Trouble booting in XP

[KnightRiderX]

Can someone please help me with my problem. As of now, I am posting this in Windows Vista Beta 2 because I cannot do it in XP. Everytime I boot up in XP, just a couple minutes of logging on, My computer restarts by itself. Sometimes, a BSOD shows up with the STOP msg of 0x0000007F (0x00000008, 0x80042000.....). Now before it started happening and even now, whenever I boot up in XP, Norton tells me that there is a program that is trying to takeover and then prompts me to restart the computer. Now when I boot into XP, before my comp restarts, I notice that some programs have been uninstalled and some shortcuts on the desktop are missing (not pertaining to the uninstalled programs). I've tried many malware scans in safe mode and in Vista but have not been able to do it in XP. Before, when I was able to do the scans in XP, at the same time that Norton kept telling me that a program was trying to takeover my comp, my scans kept coming up clean. I have attached my HijackThis log that I did in Vista. I don't know if it will help or not.

 

[howard_hopkinso]

Hello and welcome to Techspot.

This could prove difficult to solve, without having to reformat the hard drive. Let`s see what we can do.

Try and run your computer with XP in safe mode with networking, then follow the instructions below. Whatever is affecting your XP installation, isn`t affecting the Vista beta. We really need a HJT log from XP.

Go HERE and follow as many of the instructions as you can.

Post a fresh HJT log into this thread, only after doing the above.

Regards Howard :wave: :wave:

 

[KnightRiderX]

Ok here is my new HJT done in XP Safe Mode.

 

[sw123]

I think it looks clean. I'll bet it's a problem with hardware.

 

[howard_hopkinso]

You are running more than one antivirus programme. This is not recommended and can cause problems conflicts. Uninstall Symantec/Norton and all other antivirus programmes. No wonder your system is acting strange. keep the free AVG.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there). You will need to reboot your system after every uninstall.

Active Security Monitor
PC Tools AntiVirus
Softwin\BitDefender9
Symantec/Norton

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

XCEWE
VSSERV
XCOMM
bdss


Close the services window.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ASMonitor.exe
PCTAVSvc.exe
vsserv.exe
XCEWE.exe
bdss.exe
livesrv.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)

O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: CEFYGVFL - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CEFYGVFL.exe (file missing)

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Common Files\Softwin
C:\Program Files\PC Tools AntiVirus
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CEFYGVFL.exe

Reboot into normal mode and turn system restore back on, if you can and post a fresh HJT log.


Regards Howard

 

[howard_hopkinso]

I think it looks clean. I'll bet it's a problem with hardware.

I think it`s a problem with running god knows how many antivirus programmes. 4 to be precise. This is quite likely to cause driver conflicts.

Regards Howard

 

[KnightRiderX]

Ok, another problem has just risen. I was able to boot into XP without the comp shutting off by itself after doing most of what u told me to do. I couldn't uninstall the BitDefender and Norton since they require Windows Installer to uninstall and I couldn't run Windows Installer in Safe Mode. when I got in Normal mode and tried to uninstall BitDeffender, it told me that there was a file(s) missing so it couldn't uninstall it. I figured that the missing file(s) was in the folder in the C:\Program Files\Common Files that I had sent to the recycling bin in Safe Mode. I decided to reboot back in safe mode and the computer prompted me that the comp had downloaded updates and that if I wanted to install them, I should just click the Turn off button. I didn't not realize it until it was too late that I had clicked the option of turning it off without installing the updates. after my comp had shut down, i turned it back on and booted into Safe Mode but whenever its in the loading stage, the comp shuts down and restarts again. I tried in Normal mode and it happened again. So now i'm back on Vista and unable to get into XP.

 

[howard_hopkinso]

Try booting into the last known good config and see if that helps.

If not, maybe a Windows repair as per this thread HERE will help.

Regards Howard

 

[KnightRiderX]

OK I had to repair my Windows. This is my HJT log after repairing it. I have another problem now. After reparing my Windows, I can't get into Vista anymore. It doesn't give me the option of choosing which OS to boot in anymore. I still have the Vista partition in tact and haven't changed anything. What I'm I supposed to do.

 

[howard_hopkinso]

Have HJT fix the following entries.

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - (no file)

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)

Other than the above, your HJT log is clean.

I can`t help you with your Vista problem, as I know absolutely nothing about it.

Maybe you should open a new thread for that, in our Windows OS forum.

Regards Howard

This thread is for the use of KnightRiderX only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[KnightRiderX]

Thnx Howard. Also, everytime I fix these,

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)

they still keep coming up after each scan. I'll fix the protocol one now. I just have one more problem. Although I have uninstalled Norton, whenever I boot up, the message that tells me that a program is trying to takeover my computer still shows up. The message says

"
Some Symantec product settings have been changed by an unauthorized program. This can indicate that an attacker or a virus is attempting to disable your protection.

To avoid problems, settings will be reverted to the previous configuration and your system will be restarted. Click OK to continue.

Click here to go to Symantec Technical Support Knowledge Base...

1004,1
"

 

[howard_hopkinso]

Symantec/Norton is utter crap. the best advice I can give you is to get rid of it altogether.

Download the free AVG and either the free Zonealarm or the free Kerio firewall programms. Just Google for these.

Disconnect frrom the net and completely uninstall Symantec/Norton from add remove programmes. You may neede to do this in several pieces, rebooting inbetween. Once it`s gone, install whichever firewall you chose, followed by AVG. Reboot the required number of times and run the AVG updates. Boot into safe mode and turn system restore off. Run a full system scan with AVG. Delete whatever it finds. reboot into normal mode and turn system restore back on.

Don`t worry about those entries that keep coming back in your HJT log. They are harmless anyway.

Regards Howard

This thread is for the use of KnightRiderX only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[KnightRiderX]

Thnx a lot for all your help, Howard.