Boot Problem

Home » Windows Support » General Windows Support » Boot Problem

Boot Problem

Rate Topic

Display Mode

Topic Options

Author

Message

Blue Silverado

Posted 6/4/2008 5:13 PM

New Member

Group: Forum Members
Last Login: 6/15/2008 8:33 AM
Posts: 19, Visits: 100

I am having problems with gettin my system to boot. It will only allow me to boot in safe mode, where should I start at looking in to the problem? Thank you to everyone in advance, maybe I have a software conflict or something?

Don't take life too seriously; No one gets out alive.

Post #240541

RichieUK

Posted 6/5/2008 1:23 AM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,357, Visits: 54,734

What's changed from when your pc booted normally,have you installed/uninstalled any software/hardware.
Have you tried System Restore in Safe Mode,restoring back to before this issue started.
Boot into 'Safe Mode with Command Prompt'.
At the prompt type:
%systemroot%\system32\restore\rstrui.exe then press Enter.

If you have the Microsoft Windows XP installation disk,with the install disk in the cd-rom drive,boot to the Recovery Console.
At the prompt type FIXBOOT then press Enter.
Then type FIXMBR then press Enter.
Ignore any warnings.
Type EXIT press Enter once more'
Restart your pc.

Reboot into 'Safe Mode with Networking'.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program/system to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

________________________________________

ASAP & UNITE member since 2006

Post #240555

Blue Silverado

Posted 6/5/2008 7:13 AM

New Member

Group: Forum Members
Last Login: 6/15/2008 8:33 AM
Posts: 19, Visits: 100

When I try running the recovery console, I get prompted for an administrator password, but I dont have one?? Is there a default password that I need?

Don't take life too seriously; No one gets out alive.

Post #240574

RichieUK

Posted 6/5/2008 7:24 AM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,357, Visits: 54,734

If you definitely have never set an admin password,just press Enter when prompted to enter your password.

If you have set a password but you've forgotten it,try this:
Forgot your Windows NT/2k/XP/Vista admin password?:
http://home.eunet.no/~pnordahl/ntpasswd/

If still no joy,and you have the Microsoft Windows XP installation disk try doing a Repair Install.
Configure your computer to start from the CD-ROM drive.
[Boot into the Bios and set your CD-Rom drive as first boot device].
For more information about how to do this,refer to your computer's documentation or contact your computer manufacturer.
Then insert your Microsoft Windows XP Setup CD,and restart your computer.
When the 'Press any key to boot from CD' message is displayed on screen, press a key.
Press ENTER when you see the message to setup Windows XP now, and then press ENTER displayed on the 'Welcome to Setup' screen.
Do not choose the option to press R to use the Recovery Console.
In the Windows XP Licensing Agreement, press F8 to agree to the license agreement.
Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.
Follow the instructions on the screen to complete Setup.

________________________________________

ASAP & UNITE member since 2006

Post #240576

Blue Silverado

Posted 6/5/2008 7:51 AM

New Member

Group: Forum Members
Last Login: 6/15/2008 8:33 AM
Posts: 19, Visits: 100

Ritchie, here is my ComboFix Log...

