Hi there,

I'm using Windows 2000 Pro at the moment and I am unable to arrive at the desktop because the computer automatically restarts itself immediately after the dialogue box saying "Windows is now starting up..." is displayed. I have no trouble running the computer in Safe Mode, however, nor connecting to the internet in Safe Mode with Networking. Do you have any idea of the cause? I have included a HJT log for you. I"ve also run AVG, Ad-Aware and Spybot with clean returns.

Thanks,

Operaboy.

Logfile of HijackThis v1.99.0
Scan saved at 3:26:58 AM, on 5/30/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP4 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\All Users\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRAM FILES\ADVANCED SYSTEM OPTIMIZER\IEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1147089186026
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147250202815
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\System32\ZoneLabs\vsmon.exe

Hi,


Unfortunately I don't see anything wrong in HJT log, if you can get to web sites from safe mode see if you can download and install from safe mode.







Please download WebRoot SpySweeper from HERE (It's a 14-day trial):

* Click Download Now to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply along with a fresh HJT log.

If you can't do that then try these two online scanners below:


Do this first-


Go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..


Then..



http://www.kaspersky.com/virusscanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
o Scan Options:
- Scan Archives
- Scan Mail Bases
* Click OK
*Now under select a target to scan:
o Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.

good luck.

Hi,

Sorry about the delay. Here is the webroot log for you.

Thanks,

Operaboy.

********
3:17 AM: | Start of Session, Tuesday, June 27, 2006 |
3:17 AM: Spy Sweeper started
3:17 AM: Sweep initiated using definitions version 707
3:17 AM: Starting Memory Sweep
3:28 AM: Memory Sweep Complete, Elapsed Time: 00:10:08
3:28 AM: Starting Registry Sweep
3:29 AM: Registry Sweep Complete, Elapsed Time:00:01:14
3:29 AM: Starting Cookie Sweep
3:29 AM: Found Spy Cookie: webtrends cookie
3:29 AM: david thelander@m.webtrends[2].txt (ID = 3669)
3:29 AM: Found Spy Cookie: 2o7.net cookie
3:29 AM: david thelander@microsofteup.112.2o7[1].txt (ID = 1958)
3:29 AM: Found Spy Cookie: aptimus cookie
3:29 AM: david thelander@network.aptimus[1].txt (ID = 2235)
3:29 AM: Found Spy Cookie: adjuggler cookie
3:29 AM: david thelander@rotator.adjuggler[1].txt (ID = 2071)
3:29 AM: Found Spy Cookie: tribalfusion cookie
3:29 AM: david thelander@tribalfusion[1].txt (ID = 3589)
3:29 AM: Cookie Sweep Complete, Elapsed Time: 00:00:03
3:29 AM: Full Sweep has completed. Elapsed time 00:11:30
3:29 AM: Traces Found: 5
3:30 AM: Removal process initiated
3:30 AM: Quarantining All Traces: 2o7.net cookie
3:30 AM: Quarantining All Traces: adjuggler cookie
3:30 AM: Quarantining All Traces: aptimus cookie
3:30 AM: Quarantining All Traces: tribalfusion cookie
3:30 AM: Quarantining All Traces: webtrends cookie
3:30 AM: Removal process completed. Elapsed time 00:00:04
********
3:10 AM: | Start of Session, Tuesday, June 27, 2006 |
3:10 AM: Spy Sweeper started
3:11 AM: Program Version 4.5.9 (Build 709) Using Spyware Definitions 556
3:13 AM: Hosts file is too large.
3:13 AM: Messenger service has been disabled.
3:16 AM: Your spyware definitions have been updated.
3:17 AM: | End of Session, Tuesday, June 27, 2006 |