• Still running Windows 7 or earlier? Support for Windows 7 ended on January 14th 2020. Please review the thread here for more details.

[SOLVED] Winload.exe missing

Will by normal mode do you mean when windows starts up properly? I ran these programs in safe mode as its unable to run when windows starts properly.
Right now some problem still crop up. Still unable to shut down the computer and some programs still crash.
 
Hi Hugo459440,

By normal mode I just mean when Windows starts up properly. Let's try a slightly different version of DDS to see if we can get it running.

  • Delete your existing copy, and download a new copy from here. [Link Removed]
  • Run the program, expand the options for dds.txt checklist.
  • Uncheck check MBR
  • Click Scan.

Please post up the log produced in your next reply.
 
Last edited by a moderator:
I believe the program just hangs. Another command prompt, Administrator : D.D.S, appears but it just stops there. On the Task Manager, the memory does not change. Another problem with the computer perhaps?
 
Hi Hugo459440,

Just to confirm: DDS still hangs after using the new version in normal mode, with check MBR unselected? As mentioned previously, the computer seems to have had a lot of issues so a complete reinstall of Windows really would be the best option. I'm happy to suggest a couple more things, but a complete reinstall is your best option. There seem to be multiple issues with the computer, and it may not be possible to fix them all. If you're able to perform a full reinstall, I would strongly recommend you do so. Most OEMs will supply you with new installation media, usually for a small fee. Alternatively, taking the PC to a local technician is another option - most charge a reasonable fee for a complete reinstall, but it'll be a more expensive option.

If you wish to continue, we'll make sure there is no lingering malware on-board the system. As DDS won't run, Combofix may also have problems. Run it in Safe Mode with Networking if it won't run in Normal mode.

---------------------------------------------------------------------------------------------

Try to carry out the next set of instructions using Normal mode. If you cannot, be sure to boot into Safe Mode with Networking

**Read through these instructions in their entirety BEFORE executing them.** If you have any questions or are unsure about any of the following instructions PLEASE ASK for clarification before continuing. You may want to copy this page to notepad or print it as it will not be available while you run ComboFix.

  1. Download ComboFix from the following location:

    [Link Removed]

    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  3. Double click on combofix.exe & follow the prompts.

  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  5. When finished, it shall produce a log for you. Post that log in your next reply


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------

  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
 
Last edited by a moderator:
Ran the program in safe mode. In the midst of running, the programs were stopped. I did not take notice of the name but the first was at stage 5 while the other was when generating the log.

Code: 
ComboFix 13-05-24.01 - cctan 05/21/2013   3:02.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3054.2504 [GMT 8:00]
Running from: c:\users\cctan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\smartdl
c:\program files\smartdl\gunzip.exe
c:\program files\smartdl\status
c:\program files\smartdl\TorrentSearch.exe
c:\program files\smartdl\vfd.exe
c:\programdata\Browise2save
c:\programdata\Browise2save\516803d78685a.tlb
c:\programdata\Browise2save\settings.ini
c:\programdata\ntuser.dat
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-20 to 2013-05-20  )))))))))))))))))))))))))))))))
.
.
2013-05-20 19:15 . 2013-05-20 19:15	--------	d-----w-	c:\users\cctan\AppData\Local\temp
2013-05-20 19:15 . 2013-05-20 19:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-20 11:19 . 2013-05-20 11:32	--------	d-----w-	c:\users\cctan\AppData\Roaming\ImgBurn
2013-05-11 00:30 . 2013-05-19 10:55	--------	d---a-w-	C:\Windows1
2013-05-11 00:30 . 2013-05-11 00:30	268435456	--sha-w-	C:\WinPEpge.sys
2013-05-11 00:30 . 2013-05-11 00:30	--------	d-----w-	C:\$WINDOWS.~LS
2013-05-11 00:30 . 2013-05-11 00:30	--------	d-----w-	C:\$WINDOWS.~BT
2013-05-10 20:47 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-10 20:46 . 2013-05-20 19:15	--------	d-----w-	C:\Program Files
2013-05-10 20:33 . 2013-04-15 14:20	638328	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-10 20:33 . 2013-04-13 10:56	37376	----a-w-	c:\windows\system32\cdd.dll
2013-05-10 20:33 . 2013-04-09 01:36	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-05-10 20:04 . 2013-05-20 19:15	--------	d-----w-	C:\ProgramData
2013-05-01 16:31 . 2013-05-11 08:46	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-01 10:24 . 2013-05-01 10:24	--------	d-----w-	c:\users\cctan\AppData\Roaming\Malwarebytes
2013-05-01 10:19 . 2013-05-11 08:46	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-29 23:15 . 2013-04-29 23:15	--------	d-----w-	c:\users\cctan\AppData\Local\Skillbrains
2013-04-28 23:25 . 2013-04-28 23:25	--------	d-----w-	c:\users\cctan\.thumbnails
2013-04-28 23:17 . 2013-04-28 23:17	--------	d-----w-	c:\users\cctan\AppData\Local\fontconfig
2013-04-28 23:16 . 2013-04-29 23:19	--------	d-----w-	c:\users\cctan\.gimp-2.8
2013-04-28 23:16 . 2013-04-28 23:16	--------	d-----w-	c:\users\cctan\AppData\Local\gegl-0.2
2013-04-22 01:24 . 2013-03-03 19:07	1082232	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-01 18:06 . 2012-07-15 23:05	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-03 21:35 . 2013-04-19 18:38	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-13 23:01 . 2012-07-25 00:49	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-13 23:01 . 2012-07-25 00:49	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-11 13:25 . 2013-04-06 04:05	3603816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-06 04:05	3551080	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-06 04:05	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-06 04:05	64000	----a-w-	c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-06 04:05	376320	----a-w-	c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-06 04:05	2067968	----a-w-	c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightShot"="c:\users\cctan\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2012-11-14 226152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2008-05-24 552960]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-25 6265376]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2007-10-02 77824]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1278064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^cctan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\cctan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2699270265-1284488709-412343003-1000Core.job
- c:\users\cctan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 14:58]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2699270265-1284488709-412343003-1000UA.job
- c:\users\cctan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 14:58]
.
2013-05-20 c:\windows\Tasks\update-S-1-5-21-2699270265-1284488709-412343003-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-04-21 16:26]
.
2013-05-20 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-04-21 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\cctan\AppData\Roaming\Mozilla\Firefox\Profiles\30yrnkfo.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-RandMAC - c:\users\cctan\Downloads\MadMACs1.2\MadMACs\MadMACs.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{A33EDA4F-E2B1-8D7B-80DE-FCCC28FC723C} - c:\progra~2\INSTAL~1\{DFB3F~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-21 03:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-05-21  03:19:53
ComboFix-quarantined-files.txt  2013-05-20 19:19
.
Pre-Run: 209,264,680,960 bytes free
Post-Run: 210,012,172,288 bytes free
.
- - End Of File - - 288E9BA4ABF22CCE98AAC5A64C9FD6E9
 
