Inactive Win XP Clean Up

[oli8925]

Hi all.

I've used your virus and malware removal guide for a few pcs now and it's been excellent, so thanks a lot!

The latest one I'm trying to clean up is a laptop running Win XP Home, I have got to step 4 and downloaded GMER. I have disabled all real time protection programs and disconnected from the internet just as the guide says.

When I then run GMER it loads for a split second and comes up with a blue error screen.

The error it gives is

PAGE_FAULT_IN_NON PAGED_AREA

Tech Info:
*** STOP: 0x00000050 (0xFECE3000, 0x00000001, 0x8053A5E3, 0x00000000)

I also can't find anyway to enter safe mode, it doesn't seem to give the option on startup. Any help much appreciated.

Thanks,
Oli

 

[Bobbye]

Welcome back! I'll help you get going:

First:

I have got to step 4 and downloaded GMER. I have disabled all real time protection programs and disconnected from the internet just as the guide says.

Edit for the following suggestions:
The suggestions for GMER are:
1. Disable Devices>>>and/or
2. Run GMER in Safe Mode: once you have GMER saved to the deskto, reboot as follows, then try the scan:
Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

If you don't have success either way, please finish the steps and paste in the log from Mbam and the 2 logs for DDS.

Please enable to security programs again. We don't do that routinely any more and neither is required for these preliminary scans. Be sure you are working from the current Updated Thread.

Edit: Sorry about that. I did the recent update on the thread and knew I hadn't put in the disconnect/disable instructions. However, I do note it has been added. I was not aware of this. It may be that it was found the scans were being a problem.

 

[oli8925]

Finally got the option to start up in safe mode and got GMER to run, but it didn't do what the guide says it should have done. It performed the initial quick scan on start up and went to a results page, but there was no option to scan, or save a log. Only OK and cancel, both of which terminated the program.

I still can't find how to restart in safe mode either.

Here is the MBAM log...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6414

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/04/2011 19:09:39
mbam-log-2011-04-21 (19-09-39).txt

Scan type: Quick scan
Objects scanned: 166413
Time elapsed: 9 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Bobbye]

Please don't put the logs in a quote box. That takes a lot of screen room away. Just paste the log in the post.

I still can't find how to restart in safe mode either.

I don't think you're understanding about Safe Mode> these scans aren't going to give you a choice of running in Safe Mode or Normal Mode! You download the program and save it to you desktop.
Then you restart the computer as follows
Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

=======================================
NOTE: Safe Mode was only for GMER. Please just omit GMER for now. Run DDS in Normal Mode[/b[ and leave the 2 logs: DDS.txt and Attach.txt (don't zip the 2nd log) in your next reply.