1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] Boot to Black Screen & ESocketError - SpamKiller.exe

Discussion in 'Earlier Versions of Windows' started by HitAnyKey, Sep 20, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. HitAnyKey

    HitAnyKey Thread Starter

    Joined:
    Sep 1, 2002
    Messages:
    306
    First Name:
    Eric
    It's been awhile since I've been here, but I'm back again while trying to fix some things with my dad's computer. He has been having a problem of booting to a black screen that just brings his computer to a halt. He'll then reboot and the computer will go to Safe Mode. He'll then reboot again and the machine will boot as normal.

    I havn't gotten it to do this myself yet, so it just seems to happen randomly. I did note that when his computer boots up he gets an application error dialog box which states:
    Exception ESocket Error in module SPAMKILLER.EXE at 0007EE24.
    Network is down.

    *******edited/added section******
    After talking to my dad I just realized why the exception error is occurring. It was because spamkiller tries to get his mail every 10 minutes and he had ZoneAlarm set to lockdown when the screen saver comes on. So this part isn't a problem anymore. It is only the booting to a black screen which is of concern at this point.
    *******end added section*******

    First, here's some details of the computer:
    Dell Dimension 4100
    Pentium III 900MHz
    256 MB RAM
    Windows ME 4.90.3000

    I've already downloaded and run rmbox's Startup Log. Here are the details from it:

    --------------------------------------------

    ---------- C:\WINDOWS\desktop\StartUp.Log

    Start-Ups checked at 09-20-2003 6:39:41.89p
    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log for Windows 95/98 - Freeware by rmbox
    __________________________________________________________________________
    __________________________________________________________________________

    Comments:

    This is a log of all the programs on your computer that
    are starting automatically every time you start Windows.
    Using this log can be a quick way to spot trojans.

    StartUp Log (version 1.58) - Release Date 11/9/2002

    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log Index

    1. HKLM Run
    2. HKCU Run
    3. HKLM RunOnce
    4. HKCU RunOnce
    5. HKLM RunServices
    6. HKLM RunServicesOnce
    7. WIN.INI file
    8. SYSTEM.INI file
    9. AUTOEXEC.BAT file
    10. StartUp folder
    11. All Users StartUp
    12. Misc. StartUp Configurations

    __________________________________________________________________________
    __________________________________________________________________________

    The following is a list of your current Start-Ups
    __________________________________________________________________________
    __________________________________________________________________________

    1. HKLM Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
    "TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
    "PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
    "SystemTray"="SysTray.Exe"
    "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
    "NAV Agent"="F:\\NORTON~1\\NORTON~1\\NAVAPW32.EXE"
    "NPROTECT"="F:\\Norton SystemWorks\\Norton Utilities\\nprotect.exe"
    "QD FastAndSafe"="F:\\Norton SystemWorks\\Norton CleanSweep\\QDCSFS.exe /scheduler"
    "RegShave"="C:\\Progra~1\\REGSHAVE\\REGSHAVE.EXE /autorun"
    "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
    "Zone Labs Client"="D:\\ZONELA~1\\ZONEAL~1\\zapro.exe"
    "devldr16.exe"="C:\\WINDOWS\\SYSTEM\\devldr16.exe"


    ==========================================================================
    __________________________________________________________________________

    2. HKCU Run - Registry

    [RegPath]
    "StartUp"

    *(RegPath not found..)*

    ==========================================================================
    __________________________________________________________________________

    3. HKLM RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    4. HKCU RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    5. HKLM RunServices - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
    "SchedulingAgent"="mstask.exe"
    "*StateMgr"="C:\\WINDOWS\\System\\Restore\\StateMgr.exe"
    "TrueVector"="C:\\WINDOWS\\SYSTEM\\ZONELABS\\VSMON.EXE -service"
    "ScriptBlocking"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Script Blocking\\SBServ.exe\" -reg"
    "NPROTECT"="F:\\Norton SystemWorks\\Norton Utilities\\nprotect.exe"
    "SSDPSRV"="C:\\WINDOWS\\SYSTEM\\ssdpsrv.exe"
    "GoBack Polling Service"="C:\\Program Files\\Roxio\\GoBack\\GBPoll.exe"


    ==========================================================================
    __________________________________________________________________________

    6. HKLM RunServicesOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


    ==========================================================================
    __________________________________________________________________________

    7. WIN.INI File - (c:\windows\win.ini)

    Your win.ini run/load lines should look like run= and load= exclusively.
    There should be nothing to the right of the equal signs.