ComboFix 08-06-04.5 - Kev 2008-06-05 8:41:17.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1265 [GMT -4:00]
Running from: C:\Documents and Settings\Kev.HOLCOMB1\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 08:04 . 2008-06-05 08:04 <DIR> d-------- C:\Program Files\CCleaner
2008-06-05 08:03 . 2008-06-05 08:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-06-05 08:03 . 2008-06-05 08:03 <DIR> d-------- C:\Documents and Settings\Kev.HOLCOMB1\Application Data\Yahoo!
2008-06-05 08:03 . 2008-06-05 08:03 <DIR> d-------- C:\Documents and Settings\Kellie\Application Data\AVG7
2008-06-05 08:03 . 2008-06-05 08:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-04 17:23 . 2008-06-04 01:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-04 17:23 . 2008-06-05 07:54 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-03 15:46 . 2008-06-05 08:03 <DIR> d---s---- C:\Documents and Settings\Kev.HOLCOMB1\UserData
2008-06-03 15:43 . 2008-06-03 15:43 <DIR> d-------- C:\Documents and Settings\Kev.HOLCOMB1\Application Data\SUPERAntiSpyware.com
2008-06-03 15:37 . 2008-06-05 07:55 <DIR> d-------- C:\Documents and Settings\Kev.HOLCOMB1
2008-06-03 15:36 . 2008-06-03 15:36 0 --a------ C:\WINDOWS\vpc32.INI
2008-06-03 15:30 . 2008-06-03 15:30 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-03 15:30 . 2008-06-03 15:30 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-03 15:30 . 2008-06-03 15:30 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-03 15:30 . 2008-06-03 15:30 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-03 15:29 . 2008-06-05 08:03 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-06-03 15:29 . 2008-06-05 08:03 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-03 15:29 . 2008-06-05 08:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-03 10:36 . 2008-06-05 08:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-06-03 10:01 . 2008-06-03 10:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-03 10:01 . 2008-06-05 07:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 09:48 . 2008-06-05 07:59 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-03 09:42 . 2008-06-03 09:42 <DIR> d-------- C:\Documents and Settings\Kev\Application Data\SUPERAntiSpyware.com
2008-06-03 09:12 . 2008-06-05 08:03 <DIR> d-------- C:\Documents and Settings\Kev\UserData
2008-06-03 08:51 . 2008-06-05 08:03 <DIR> d---s---- C:\Documents and Settings\Kev
2008-06-03 08:24 . 2008-06-03 08:24 0 --a------ C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2008-06-03 08:22 . 2008-06-05 08:03 <DIR> d-------- C:\Program Files\Symantec AntiVirus(2)
2008-06-03 08:22 . 2008-06-05 07:59 <DIR> d-------- C:\Program Files\Symantec
2008-06-03 08:22 . 2008-06-05 08:03 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared(2)
2008-06-03 08:22 . 2008-06-05 08:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec(2)
2008-06-02 23:33 . 2008-06-02 23:33 241,664 --a------ C:\WINDOWS\system32\config\systemprofile\NTUSER(3).DAT
2008-06-01 01:09 . 2008-06-01 01:09 268 --ah----- C:\sqmdata00.sqm
2008-06-01 01:09 . 2008-06-01 01:09 244 --ah----- C:\sqmnoopt00.sqm
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-13 16:33 . 2008-05-13 16:33 <DIR> d-------- C:\Program Files\Firefly Studios
2008-05-13 14:40 . 2008-06-05 08:01 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 11:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-02 22:28 --------- d-----w C:\Documents and Settings\Kellie\Application Data\OpenOffice.org2
2008-05-13 20:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 17:55 --------- d-----w C:\Program Files\Yahoo! Games
2008-05-03 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-05-02 23:30 --------- d-----w C:\Program Files\Sony
2008-05-02 23:27 --------- d-----w C:\Documents and Settings\Kellie\Application Data\Sony Corporation
2008-04-29 16:45 --------- d-----w C:\Program Files\iTunes
2008-04-29 16:45 --------- d-----w C:\Documents and Settings\Kellie\Application Data\Apple Computer
2008-04-29 16:44 --------- d-----w C:\Program Files\QuickTime
2008-04-29 16:44 --------- d-----w C:\Program Files\iPod
2008-04-29 16:44 --------- d-----w C:\Program Files\Bonjour
2008-04-29 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-29 16:42 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-29 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 21:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-26 18:43 --------- d-----w C:\Program Files\RACE 07 Offline
2008-04-26 18:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-26 18:20 --------- d-----w C:\Program Files\RACE 07
2008-04-26 00:17 --------- d-----w C:\Program Files\Google
2008-04-21 07:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-20 16:24 192,512 ----a-w C:\WINDOWS\system32\UAService7.exe
2008-04-20 16:24 --------- d--h--r C:\Documents and Settings\Kellie\Application Data\SecuROM
2008-04-20 16:20 --------- d-----w C:\Program Files\Codemasters
2008-04-19 19:49 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-19 19:49 --------- d-----w C:\Program Files\Windows Live
2008-04-19 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-12 21:48 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-04-12 21:47 --------- d-----w C:\Program Files\Java
2008-04-12 21:26 --------- d-----w C:\Program Files\HP
2008-04-12 21:25 --------- d-----w C:\Program Files\Common Files\HP
2008-04-12 21:24 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-12 21:23 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-04-12 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-12 15:47 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-04-12 15:47 --------- d-----w C:\Program Files\Yahoo!
2008-04-12 15:47 --------- d-----w C:\Documents and Settings\Kellie\Application Data\Yahoo!
2008-04-12 15:39 --------- d-----w C:\Program Files\Common Files\Java
2008-04-12 02:39 --------- d-----w C:\Documents and Settings\Kellie\Application Data\MSN6
2008-04-12 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-04-12 02:32 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-12 02:26 --------- d-----w C:\Documents and Settings\Kellie\Application Data\SUPERAntiSpyware.com
2008-04-12 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-12 00:58 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-12 00:58 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-11 23:53 --------- d-----w C:\Program Files\Creative
2008-04-11 23:52 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-11 23:52 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-11 23:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-11 23:52 --------- d-----w C:\Documents and Settings\Kellie\Application Data\Creative
2008-04-11 23:41 --------- d-----w C:\Program Files\Intel
2008-04-11 23:19 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [2007-03-14 19:49 125632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 12:41 223984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2007-12-01 00:26 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [ ]

