[Cookiegal]

As part of running ComboFix, you installed the recovery console so this should help you.

When booting the computer, you should see an option to boot to the recovery console. Select that option. You have to log on as the Administrator. When prompted type the Administrator password. If the administrator password is blank, just press ENTER.

You should see a prompt for C:\Windows (this is where we enter commands). If ti doesn't say C:\Windows, let me know please.

If it does then at the command prompt type the following (be sure to include the space between the k and the /):

chkdsk /r




Type exit to exit the recovery console and reboot. Let me know how it goes please.

[Goldfinger]

I was really hoping that was gonna work, but I got the same blue screen with error message. It never asked for an administrator password if that helps....It loaded the recovery console and than the blue screen appeared.

[Cookiegal]

Did you get as far as the C:\Windows prompt?

[Cookiegal]

Try disconnecting all hardware except what's necessary.

[Cookiegal]

I just want to let you know that our site is going down for a major upgrade in less than an hour and will be down for at least 24 hours so don't be alarmed if you can't access the site. We may have to continue tomorrow evening.

Did you back up your important data and stuff from the hard drive?

[Goldfinger]

It never allowed me to get to the C\ windows prompt.

I have some stuff backed up, but not some other important stuff. What really angers me is that as late as yesterday I think I could've backed them as well, but didnt think the hard drive was going to be a problem. I was too focused on malware/adware problems.

I just tried disconnecting whatever wasnt needed from computer and it didnt help. HOWEVER, I noticed the fan doesnt turn as fast as it used to and theres a noise that I think is coming from the general area of the power supply. If I'm not getting the right power supply could that cause my current problem?

If its not the power supply, and it is my HD, is all info lost from it forever?

Thanks for heads-up on the site shut down.

[Cookiegal]

A faulty power supply could be the problem causing overheating. Can you try a new one?

If that doesn't solve the problem, it's possible the drive can be slaved to another for the purpose of recovering data.

[Goldfinger]

I dont have another power supply to try. I just looked at it more closely and that may not be the problem. Hard to tell how much power its suppose to put out. Its not overheating.

When the forum gets back online we can discuss how to slaved the HD. I have a place for two HDs so hopefully whatever you mean is possible. Have a good weekend.

[Goldfinger]

In the past several hours I learned some more.....By hitting F12 or maybe it was F2 while booting, I made it to a hardware screen that runs self diagnosis. It did the whole hardware system and kept saying there was a memory problem. The hard drive checked ok. The memory errors were:

System memory Test: MATS

Error code 2F00:0119
MSG: System memory failure. Read 00004000h, expected 00000000h at address 1B7D49E0h. Suspected memory component located on system board at label channel B DIMM 0.

There were 6 errors all the same except the numbers a little different.

Than another 6 errors for each of these system memory tests:
March A test
March B test
March C test
March X test
March Y test
Data line test

All for Channel B Dimm 0 (whatever that means)

Again no hard drive errors. It past all its test.

---------------------------------

Another thing I managed to do was change the boot sequence so it doesnt go into Hard Drive 1st. Now it goes 1st into CD-Rom. I have windows XP installation on CD, and was able to get into System Recovery Console twice (one time I couldnt). You made an earlier post about seeing a C:\Windows prompt. It gave me a C:\> prompt instead. You said to tell you 1st if it was a different prompt. What do I need to tell it for this type of prompt? We were going to try and make it run a scan disk check to hopefully fix whatever wasnt allowing me into normal windows.

Hopefully this will help us.

[JohnWill]

Well, a memory test is BAD news! You MUST fix that or you'll never make any progress. It's telling you that the memory module in channel B slot 0 is bad.

[Goldfinger]

Its definitely a memory problem. I was able to get around it and get back into windows where I backed-up the rest of my important files. If interested I can go into detail which might helps others. I feel my hard drive is fine (at least today)

Theres no need for me to go any further until I get the new memory sticks. The question is what do you want to do about this thread? I will still have some problems once my hardware is fixed. Including the problem you noted in my last hijackthis log and getting my settings/desktop/shortcuts back....Should we close this now and have me start a new one or leave this open so you will have a reference?

No matter what is decided, I want to thank you Cookiegal for once again helping me. Its people like you that make computers safer for people like me.

[Cookiegal]

That's great. A big thanks to JohnWill too.

Once you get your memory fixed up please post back here with a new HijackThis log. The thread will remain open.

[Goldfinger]

Hi

I now have new memory cards. I ran a complete hardware check and everything passes just fine! I can boot into windows. So at least that problem is fixed.

You asked me to run a new hijackthis log, but I dont think it will help at this time. Remember how I keep saying my desktop doesnt have the right icons and my unit settings have changed? This all happened when we were 1st trying to fix my problem(s). During one of several times that I was forced to reboot, it rebooted into a desktop but not mine. What apparently happened is windows created new user accounts. This explains why nothing looks familar to me and why clicking on an icon makes it try to install it as if it was the 1st time....The good new is see my settings/files/shortcuts by way of Explorer Bar folders. The problem is when I log in I go to the wrong account. Originally XP only allows two accounts. In my case its mine (Cliff) and another account (Bob) that never gets used. When my problem happened, for some reason windows created several other accounts. Both start with Cliff, but have other letters added.

I now see:
Administrator
All Users
All Users* * = a square symbol
Cliff
Cliffxxxx
Cliffyyyy
Bob
Owner

(its not really cliffxxxx or cliffyyyy, but you get the idea)

Only Cliff, Bob, All Users and I guess Administrator and maybe Owner should be there? I went to ControlPanel/User account and just see Cliff and Bob so I cant fix it there.

I may have to go into the registry but dont know where. Maybe using system restore and going back would remove those other names? Any ideas?

[Goldfinger]

Heres the latest hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:54 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Cliff.TIGER.000\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_a...Downloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://142.179.159.11:7080/chat/data...ie/msichat.ocx
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7238 bytes

[Cookiegal]

Let's try running the User Profile Hive Cleanup utility:

http://www.microsoft.com/downloads/d...displaylang=en

Let me know how it goes please.