| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 104201 | 2009-10-19 23:18:00 | What do these symptoms suggest? | nofam (9009) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 822198 | 2009-10-19 23:18:00 | Brother's PC (XP Pro SP2) boots to the welcome screen, and then just reboots (no error messages), in an endless loop. Boots into safe mode fine, and he's run a CHKDSK /R ??? |
nofam (9009) | ||
| 822199 | 2009-10-19 23:23:00 | No BSOD nothing?? Hmm boot into safe mode and right click the 'my computer' in start menu and select manage. Now go to event viewer and click the + Then click on system and look at the ones with warnings (Yellow) and System errors (red), anything? let us know!:) |
Silver_Blade (10144) | ||
| 822200 | 2009-10-19 23:27:00 | Probably has the flu. :) |
Trev (427) | ||
| 822201 | 2009-10-19 23:40:00 | Driver issue!....thats why it boots into safe mode ok | SolMiester (139) | ||
| 822202 | 2009-10-19 23:47:00 | reboots in an endless loop. Turn off automatically restart and it will BSOD. |
pctek (84) | ||
| 822203 | 2009-10-19 23:47:00 | Hmm are you using ATI Tool? (loads of known problems with this driver and win vista/7), if not then just open the device manager and check for any conflicting/bad drivers. | Silver_Blade (10144) | ||
| 822204 | 2009-10-20 00:59:00 | Yea, definetly a driver issue. Have had lots of issues with ATI drivers before...try letting WU search for them rather than using ATI's ones. |
Blam (54) | ||
| 822205 | 2009-10-20 01:10:00 | Thanks all - haven't seen it in the flesh yet, but have asked him to send ma a HJT log to post here. :thumbs: Edit: Here's the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:08:56 p.m., on 20/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xtra.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = nz.search.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutorunsDisabled O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://ptcnztbc.tcnz.motive.com O15 - Trusted Zone: http://www.telecom.co.nz O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\DOCUME~1\Greg\LOCALS~1\Temp\452335kou.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 4324 bytes |
nofam (9009) | ||
| 822206 | 2009-10-20 02:00:00 | Disable system restore, boot into safe mode, then tick these then tick fix checked Close browsers Uninstall all versions of java then update it. Its out of date 04 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - Global Startup: AutorunsDisabled O9 - Extra button: (no name) - AutorunsDisabled - (no file) Delete this file, after you tick this O20 - AppInit_DLLs: C:\DOCUME~1\Greg\LOCALS~1\Temp\452335kou.dll Then install trojan remover / update it then scan. Select all options under the utilities menu |
Speedy Gonzales (78) | ||
| 1 | |||||