    These are the run and load lines in your WIN.INI file

    run=hpfsched

    load=

    ==========================================================================
    __________________________________________________________________________

    8. SYSTEM.INI File - (c:\windows\system.ini)

    Your system.ini shell line should look like shell=Explorer.exe exclusively.
    You should only see Explorer.exe following the equal sign.


    This is the shell line in your SYSTEM.INI file

    shell=Explorer.exe

    ==========================================================================
    __________________________________________________________________________

    9. AUTOEXEC.BAT File - (c:\autoexec.bat)

    (Some trojans have been known to start from this file)


    These are your program startups and set paths in your autoexec.bat file

    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    ==========================================================================
    __________________________________________________________________________

    10. StartUp Folder - (c:\windows\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your StartUp folder

    C:\WINDOWS\Start Menu\Programs\StartUp\SpamKiller.lnk
    C:\WINDOWS\Start Menu\Programs\StartUp\CleanSweep Smart Sweep-Internet Sweep.lnk
    C:\WINDOWS\Start Menu\Programs\StartUp\Webshots.lnk

    ==========================================================================
    __________________________________________________________________________

    11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your All Users StartUp folder

    C:\WINDOWS\All Users\Start Menu\Programs\StartUp\GoBack.lnk

    ==========================================================================
    __________________________________________________________________________

    12. Miscellaneous StartUp Configurations

    -============================-
    Registry StartUp Directories
    -============================-

    Should show the Start Menu StartUp and All Users StartUp directories

    .....................................................................

    [1] HKCU - Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

    "Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [2] HKCU - User Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


    .....................................................................

    [3] HKLM - Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

    "Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [4] HKLM - User Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


    .....................................................................

    -=======================-
    Registry Shell Spawning
    -=======================-

    Open Commands for Executable File Types

    @="\"%1\" %*"
    (.exe file - RegPath = HKCR\exefile\shell\open\command)

    @="\"%1\" %*"
    (.com file - RegPath = HKCR\comfile\shell\open\command)

    @="\"%1\" /S"
    (.scr file - RegPath = HKCR\scrfile\shell\open\command)

    @="\"%1\" %*"
    (.bat file - RegPath = HKCR\batfile\shell\open\command)

    @="\"%1\" %*"
    (.pif file - RegPath = HKCR\piffile\shell\open\command)

    @="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
    (.hta file - RegPath = HKCR\htafile\shell\open\command)

    -=========================-
    HKLM RunOnceEx - Registry
    -=========================-


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


    -=========================-
    HKU (.Default) Run - Registry
    -=========================-

    *(RegPath not found..)*

    -==============================-
    HKU (.Default) RunOnce - Registry
    -==============================-


    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    -================================-
    StubPaths - Registry (Partial Listing)
    -================================-

    (Please see the StubPath.txt on your desktop for complete listing)

    HKLM\Software\Microsoft\Active Setup\Installed Components


    "StubPath"="C:\\WINDOWS\\msnmgsr1.exe"
    "StubPath"="C:\\WINDOWS\\COMMAND\\sulfnbk.exe /L"
    "StubPath"=""
    "StubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:WIN9X /user /install"
    "StubPath"="C:\\WINDOWS\\SYSTEM\\ie4uinit.exe"
    "StubPath"="C:\\WINDOWS\\SYSTEM\\updcrl.exe -e -u C:\\WINDOWS\\SYSTEM\\verisignpub1.crl"
    "StubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"

    -=================-
    WINSTART.BAT File - (c:\windows\winstart.bat)
    -=================-

    @C:\WINDOWS\tmpcpyis.bat

    -=================-
    WININIT.BAK File - (c:\windows\wininit.bak)
    (name) (type) (size)(modified)(time)
    wininit bak 322 09-11-03 9:28p
    -=================-