C:\Documents and Settings\Kellie\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-05-02 19:23:45 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-02 11:48:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-05 12:39:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 08:45:16
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-05 8:46:56
ComboFix-quarantined-files.txt 2008-06-05 12:46:45

Pre-Run: 13,046,427,648 bytes free
Post-Run: 13,284,413,440 bytes free

176 --- E O F --- 2008-05-17 07:01:26

Don't take life too seriously; No one gets out alive.

Post #240579

RichieUK

Posted 6/5/2008 8:35 AM

Senior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 28,357, Visits: 54,734

There are no issues at all in the Combofix log.
Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press OK.
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore.

Try the steps in my previous post:
If you definitely have never set an admin password,just press Enter when prompted to enter your password.

If you have set a password but you've forgotten it,try this:
Forgot your Windows NT/2k/XP/Vista admin password?:
http://home.eunet.no/~pnordahl/ntpasswd/

If still no joy,and you have the Microsoft Windows XP installation disk try doing a Repair Install.
Configure your computer to start from the CD-ROM drive.
[Boot into the Bios and set your CD-Rom drive as first boot device].
For more information about how to do this,refer to your computer's documentation or contact your computer manufacturer.
Then insert your Microsoft Windows XP Setup CD,and restart your computer.
When the 'Press any key to boot from CD' message is displayed on screen, press a key.
Press ENTER when you see the message to setup Windows XP now, and then press ENTER displayed on the 'Welcome to Setup' screen.
Do not choose the option to press R to use the Recovery Console.
In the Windows XP Licensing Agreement, press F8 to agree to the license agreement.
Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.
Follow the instructions on the screen to complete Setup.

________________________________________

ASAP & UNITE member since 2006

Post #240587

Blue Silverado

Posted 6/5/2008 10:58 AM

New Member

Group: Forum Members
Last Login: 6/15/2008 8:33 AM
Posts: 19, Visits: 100

Richie, you are the bomb!! Every time things go south for me you are always there to save my butt!! I am forever grateful!!! Thank you very much!

Kev