Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer booting problem


  • Please log in to reply
14 replies to this topic

#1 yurec

yurec

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 22 March 2009 - 02:15 PM

For quite some time, my computer is having trouble booting up. I switch on the power and it will remain at black screen.
Sometimes it will load up to windows loading screen or all the way after login of user account and suddenly die on itself and remain at black screen.
Sometimes though, it works all right (like now) What's is wrong with my computer?


I just tried to defrag it and i also got this message
C:\WINDOWS\system32\dfrg.msc
Access is denied.

I tried chkdsk and it reports error but chkdsk /f will not fix it due the volume being in used by another process.
I would schedule it on the next restart but it never fixes the volume.
Please reply, and specify the information you need and I will try my best to provide


This is a 512 RAM Windows XP.
I have AVG and Norton 360

Edited by yurec, 22 March 2009 - 02:22 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 AM

Posted 22 March 2009 - 02:30 PM

Hi well while you're here let's get a scan log.

Next run MBAM:
Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 yurec

yurec
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 23 March 2009 - 04:34 AM

Malwarebytes' Anti-Malware 1.34
Database version: 1887
Windows 5.1.2600 Service Pack 2

3/23/2009 5:24:10 PM
mbam-log-2009-03-23 (17-24-09).txt

Scan type: Full Scan (C:\|J:\|)
Objects scanned: 100763
Time elapsed: 46 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ec22e79c-7702-4c38-9691-c139d6c359c9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


That is my log.

Disk defragmenter is still denied access

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 AM

Posted 23 March 2009 - 05:09 AM

It looks like you have a conflict from running duplicate resident ant-virus protection?
Chewy

No. Try not. Do... or do not. There is no try.

#5 yurec

yurec
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 26 March 2009 - 10:57 PM

So I just need to disable/uninstall one of the anti virus ? AVG/Norton?

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 AM

Posted 26 March 2009 - 11:03 PM

That's where I would start, it may be too late, as conflicts will interfer with malware removal.

Having 2 antivirus programs running resident protection is never good.
Chewy

No. Try not. Do... or do not. There is no try.

#7 yurec

yurec
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 27 March 2009 - 06:10 AM

so I remove one of the anti virus and do a malware check again? or?

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 AM

Posted 27 March 2009 - 06:22 AM

Do you have a subscription to 360(paid)?
Chewy

No. Try not. Do... or do not. There is no try.

#9 yurec

yurec
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 27 March 2009 - 08:09 AM

its in need of renewal now. IS norton 360 any good at all? Have no clue to whether i should renew it or no

#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 AM

Posted 27 March 2009 - 09:30 AM

I would suggest trying to uninstall AVG and then disable 360 till we get to the bottom of your current problems

It's your decision, I could reccomend better programs but you have too many installed already
Chewy

No. Try not. Do... or do not. There is no try.

#11 yurec

yurec
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 30 March 2009 - 04:28 AM

Okay My norton is removed as the renewal is up. Uninstall AVG and ran this scan.

Malwarebytes' Anti-Malware 1.35
Database version: 1917
Windows 5.1.2600 Service Pack 2

3/30/2009 5:26:44 PM
mbam-log-2009-03-30 (17-26-44).txt

Scan type: Full Scan (C:\|J:\|)
Objects scanned: 99917
Time elapsed: 14 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I still suffer from booting problem.
and my access to my disk defragmentor is still denied.

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 AM

Posted 30 March 2009 - 06:44 AM

Download processexplorer

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Run it on the infected computer, under File and save as, I would like you to paste the contents of that report into a reply here
Chewy

No. Try not. Do... or do not. There is no try.

#13 yurec

yurec
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 31 March 2009 - 06:08 AM

Here is the save file

Process PID CPU Description Company Name
System Idle Process 0 93.89
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 1.11
smss.exe 524 Windows NT Session Manager Microsoft Corporation
csrss.exe 576 Client Server Runtime Process Microsoft Corporation
winlogon.exe 608 Windows NT Logon Application Microsoft Corporation
services.exe 652 0.56 Services and Controller app Microsoft Corporation
ati2evxx.exe 820 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 848 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 908 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 972 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 4032 Windows Update Automatic Updates Microsoft Corporation
svchost.exe 1012 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1064 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1128 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1316 Spooler SubSystem App Microsoft Corporation
avgwdsvc.exe 1900 AVG Watchdog Service AVG Technologies CZ, s.r.o.
avgrsx.exe 432 0.56 AVG Resident Shield Service AVG Technologies CZ, s.r.o.
avgnsx.exe 452 AVG Network scanner Service AVG Technologies CZ, s.r.o.
svchost.exe 1976 Generic Host Process for Win32 Services Microsoft Corporation
avgemc.exe 424 AVG E-Mail Scanner AVG Technologies CZ, s.r.o.
avgcsrvx.exe 2052 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
alg.exe 2744 Application Layer Gateway Service Microsoft Corporation
usnsvc.exe 3340 Messenger Sharing USN Journal Reader Service Microsoft Corporation
lsass.exe 664 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 1220 ATI External Event Utility EXE Module ATI Technologies Inc.
explorer.exe 1744 Windows Explorer Microsoft Corporation
jusched.exe 168 Java™ Platform SE binary Sun Microsystems, Inc.
jucheck.exe 3168 Java™ Update Checker Sun Microsystems, Inc.
atiptaxx.exe 196 ATI Desktop Control Panel ATI Technologies, Inc.
RTHDCPL.exe 352 Realtek HD Audio Control Panel Realtek Semiconductor Corp.
SoundMan.exe 548 Realtek Sound Manager Realtek Semiconductor Corp.
realsched.exe 1400 RealNetworks Scheduler RealNetworks, Inc.
avgtray.exe 1536 AVG Tray Monitor AVG Technologies CZ, s.r.o.
ctfmon.exe 1592 CTF Loader Microsoft Corporation
OctoshapeClient.exe 1632 Main program for Octoshape client Octoshape ApS
msnmsgr.exe 1408 Windows Live Messenger Microsoft Corporation
daemon.exe 1868 DAEMON Tools Lite DT Soft Ltd
SPUVolumeWatcher.exe 2244 Media Check Tool Sony Corporation
firefox.exe 3008 2.78 Firefox Mozilla Corporation
WinRAR.exe 4024 WinRAR archiver Alexander Roshal
procexp.exe 2728 1.11 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

I reinstall AVG after malware scan because i was lacking a firewall. If you need it uninstall, please tell me so

Edited by yurec, 31 March 2009 - 06:09 AM.


#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 AM

Posted 31 March 2009 - 07:36 AM

http://service1.symantec.com/Support/tsgen...005033108162039

I would now reccomend running the special norton's uninstaller
Chewy

No. Try not. Do... or do not. There is no try.

#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 AM

Posted 31 March 2009 - 07:42 AM

Next I would apply this upgrade for SP2 and see if it repairs Microsoft Management Console

http://www.microsoft.com/downloads/details...;displaylang=en
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users