    [Rename]
    NUL=C:\WINDOWS\TEMP\OLDB2E4.TMP
    NUL=C:\WINDOWS\TEMP\OLDB2D5.TMP
    C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SETB380.TMP
    C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\SETB382.TMP
    C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SETB384.TMP
    C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SETB385.TMP
    -=====================-
    Screen Saver Settings (Possible system.ini start-up)
    -=====================-

    scrnsave.exe=c:\windows\webshots.scr

    ==========================================================================
    __________________________________________________________________________

    - Supplemental Environment Information -

    COMSPEC=C:\WINDOWS\COMMAND.COM
    PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    TEMP=C:\WINDOWS\TEMP
    TMP=C:\WINDOWS\TEMP
    winbootdir=C:\WINDOWS
    windir=C:\WINDOWS

    File - c:\windows\Wininit.bak
    File - c:\windows\deletefi.ini

    ==========================================================================
    __________________________________________________________________________

    - End -
    -----------------------------------------------------

    Next here are the details of the file 'deletefi.ini' as I recall seeing another post where ya'll asked for the details of it:
    -----------------------------------------------------
    [BUILD LEVELS]
    2_6=600
    2_5=455

    [WINDOWS FILES TO DELETE]
    OPTIONS\CABS\OLS\MSN\=" "
    Help\msnint.hlp=" "
    Help\msn.hlp=" "
    Help\msnpss.hlp=" "
    Help\msn.cnt=" "
    Help\msnpss.cnt=" "
    Start menu\The Microsoft Network.lnk=" "
    Start menu\MSN.lnk=" "
    Start menu\Programs\MSN.lnk=" "
    Start menu\Programs\The Microsoft Network.lnk=" "
    Start menu\Programs\Online Services\The Microsoft Network.lnk=" "
    Start menu\Programs\StartUp\MSN Quick View.lnk=" "
    Desktop\Signup for new MSN account.lnk=" "
    Desktop\Signup for a new MSN account.lnk=" "
    Desktop\SETUPT~1.lnk=" "
    Desktop\MSN E-Mail.lnk=" "
    Desktop\Try The Microsoft Network.lnk
    SYSTEM\MSNEXCH.EXE=" "

    [PROGRAM FILES TO DELETE]
    MCDETECT\=" "
    The Microsoft Network\=" "
    onmsn\=" "
    Online Services\MSN\=" "

    [RegKeys]
    ;; NOTE PUT ALL THE CURRENT USER KEYS IN THE CURRENTUSER SECTION BELOW
    HKLM\SOFTWARE\MICROSOFT\MSN=" "
    HKLM\SOFTWARE\MICROSOFT\MSNMIG=" "
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MSN PROGRAM VIEWER=" "
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MSN MUSIC AND ANIMATION=" "
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MSN OPTIONAL CONTROLS=" "
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MSN PROGRAM VIEWER CONTROLS=" "
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SETUP\OPTIONALCOMPONENTS\MSNETWORK=" "
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SETUP\OPTIONALCOMPONENTS\MSNETWORK105=" "
    HKLM\SOFTWARE\MICROSOFT\MOS=" "
    HKLM\SOFTWARE\MICROSOFT\MCDETECT=" "
    HKLM\SOFTWARE\Classes\MSN_MsnIni.MsnIni=" "
    HKLM\SOFTWARE\Classes\InstallEngine.MSN Install Engine=" "
    HKLM\SOFTWARE\Classes\MSN_SetupBBS.MSN Setup BBS=" "
    HKLM\SOFTWARE\Classes\MSN_Find=" "
    HKLM\SOFTWARE\Classes\InstallEngine.MSN Install Engine.1=" "
    HKLM\SOFTWARE\Classes\MSN_MSNIni.MSNIni.1=" "
    HKLM\SOFTWARE\Classes\MSN_SetupBBS.MSN Setup BBS.1=" "
    HKLM\software\classes\MSN.MetroMail.1=" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FindExtensions\Static\MSNFind=" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens[MSN 2.6]=" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens[MSN 2.5]=" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens[MSN 2.5.1]=" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens[MSN 2.5.2]=" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens[MSN 2.0]=" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens[MSN 1.X]=" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform[MSN 2.6] =" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform[MSN 2.5] =" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform[MSN 2.5.1] =" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform[MSN 2.5.2] =" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform[MSN 2.0] =" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform[MSN 1.x] =" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{00028B00-0000-0000-C000-000000000046}=" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents[MSNetwork]=" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\MSNetwork=" "
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\MOSTop=" "

