therealex123
asked on
Win 7 - can't run combofix, safe mode starts in low res
Yes, it's a multi-question! But they might be connected.
Running Windows 7 Pro SP1 (32 bit). I tried running Combofix numerous times, with anti-virus installed and uninstalled. It freezes the whole computer right after it says it will start to scan, which usually takes ten minutes. It never gets to the part where it shows the stages.
I decided to try it in Safe Mode, and to my surprise Safe Mode starts in low res (640 x 480). I cannot change it in properties. Very weird.
My motherboard (Gigabyte ga-970a-ud3) doesn't come with a graphic chip, so I have an Nvidia GeForce GT 520.
This all started a couple of days ago, when MBAM gave hourly notices about blocking avast from accessing a website. After uninstalling, it's apparent that it's Firefox, not Avast, that's doing that. Might just be a banner ad that I can't find, but I thought a full scan was in order. MBAM and Avast! scans come up with nothing, as does TDSSKiller. I thought Combofix might be a good idea.
As often happens, that led to the Combofix freeze and then the Safe Mode weirdness. Any thoughts on the subject would be appreciated.
Running Windows 7 Pro SP1 (32 bit). I tried running Combofix numerous times, with anti-virus installed and uninstalled. It freezes the whole computer right after it says it will start to scan, which usually takes ten minutes. It never gets to the part where it shows the stages.
I decided to try it in Safe Mode, and to my surprise Safe Mode starts in low res (640 x 480). I cannot change it in properties. Very weird.
My motherboard (Gigabyte ga-970a-ud3) doesn't come with a graphic chip, so I have an Nvidia GeForce GT 520.
This all started a couple of days ago, when MBAM gave hourly notices about blocking avast from accessing a website. After uninstalling, it's apparent that it's Firefox, not Avast, that's doing that. Might just be a banner ad that I can't find, but I thought a full scan was in order. MBAM and Avast! scans come up with nothing, as does TDSSKiller. I thought Combofix might be a good idea.
As often happens, that led to the Combofix freeze and then the Safe Mode weirdness. Any thoughts on the subject would be appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Should I post the actual file contents or add them as an attachment? I looked through the results, can't find a darn thing that looks out of place!
The only weird thing is in the Alternate Data Streams section a bunch of stuff (some of it quite old) attributed to Roxio EMC Stream. I had Roxio Easy Media Creator 10 installed some time ago, but it never worked right and I eventually uninstalled it.
Don't get thrown by the folder "Hacking". I'm taking a White Hat Hacking course on Udemy, no funny stuff going on there!
The only weird thing is in the Alternate Data Streams section a bunch of stuff (some of it quite old) attributed to Roxio EMC Stream. I had Roxio Easy Media Creator 10 installed some time ago, but it never worked right and I eventually uninstalled it.
Don't get thrown by the folder "Hacking". I'm taking a White Hat Hacking course on Udemy, no funny stuff going on there!
Please post both as attachments. :-)
>> to my surprise Safe Mode starts in low res (640 x 480). I cannot change it in properties. Very weird. <<< no - not at all
safe mode does not load drivers - other than basic ones, so it always is in 640x480.
safe mode does not load drivers - other than basic ones, so it always is in 640x480.
ASKER
Hi Nobus,
I realize safe mode doesn't load drivers, but I've gone into safe mode many times. I haven't seen it in 8 bit resolution since Windows 98 for safe mode. Plus, it's usually 800 x 600, not 640 x 480. Something is wrong.
I realize safe mode doesn't load drivers, but I've gone into safe mode many times. I haven't seen it in 8 bit resolution since Windows 98 for safe mode. Plus, it's usually 800 x 600, not 640 x 480. Something is wrong.
ASKER
Hopeleonie - I've attached the logs. I appreciate your help, I'd be really interested to see if you can find anything there! I've looked, but don't see anything unusual. I also used Process Explorer and don't see any rogue processes.
According to my MBAM logs, the attempts to connect stopped at about 3:00 pm yesterday. I believe that at the point I had closed a browser window to the site http://www.thedogchick.com (we're looking for a dog trainer, and she was recommended). Seeing that the attempts had stopped when I checked a few hours later, I re-opened the page to see if they would start again. So far, nothing. Very odd.
Thinkpads_user - as I said, MBAM shows nothing. Neither does a scan with TDSSKiller and an Avast! scan. A nuke and pave doesn't sound right at this point, but I appreciate your input.
Thanks again to everybody for their comments and help. Please let me know if you find anything in the logs.
OTL.Txt
Extras.Txt
According to my MBAM logs, the attempts to connect stopped at about 3:00 pm yesterday. I believe that at the point I had closed a browser window to the site http://www.thedogchick.com (we're looking for a dog trainer, and she was recommended). Seeing that the attempts had stopped when I checked a few hours later, I re-opened the page to see if they would start again. So far, nothing. Very odd.
Thinkpads_user - as I said, MBAM shows nothing. Neither does a scan with TDSSKiller and an Avast! scan. A nuke and pave doesn't sound right at this point, but I appreciate your input.
