Strange Window on XP Startup

[Calibos01]

Hello, everyone.

I'm hoping someone might be able to help me with a problem I'm having when I startup my PC.

After the screen with the windows logo and 3 scrolling bars, but before the actual Welcome screen, I get a window that pops up. The title is some jibberish that sometimes ends in a file name, but the file name differs each time. Inside the window will be 3 or so jibberish characters and there's an "OK" button at the bottom. I have to click on "OK" before I can get to the welcome screen. This happens in both safe mode and normal. I've run Norton, Ad-Aware SE Plus, Crap-Cleaner...no problems seem to ever be found.

The "jibberish" characters that appear aren't always the same either. Sometimes they are Chinese characters and sometimes they are the suites from a deck of cards. Very strange. I've spent probably 5 hours searching google and specific forums for anything like this and I can't find anything.

If someone here knows what the problem might be or knows how I can find out what goes on during XP startup, that would be great. Thanks in advance!

J

 

[gbhall]

Try http://housecall.trendmicro.com/ don't trust Norton anti-virus, it is pretty poor.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go and read this thread HERE and post a HJT log as an attachment into this thread.

Regards Howard :wave: :wave:

 

[Calibos01]

Thanks for the quick responses. I've attached a log from HJT.

 

[howard_hopkinso]

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

MyWaySA
SrchAsDe

Close control panel.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.myway.com/jsp/cfg_redir2.jsp?id=DE&psa=VKzoypxOEQkbII65IhAEDw&ur l=http://search.myway.com/search/AJmain.jhtml&st=kwd&ptnrS=DE&PG=SEASUSH&SEC=ABM ANY&searchfor=%3f%3f%3f%07%3f%0c%03S%3f%3f%3f%03%3f%3f%3f%07%3f%3f%3f%03

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

O2 - BHO: (no name) - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\MyWaySA<Delete the entire folder.

Post a fresh HJT log and let us know if you`re still having problems.

Regards Howard

 

[Calibos01]

Hello again. Thanks for the suggestions. I still have the window.

MyWay Search Assistant was in the control panel so I removed it. The other program wasn't there.

I used HJT to remove a couple of the registry values that you listed (not all were there).

I deleted the folder.

When I rebooted, the window was there and I was able to use my camera to take a picture of it. I think you'll be able to make out the file it shows. As I said before, it's not always the same file and sometimes it doesn't even show a file.

I also ran CrapCleaner a couple times to make sure everything related to MyWaySA was removed. There were a couple more registry values that it found and removed. The window still shows up though.

I gotta say, even though the window is still there, I'm impressed with your knowledge. All I see are a bunch of letters and numbers.

PS: I had to invert the colors in Paint to meet the file size on the picture, but you can still make it out.

Thanks again for your help.

 

[AlbertLionheart]

You could try a selective startup:
Start>run msconfig
go to startup and disable all. Reboot. If the problem has gone it is one of the files you have disabled.
If it is still there, leave that lot disabled and go to the Services tab. Click hide all microsoft services and disable what is left. Reboot. If that clears it you know where it is and is again a simple process of elimination.
Ooops - sorry - when you have found it, you should re-enable the various items again and reboot

 

[howard_hopkinso]

Your HJT log is clean. However, something is obviously wrong.

Go HERE and follow the instructions for AVG Antispyware and Combofix. Instructions can be found in step6, step12 and step14.

Post the AVG Antispyware log as well as a Combofix log.

Regards Howard