    [CURRENT USER]
    \SOFTWARE\MICROSOFT\MSN=" "
    \SOFTWARE\MICROSOFT\MOS=" "
    \Software\Microsoft\Internet Account Manager\Accounts\netnews.msn.com=" "
    \Software\Microsoft\Internet Account Manager\Accounts\msnnews.msn.com=" "
    \Software\Microsoft\Internet Account Manager\Accounts\MSN Mail=" "
    \Software\Microsoft\Internet Account Manager\Accounts\MSN=" "
    \Software\Microsoft\MSN\Settings=" "


    [SHORTCUT FILES TO DELETE]
    1=\The Microsoft Network.lnk
    2=\Programs\The Microsoft Network.lnk
    3=\Programs\Online Services\The Microsoft Network.lnk
    4=\Programs\StartUp\MSN Quick View.lnk
    5=\Try The Microsoft Network.lnk

    [COUNTRY STRINGS]
    1=http://signup.msn.com/signup/msnentry/default.asp?SOURCE=msnpresetup&CONNECTION=POPnumber&OS=nt5&COUNTRY=US
    2=http://signup.msn.com/signup/msnentry/default.asp?SOURCE=msnpresetup&CONNECTION=POPnumber&OS=nt5&COUNTRY=CA
    44=http://signup.msn.com/signup/msnentry/default.asp?SOURCE=msnpresetup&CONNECTION=POPnumber&OS=nt5&COUNTRY=UK
    81=http://signup.msn.com/signup/msnentry/default.asp?SOURCE=msnpresetup&CONNECTION=POPnumber&OS=nt5&COUNTRY=JP

    [CM]
    TakeOutCm=0
    TakeOutCmWithMSN=0

    [RUNEXE]
    CMSTP.EXE=%PROGRAM_FILES%\abc


    ;;;***************************************
    ;;; The following are the special paths recognized
    ;;; by MIGSRT1
    ;;;%INTERNET_TEMP%
    ;;;%TEMP%
    ;;;%WINDOWS%
    ;;;%WINDOWS_SYSTEM%
    ;;;%WINDOWS_SYSTEM32%
    ;;;%MSN%
    ;;;%WIN_ROOT%
    ;;;%PROGRAM_FILES%

    --------------------------------------------------------------

    Now, I know my dad was infected with a worm a couple months back which was using his computer as a spam mail server. It got our network access shut down by our cable provider until he formatted his hard drive and reinstalled his operating system. He had backed up his computer to CD (he's got his drive partitioned into 6 drive letters). After formatting and reinstalling, he copied his backed up drives back onto their respective partitions (except the C drive). Hopefully this is not a problem which will cause that to happen again as it took him a full 3 days to do that and then weeks to reinstall and re-setup all his programs.
    We've always used ZoneAlarm and I just recently paid for and upgraded us to ZoneAlarm Pro.

    Any help you can provide would be great.
    Any other information you need from me about the machine, let me know. I am quite computer literate, so should be able to understand nearly anything you tell me or ask of me.
     
  2. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Since you have corrected the error event does it still act this way as it is normal to go into safe mode after an error has benn detected.
     
  3. HitAnyKey

    HitAnyKey Thread Starter

    Joined:
    Sep 1, 2002
    Messages:
    306
    First Name:
    Eric
    That error event wasn't what was causing the boot to black screen/safe mode boot troubles.
    I had originally thought it might have something to do with it, but it was an error message all on it's own simply to let us know that SpamKiller wasn't able to access the network because ZoneAlarm was locked down.
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I don't see any problems with what is shown there, but ye' olde Rmbox startuplist is a bit out of date for todays hijinks.

