Solved

Win 7 - can't run combofix, safe mode starts in low res

Posted on 2013-11-23
19
618 Views
Last Modified: 2013-11-26
Yes, it's a multi-question!  But they might be connected.

Running Windows 7 Pro SP1 (32 bit).  I tried running Combofix numerous times, with anti-virus installed and uninstalled.  It freezes the whole computer right after it says it will start to scan, which usually takes ten minutes.  It never gets to the part where it shows the stages.

I decided to try it in Safe Mode, and to my surprise Safe Mode starts in low res (640 x 480).  I cannot change it in properties.  Very weird.  

My motherboard (Gigabyte ga-970a-ud3) doesn't come with a graphic chip, so I have an Nvidia GeForce GT 520.  

This all started a couple of days ago, when MBAM gave hourly notices about blocking avast from accessing a website.  After uninstalling, it's apparent that it's Firefox, not Avast, that's doing that.  Might just be a banner ad that I can't find, but I thought a full scan was in order.  MBAM and Avast! scans come up with nothing, as does TDSSKiller.  I thought Combofix might be a good idea.

As often happens, that led to the Combofix freeze and then the Safe Mode weirdness.  Any thoughts on the subject would be appreciated.
0
Comment
Question by:therealex123
  • 6
  • 4
  • 3
  • +2
19 Comments
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Try doing a full scan (a couple of hours) with Malwarebytes. Does that reveal more viruses?  If Combofix will not load/run, you may have a root kit viruses or a virus that is turning off A/V in your computer.

Try the above and let us know. At the stage you are at, you might be in for a fresh install of Windows so keep that in mind.

... Thinkpads_User
0
 
LVL 18

Assisted Solution

by:hopeleonie
hopeleonie earned 250 total points
Comment Utility
Step 1:

Download OTL:
http://oldtimer.geekstogo.com/OTL.exe

And save it to your Desktop

Step 2:

Run it as an Administrator and scan with these settings:

OTL Settings
Note you have to Include 64bit Scans only in 64bit Systems!


Step 3:

OTL will create 2 logs on the Desktop (OTL.Txt & Extras.Txt) . Please post them to us.
0
 

Author Comment

by:therealex123
Comment Utility
Should I post the actual file contents or add them as an attachment?  I looked through the results, can't find a darn thing that looks out of place!  

The only weird thing is in the Alternate Data Streams section a bunch of stuff (some of it quite old) attributed to Roxio EMC Stream.  I had Roxio Easy Media Creator 10 installed some time ago, but it never worked right and I eventually uninstalled it.

Don't get thrown by the folder "Hacking".  I'm taking a White Hat Hacking course on Udemy, no funny stuff going on there!
0
 
LVL 18

Expert Comment

by:hopeleonie
Comment Utility
Please post both as attachments. :-)
0
 
LVL 91

Expert Comment

by:nobus
Comment Utility
>>  to my surprise Safe Mode starts in low res (640 x 480).  I cannot change it in properties.  Very weird.  <<<   no  - not at all
safe mode does not load drivers - other than basic ones, so it always is in 640x480.
0
 

Author Comment

by:therealex123
Comment Utility
Hi Nobus,

I realize safe mode doesn't load drivers, but I've gone into safe mode many times.  I haven't seen it in 8 bit resolution since Windows 98 for safe mode.  Plus, it's usually 800 x 600, not 640 x 480.  Something is wrong.
0
 

Author Comment

by:therealex123
Comment Utility
Hopeleonie - I've attached the logs.  I appreciate your help, I'd be really interested to see if you can find anything there!  I've looked, but don't see anything unusual.  I also used Process Explorer and don't see any rogue processes.

According to my MBAM logs, the attempts to connect stopped at about 3:00 pm yesterday.  I believe that at the point I had closed a browser window to the site http://www.thedogchick.com (we're looking for a dog trainer, and she was recommended).  Seeing that the attempts had stopped when I checked a few hours later, I re-opened the page to see if they would start again.  So far, nothing.  Very odd.

Thinkpads_user - as I said, MBAM shows nothing.  Neither does a scan with TDSSKiller and an Avast! scan.  A nuke and pave doesn't sound right at this point, but I appreciate your input.

Thanks again to everybody for their comments and help.  Please let me know if you find anything in the logs.
OTL.Txt
Extras.Txt
0
 
LVL 18

Expert Comment

by:hopeleonie
Comment Utility
Please download Kaspersky Virus Removal Tool and run a full scan:
http://www.kaspersky.com/antivirus-removal-tool-register
0
 
LVL 32

Expert Comment

by:_
Comment Utility
>> Safe Mode starts in low res (640 x 480).  I cannot change it in properties.