Ran Combofix again. This time there were these two errors :
Stage 38
Access Denied. Administrator permissions needed to use the selected option. Use administrator command prompt to complete these tasks.
Stage 39
Stage 40...
After that this error :
Dumphive.3XE encountered an unexpected problem. It was closed or stopped or something like that.
New log :

Code: 
ComboFix 13-05-25.02 - cctan 05/21/2013   8:59.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3054.2636 [GMT 8:00]
Running from: c:\users\cctan\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-21 to 2013-05-21  )))))))))))))))))))))))))))))))
.
.
2013-05-21 01:07 . 2013-05-21 01:07	--------	d-----w-	c:\users\cctan\AppData\Local\temp
2013-05-21 01:07 . 2013-05-21 01:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-20 11:19 . 2013-05-20 11:32	--------	d-----w-	c:\users\cctan\AppData\Roaming\ImgBurn
2013-05-11 00:30 . 2013-05-19 10:55	--------	d---a-w-	C:\Windows1
2013-05-11 00:30 . 2013-05-11 00:30	268435456	--sha-w-	C:\WinPEpge.sys
2013-05-11 00:30 . 2013-05-11 00:30	--------	d-----w-	C:\$WINDOWS.~LS
2013-05-11 00:30 . 2013-05-11 00:30	--------	d-----w-	C:\$WINDOWS.~BT
2013-05-10 20:47 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-10 20:46 . 2013-05-20 21:42	--------	d-----w-	C:\Program Files
2013-05-10 20:33 . 2013-04-15 14:20	638328	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-10 20:33 . 2013-04-13 10:56	37376	----a-w-	c:\windows\system32\cdd.dll
2013-05-10 20:33 . 2013-04-09 01:36	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-05-10 20:04 . 2013-05-20 19:15	--------	d-----w-	C:\ProgramData
2013-05-01 16:31 . 2013-05-11 08:46	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-01 10:24 . 2013-05-01 10:24	--------	d-----w-	c:\users\cctan\AppData\Roaming\Malwarebytes
2013-05-01 10:19 . 2013-05-11 08:46	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-29 23:15 . 2013-04-29 23:15	--------	d-----w-	c:\users\cctan\AppData\Local\Skillbrains
2013-04-28 23:25 . 2013-04-28 23:25	--------	d-----w-	c:\users\cctan\.thumbnails
2013-04-28 23:17 . 2013-04-28 23:17	--------	d-----w-	c:\users\cctan\AppData\Local\fontconfig
2013-04-28 23:16 . 2013-04-29 23:19	--------	d-----w-	c:\users\cctan\.gimp-2.8
2013-04-28 23:16 . 2013-04-28 23:16	--------	d-----w-	c:\users\cctan\AppData\Local\gegl-0.2
2013-04-22 01:24 . 2013-03-03 19:07	1082232	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-01 18:06 . 2012-07-15 23:05	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-03 21:35 . 2013-04-19 18:38	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-13 23:01 . 2012-07-25 00:49	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-13 23:01 . 2012-07-25 00:49	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-11 13:25 . 2013-04-06 04:05	3603816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-06 04:05	3551080	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-06 04:05	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-06 04:05	64000	----a-w-	c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-06 04:05	376320	----a-w-	c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-06 04:05	2067968	----a-w-	c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2008-05-24 552960]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-25 6265376]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2007-10-02 77824]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1278064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^cctan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\cctan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot]
2012-11-14 13:23	226152	----a-w-	c:\users\cctan\AppData\Local\Skillbrains\lightshot\LightShot.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2699270265-1284488709-412343003-1000Core.job
- c:\users\cctan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 14:58]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2699270265-1284488709-412343003-1000UA.job
- c:\users\cctan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 14:58]
.
2013-05-20 c:\windows\Tasks\update-S-1-5-21-2699270265-1284488709-412343003-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-04-21 16:26]
.
2013-05-20 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2013-04-21 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\cctan\AppData\Roaming\Mozilla\Firefox\Profiles\30yrnkfo.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-21 09:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-05-21  09:10:10
ComboFix-quarantined-files.txt  2013-05-21 01:10
ComboFix2.txt  2013-05-20 19:19
.
Pre-Run: 211,015,200,768 bytes free
Post-Run: 210,917,646,336 bytes free
.
- - End Of File - - 1774FCCA43EC53B39329DF6506857F6D
 