Thanks again to everybody for their comments and help. Please let me know if you find anything in the logs.
OTL.Txt
Extras.Txt
Please download Kaspersky Virus Removal Tool and run a full scan:
http://www.kaspersky.com/antivirus-removal-tool-register
http://www.kaspersky.com/antivirus-removal-tool-register
>> Safe Mode starts in low res (640 x 480). I cannot change it in properties.
Point of clarification, which properties? Or did you mean right click Desktop > Screen Resolution ?
And you are correct about something's wrong, I just checked a W7 Pro I'm futzing with, and it came up in 1024 x 768 (with 800 x600 as the lowest option).
Check to see if you are using the Nvidia drivers, or if Windows Update hijacked the video.
Point of clarification, which properties? Or did you mean right click Desktop > Screen Resolution ?
And you are correct about something's wrong, I just checked a W7 Pro I'm futzing with, and it came up in 1024 x 768 (with 800 x600 as the lowest option).
Check to see if you are using the Nvidia drivers, or if Windows Update hijacked the video.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I booted from Hiren's. No problem there. Booted back into Safe Mode, and here's the answer:
Go to right click Desktop > Screen Resolution, click on Advanced Settings. Click on the Monitor tab. Change the resolution to 32 bit (you'd think it would be under the adapter settings, but THANKS SO MUCH, MICROSOFT!) Now, you can change it to the regular resolution.
So, no virus there. BUT - I STILL can't run combofix. It still freezes at exactly the same place, right when it says it's going to run and then never actually gets to Stage 1.
Any ideas are welcome.
Go to right click Desktop > Screen Resolution, click on Advanced Settings. Click on the Monitor tab. Change the resolution to 32 bit (you'd think it would be under the adapter settings, but THANKS SO MUCH, MICROSOFT!) Now, you can change it to the regular resolution.
So, no virus there. BUT - I STILL can't run combofix. It still freezes at exactly the same place, right when it says it's going to run and then never actually gets to Stage 1.
Any ideas are welcome.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@therealex123 - There may be no viruses now, but there probably were viruses at one point, and it looks like they have permanently corrupted your operating system.
... Thinkpads_User
... Thinkpads_User
try running sfc, or a repair :
http://www.sevenforums.com/tutorials/681-startup-repair.html REPAIR
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html SFC
http://www.sevenforums.com/tutorials/681-startup-repair.html REPAIR
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html SFC
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hopeleonie - I ran kaspersky (I thought I posted that, but I see I didn't). Nothing. I'll try running sfc, as Nobus suggested, if that doesn't work, I'll try your suggestion and remove any additions I have on (at this point, I think I just have an SSD attached.)
Thinkpads_user - why do you say " it looks like they have permanently corrupted your operating system." That's pretty strong. What are you basing that on?
Thanks again.
Thinkpads_user - why do you say " it looks like they have permanently corrupted your operating system." That's pretty strong. What are you basing that on?
Thanks again.
"why do you say" <-- Because I look at lots of machines on a day to day basis. When viruses attack systems and all manner of anti virus is tried without success, then normally the operating system cannot be repaired. My comment is based on years of experience. I am just saying "normally" and "it looks like".
... Thinkpads_User
... Thinkpads_User
ASKER
Nobus - sfc said everything is fine.
Thinkpads_user - I'm guessing then that you didn't actually look at the logs, you're just assuming that 1. I've had a virus in the past (no, I haven't, not since I did a clean install of this system two years ago), 2. my operating system is hopelessly corrupted (no, if it was a number of other errors would show), 3. your "years of experience" lead to you to recommend a nuke and pave if you can't come up with a quick answer. Thanks anyway, but I think I'll troubleshoot this one since the only thing that doesn't work is Combofix.
coral47 - excellent idea. I'll take off any additional hardware (not much there) and see what happens. For all I know, it could be my AD/DA converter! At this point, it's more of a curiosity than a pressing issue, as I no longer have outgoing port attempts and the Safe Mode thing is resolved.
Hopeleonie - I'll boot from another drive that doesn't have any protection on it, just to see what happens. That will definitely take hardware out of the picture if it works.
Thinkpads_user - I'm guessing then that you didn't actually look at the logs, you're just assuming that 1. I've had a virus in the past (no, I haven't, not since I did a clean install of this system two years ago), 2. my operating system is hopelessly corrupted (no, if it was a number of other errors would show), 3. your "years of experience" lead to you to recommend a nuke and pave if you can't come up with a quick answer. Thanks anyway, but I think I'll troubleshoot this one since the only thing that doesn't work is Combofix.
coral47 - excellent idea. I'll take off any additional hardware (not much there) and see what happens. For all I know, it could be my AD/DA converter! At this point, it's more of a curiosity than a pressing issue, as I no longer have outgoing port attempts and the Safe Mode thing is resolved.
Hopeleonie - I'll boot from another drive that doesn't have any protection on it, just to see what happens. That will definitely take hardware out of the picture if it works.
Thank you much. : )
Try the above and let us know. At the stage you are at, you might be in for a fresh install of Windows so keep that in mind.
... Thinkpads_User