Point of clarification, which properties? Or did you mean right click Desktop > Screen Resolution ?

And you are correct about something's wrong, I just checked a W7 Pro I'm futzing with, and it came up in 1024 x 768 (with 800 x600 as the lowest option).

Check to see if you are using the Nvidia drivers, or if Windows Update hijacked the video.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 91

Assisted Solution

by:nobus
nobus earned 125 total points
Comment Utility
right - my bad
but in safe mode, it can point to a bad video card also
you can test if you have a correct resolution when booted from a live cd :
http://www.ubcd4win.com/                              ubcd  Win
ftp://mirrors.kernel.org/knoppix-dvd/KNOPPIX_V7.0.5DVD-2012-12-21-EN.iso      Knoppix
0
 

Author Comment

by:therealex123
Comment Utility
Ok, I booted from Hiren's.  No problem there.  Booted back into Safe Mode, and here's the answer:

Go to right click Desktop > Screen Resolution, click on Advanced Settings.  Click on the Monitor tab.  Change the resolution to 32 bit (you'd think it would be under the adapter settings, but THANKS SO MUCH, MICROSOFT!)  Now, you can change it to the regular resolution.

So, no virus there.  BUT - I STILL can't run combofix.  It still freezes at exactly the same place, right when it says it's going to run and then never actually gets to Stage 1.  

Any ideas are welcome.
0
 
LVL 32

Assisted Solution

by:_
_ earned 125 total points
Comment Utility
>> Now, you can change it to the regular resolution.

ahhhhhh... adding that one to my notes.  Thanks.   : )

As for Combofix, using S.W.A.G., it suggests a hardware issue.
Take it down to basic hardware (take out un-needed addin cards, disable un-needed things in the BIOS, unplug unneeded drives, etc).
If Combofix runs, then add things back, a couple at a time.

If it still doesn't run, maybe it doesn't understand your hard drive setup (AHCI, RAID, etc).
Just a thought...
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
@therealex123  - There may be no viruses now, but there probably were viruses at one point, and it looks like they have permanently corrupted your operating system.

... Thinkpads_User
0
 
LVL 91

Expert Comment

by:nobus
Comment Utility
0
 
LVL 18

Accepted Solution

by:
hopeleonie earned 250 total points
Comment Utility
Did you run Kaspersky Virus Removal Tool?
You should not simply run Combofix, this should be the last option!
But if you want it uninstall Avast and Malwarebytes. Then try to run Combofix.
Will it freeze?
0
 

Author Comment

by:therealex123
Comment Utility
Hopeleonie - I ran kaspersky (I thought I posted that, but I see I didn't).  Nothing.  I'll try running sfc, as Nobus suggested, if that doesn't work, I'll try your suggestion and remove any additions I have on (at this point, I think I just have an SSD attached.)

Thinkpads_user - why do you say " it looks like they have permanently corrupted your operating system."  That's pretty strong.  What are you basing that on?

Thanks again.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
"why do you say"  <-- Because I look at lots of machines on a day to day basis. When viruses attack systems and all manner of anti virus is tried without success, then normally the operating system cannot be repaired. My comment is based on years of experience.  I am just saying "normally"  and "it looks like".

... Thinkpads_User
0
 

Author Comment

by:therealex123
Comment Utility
Nobus - sfc said everything is fine.  

Thinkpads_user - I'm guessing then that you didn't actually look at the logs, you're just assuming that 1. I've had a virus in the past (no, I haven't, not since I did a clean install of this system two years ago), 2. my operating system is hopelessly corrupted (no, if it was a number of other errors would show), 3.  your "years of experience" lead to you to recommend a nuke and pave if you can't come up with a quick answer.  Thanks anyway, but I think I'll troubleshoot this one since the only thing that doesn't work is Combofix.

coral47 - excellent idea.  I'll take off any additional hardware (not much there) and see what happens.  For all I know, it could be my AD/DA converter!  At this point, it's more of a curiosity than a pressing issue, as I no longer have outgoing port attempts and the Safe Mode thing is resolved.

Hopeleonie - I'll boot from another drive that doesn't have any protection on it, just to see what happens.  That will definitely take hardware out of the picture if it works.
0
 
LVL 32

Expert Comment

by:_
Comment Utility
Thank you much.    : )
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now