice

Status :
Online
Offline

Posts Posts : 20
Joined Joined : 2009-12-02
OS OS : windows xp

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum