Can only start in safe mode. Help please.

rizla01

A couple of other points.

Having now run Belarc I find this.


AntiVir Desktop Version 10.0.1.52 Realtime File Scanning On

avast! Antivirus Version 5.0.83886757 Realtime File Scanning On

a-squared Anti-Malware Version 4 Realtime File Scanning On

Is there a conflict there?


Also, could someone check my latest Hijack Log for problems please? Thx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:53, on 10/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
G:\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Online Armor\OAcat.exe
G:\Online Armor\oasrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\igfxpers.exe
G:\Online Armor\oaui.exe
G:\IObit Security 360\IS360tray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
G:\Zentimo\Zentimo.exe
G:\Online Armor\OAhlp.exe
F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Magnifier 1.09\Magnifier.exe
L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe
G:\IObit Security 360\is360.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Terry\Desktop\utilities\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by150w.bay150.mail.live.com/default.aspx?rru=home&livecom=1&wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/clipextractor/{A9E3981F-6A11-4EF1-A702-3819AB03CE4F}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - \Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - \Roboform\roboform.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "G:\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [IObit Security 360] "G:\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Zentimo xStorage Manager] G:\Zentimo\Zentimo.exe /startup
O4 - S-1-5-18 Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Rightmove Desktop.lnk = L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe (User 'Default user')
O4 - .DEFAULT Startup: Rightmove Desktop.lnk = L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe (User 'Default user')
O4 - Startup: Alienware Dock.lnk = F:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: Moo0 Magnifier 1.09.lnk = C:\Magnifier 1.09\Magnifier.exe
O4 - Startup: Rightmove Desktop.lnk = L:\rightmove\Rightmove Desktop\Rightmove Desktop.exe
O8 - Extra context menu item: Customize Menu - [URL]file://D:\Roboform\RoboFormComCustomizeIEMenu.html[/URL]
O8 - Extra context menu item: Fill Forms - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O8 - Extra context menu item: Identities Editor - [URL]file://D:\Roboform\RoboFormComEditIdent.html[/URL]
O8 - Extra context menu item: Locate Spot on Map by GPS - F:\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Password Generator - [URL]file://D:\Roboform\RoboFormComPasswordGenerator.html[/URL]
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O8 - Extra context menu item: Save Forms - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - F:\IExif 2.3\IExifCom.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://D:\Roboform\RoboFormComFillForms.html[/URL]
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://D:\Roboform\RoboFormComSavePass.html[/URL]
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://D:\Roboform\RoboFormComShowToolbar.html[/URL]
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218797834562
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O20 - Winlogon Notify: !SASWinLogon - G:\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Online Armor Helper Service (OAcat) - Emsi Software GmbH - G:\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Emsi Software GmbH - G:\Online Armor\oasrv.exe
O23 - Service: Zentimo Assistant (ZentimoService) - Unknown owner - G:\Zentimo\ZentimoService.exe
--
End of file - 7442 bytes

I have removed a few items that I didn't feel were neccesary after having googled them.

rizla01

Anyone?...............

debitcardmayhem

Hi

AntiVir Desktop Version 10.0.1.52 Realtime File Scanning On

avast! Antivirus Version 5.0.83886757 Realtime File Scanning On

a-squared Anti-Malware Version 4 Realtime File Scanning On

Top two I would guess at least , but the only one I know a little of is avast , only being polite not trying to get your hopes up. Others know more than i.

Edit Pushed button too quick, cat problems again, it is not advisable to use two Anti Virus engines together .

100pints

It could have been caused by bad sectors on the disk - I've just fixed someones computer for them where chkdsk /r fixed the problem in a couple of hours.
I'd spent TWO DAYS trying to find a virus which was shutting down the computer when all the time it was just the hard drive.
Valuable lesson learned anyway.....
:beer:

rizla01

Hi 100pints.

Interesting to hear of your experience.

I have run several Anti - Virus/Trojan/Malware during this problem solve and they have invariably found some nasty little addition to my registry or simply running in the background. A few trojans too.

Good news is that one of them (Glary, I think) cleaned out the false entries showing up in the Hijack log (Ie the 3x virus progs running simultaneously).

I think it was more likely one of the trojans/viruses that caused the bad entry on the HD.

Still, I've learned something more too. Lets hope I remember it when the problem arises again.

At my age that's unlikely Tho!!