| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91539 | 2008-07-10 04:17:00 | Startup problem | KaziStorm (13951) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 687337 | 2008-07-10 04:17:00 | Please help. Everytime I try to startup I get to the screen that says "windows loading" and then it resets itself. via safe mode I've done a couple of system restores yet with no luck, I've also run spybot and adaware and what few spayware packages I've had have been deleted with no success. This is a P4 2.5GHz with 512Mb of RAM running XP Home. Any ideas or if this has happened to anyone else? |
KaziStorm (13951) | ||
| 687338 | 2008-07-10 04:34:00 | What was the last thing you installed, before it kept rebooting? Post a hijackthis log. Boot in safe mode / network option. If you cant boot into windows. Its in my sig below. Put it in its own folder, run it then click on scan the system and save a log. Copy and paste the whole log here |
Speedy Gonzales (78) | ||
| 687339 | 2008-07-10 09:10:00 | have you tried putting the windows cd in and boot it from there, then press R for repair. | mark1978 (13845) | ||
| 687340 | 2008-07-10 11:40:00 | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:50:34 p.m., on 10/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Yahoo2!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\RunOnce: [SpybotDeletingA8802] command /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" O4 - HKLM\..\RunOnce: [SpybotDeletingC3251] cmd /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" O4 - HKLM\..\RunOnce: [SpybotDeletingA4223] command /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC1925] cmd /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ Yahoo! Pager] "C:\Program Files\Yahoo2!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\RunOnce: [SpybotDeletingB3817] command /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" O4 - HKCU\..\RunOnce: [SpybotDeletingD6671] cmd /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" O4 - HKCU\..\RunOnce: [SpybotDeletingB6073] command /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD7670] cmd /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Jigsaw Caboodle\Images\stg_drm.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file://C:\Program Files\Burger Island\Images\stg_drm.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - www.bigfishgames.com O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - www.bigfishgames.com O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - aolsvc.aol.com O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Agatha Christie\Images\armhelper.ocx O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - www.bigfishgames.com O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - www.bigfishgames.com O17 - HKLM\System\CCS\Services\Tcpip\..\{0ADB2109-7AEE-49A1-BF46-9CD5E32C52A7}: NameServer = 202.74.207.10 O17 - HKLM\System\CS1\Services\Tcpip\..\{0ADB2109-7AEE-49A1-BF46-9CD5E32C52A7}: NameServer = 202.74.207.10 O17 - HKLM\System\CS2\Services\Tcpip\..\{0ADB2109-7AEE-49A1-BF46-9CD5E32C52A7}: NameServer = 202.74.207.10 O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Zumie Search Service - Zumie.com - C:\Program Files\Zumie\zumie.exe -- End of file - 8929 bytes Since moving recently, the windows disks and boot disks have all vanished |
KaziStorm (13951) | ||
| 687341 | 2008-07-10 21:12:00 | you got a few bugs in there - 1) Click on Start, Settings, Control Panel 2) Double click on Add/Remove Programs 3) Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts. * My Web Search (Smiley Central or FWP product as applicable) * My Way Speedbar (Smiley Central or other FWP as applicable) * My Way Speedbar (AOL and Yahoo Messengers) (beta users only) * My Way Speedbar (Outlook, Outlook Express, and IncrediMail) * Search Assistant - My Way Next, open My Computer, Drive C, and double-click on the Program Files folder 4) Right-click and delete the folders for: *FunWebProducts * MyWebSearch rerun Hijack this and tick the following then select the option to remove them if they are still there. There are a few things that need updating as well, but get the PC running normal first. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\RunOnce: [SpybotDeletingA8802] command /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" O4 - HKLM\..\RunOnce: [SpybotDeletingC3251] cmd /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" O4 - HKCU\..\RunOnce: [SpybotDeletingB3817] command /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" O4 - HKCU\..\RunOnce: [SpybotDeletingD6671] cmd /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL" O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe (file missing) Download the Trojan remover from Speedys Sig, install / run it. Download the other spyware cleaners from my sig, as well as Ccleaner and run. Download and install / update Spyware Terminator (http://www.spywareterminator.com/) Do another Hijackthis - post it back - if it still wont boot normally then there is more to be done - instructions to follow - one step at a time. |
wainuitech (129) | ||
| 687342 | 2008-07-11 09:19:00 | I've done a couple of system restores yet with no luck, I've also run spybot and adaware and what few spayware packages I've had have been deleted with no success. Spybot. Superantispyware Spyware Terminator. As well as what Speedy has told you. You have to have the latest versions and they have to have their definitions up to date as well, thats the only reason I can see that they didn't clean it out. And do it Safe Mode. And don't use System Restore, you need to turn it off and clear the restore points - all the spyware comes back when you run it. |
pctek (84) | ||
| 1 | |||||