What happens when you try and shut down the computer? Do you get any particular error message when programs crash? What's happening exactly? You also mentioned earlier that the winload.exe problem resulted when you tried a system restore - did you restore to the earliest point on your system? Are there other restore points available?
 
Hello :)

I'm here to take a look at some of your SFC corruptions whilst Will finishes off a few last other things.

Can you please re-run sfc /scannow and post a new copy of C:\Windows\Logs\CBS folder?

Thank you!

Richard
 
Will. As of now the computer is unable to shut down. It can get past the logging off screen but stops at the shutting down screen.
When programs crash they usually just hang, the worst being the whole computer hanging. I also noticed that when I close some programs, like chrome, the process still shows on the Task Manager, except that the memory stays the same.
I checked and there are no other restore points.
Just to highlight. I have an autoexec.bat file that I think belongs in System32. Also, When the computer boots onto the desktop, a windows installer shows. It asks for a XP professional installation disc but disappears by itself.
 
Niemero, I ran sfc a few time but I'm not sure if the errors are fixed as I had to force shut down the computer. I does say that there are corrupt files.
 
Last edited by a moderator:
Hi Hugo459440,

Apologies for the delay. I've been looking into it, but unfortunately at this stage I think the only option is a clean reinstall of Windows Vista. There are still numerous errors with your machine, the CBS log indicates a large number of Windows files are corrupted and unable to fix themselves. I'm also not sure why Vista would be asking for a Windows XP installation disc - some XP files must have been copied onto the system at some stage which is now causing issues. Unfortunately other than the Winload.exe error itself, we've made little progress with fixes.

Your best option now is to try and get hold of a Windows Vista installation disc, and perform a complete reformat and then a reinstall. Alternatively, if you're unable to get hold of a Vista disc, you may want to try a free Linux distro such as Ubuntu or Linux Mint as an alternative. Depending on what you use the computer for, these may be a suitable alternative - however, be aware that many Windows specific programs will not work on a Linux distro. However, I don't believe we're close to getting the existing copy of Vista back into a usable state. Unfortunately too much has been damaged for us to easily repair the system.
 
I feared ut would cone to this. There were updates today and there was a Windows XP service pack update. Seems that the two systems got mixed up somehow or rather. When doing a clean install, all memory will be wiped out? So I presume a backup will be nessecary?
 
You'll need to backup any personal files that are still on the computer - photos, documents etc. Anything that you want to keep that's currently stored on the machine. As for programs, it's best to reinstall those from scratch - you won't need to back up any program files. The only exception to that are settings/saves from programs you want to keep, e.g. game saves or program files that you want to keep, although I don't anything like that on the PC.

Once you've backed up all your data, and are ready to reinstall, you should make sure you completely reformat the drive. This will completely wipe all data on the drive, so make sure you've saved everything you need first. Once that's done, you can reinstall the OS using an installation disc. Bear in mind the disc we previously made was simply a repair disc, and can't be used to perform a full reinstall.
 
Will. I finally got hold of a CD and did a clean restore. The computer works fine now!!! I did a sfcscan and some errors popped up so I think there may be a harddisk problem, but won't fix that till its really serious. Thx so much for helping me. I'm sure I took up loads of your time. :P

P.S Could u help me look through the CBS log? Just in case there are any recurring problems? I won't press you to look at it cause I'm sure i'm being a pain.
 
Hugo459440 said:
Will. I finally got hold of a CD and did a clean restore. The computer works fine now!!! I did a sfcscan and some errors popped up so I think there may be a harddisk problem, but won't fix that till its really serious. Thx so much for helping me. I'm sure I took up loads of your time. :P

P.S Could u help me look through the CBS log? Just in case there are any recurring problems? I won't press you to look at it cause I'm sure i'm being a pain.
Click to expand...

Please upload it and I'll take a look :)

However, I doubt it's anything serious. There several lots of reasons why SFC reports corruptions straight after a Clean Install, and the large majority of them are completely benign. I'll take a quick look to be sure though :)

Richard
 
Back
Top