    Give us a post of a HijackThis Scanlog.

    http://www.tomcoyote.org/hjt/
     
  5. HitAnyKey

    HitAnyKey Thread Starter

    Joined:
    Sep 1, 2002
    Messages:
    306
    First Name:
    Eric
    Here is the log from HijackThis:

    Logfile of HijackThis v1.96.1
    Scan saved at 11:35:06 PM, on 9/20/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    F:\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE
    C:\WINDOWS\SYSTEM\DEVLDR16.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    F:\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    D:\ZONE LABS\ZONEALARM\ZAPRO.EXE
    C:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE
    D:\MCAFEE.COM\SPAMKILLER\SPAMKILLER.EXE
    F:\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
    D:\WEBSHOTS\WEBSHOTSTRAY.EXE
    F:\Norton SystemWorks\Norton CleanSweep\Monwow.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    E:\DOWNLOAD\TECHSUPPORT\HIJACKTHIS.EXE

    F1 - win.ini: run=hpfsched
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.quixtar.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\5zsupyvy.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CNETSCAPE7%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\5zsupyvy.slt\prefs.js)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NAV Agent] F:\NORTON~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [NPROTECT] F:\Norton SystemWorks\Norton Utilities\nprotect.exe
    O4 - HKLM\..\Run: [QD FastAndSafe] F:\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler
    O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [Zone Labs Client] D:\ZONELA~1\ZONEAL~1\zapro.exe
    O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [NPROTECT] F:\Norton SystemWorks\Norton Utilities\nprotect.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Roxio\GoBack\GBPoll.exe
    O4 - Startup: SpamKiller.lnk = D:\McAfee.com\SpamKiller\SpamKiller.exe
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = F:\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O4 - Startup: Webshots.lnk = D:\Webshots\WebshotsTray.exe
    O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37875.7594212963

    ----------------------------------------

    Also, I had just come up to his computer to boot it up in order to run HijackThis and get the log. And when I booted up I got the black screen that he's been getting. He said he didn't have any errors or anything before his last shutdown. I booted into safe mode and did a shutdown/restart. That booted to the black screen again and into safe mode again. Not until I did a complete shutdown with turning the computer on again did I get a clean bootup.
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Well If this problem is related to Spamkiller, I would just move the shortcut out of the Startup folder or use msconfig to disable it for testing.

    It may be having conflicts with ZoneAlarm

    I don't see any real problems there, but I can't really intrepret Netscape search plugins, so I don't know if what he has there are legit or not, but I imagine they are if they take him to the search site desired.

    And I would personally recommend not having Cleansweep load as a startup. Makes more sense to run it before installs rather than always have it in the background.

    If it turns out SpamKiller is the issue, just make it a quicklaunch shortcut and run it manually after Windows loads.
     
  7. HitAnyKey

    HitAnyKey Thread Starter

    Joined:
    Sep 1, 2002
    Messages:
    306
    First Name:
    Eric
    I had may dad disengage the boot startup of both SpamKiller and CleanSweep. He now starts up SpamKiller after he's all booted up and won't be starting CleanSweep unless he's doing an install.

    He is still having this boot to black screen issue however. Sunday night he shut down his computer. Monday morning it booted to the black screen, with the restart to safe mode and him having to shut down completed and turning it back on for it to boot normally.
    He probably had at least one or two normal restarts during the day yesterday and then shut down normally last night. This morning he had the same boot problem.
    Any more thoughts on what might be causing this?
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    It might be a damaged video driver install. You may need to reinstall or update the drivers. If you don't know what they are check the Adapter information in the Device Manager or run dxdiag and look at the Display tab for information on the Adapter and current driver information. Sometimes Windows will just reinstall them automatically if you remove them from the Device Manager and reboot, but often it is necessary to obtain the drivers from the Vendors site.

    To test whether it is a video driver related issue, run msconfig and click on the Advanced tab.

    You will see an option there to load standard VGA drivers. These are the same as used in Safe Mode so the resolution will be very low.

    But if you can reboot consistently without getting a black screen, then it is the normal mode video driver installation which is hanging up.

    Roxio's Goback might be an issue, but I think you would have to completely uninstall it to test, you can try unchecking it though.

    You can also use msconfig to "clean boot" the system by unchecking the entire startup group for a few tests, but most of these actually load after the desktop appears, so it doesn't seem likely that the problem is there.

    Both Autoexec.bat and config.sys can be unchecked as well, although there is nothing in your autoexec.bat file but environment settings, config.sys does not appear in this startup profile.
     
  9. HitAnyKey

    HitAnyKey Thread Starter

    Joined:
    Sep 1, 2002
    Messages:
    306
    First Name:
    Eric
    I just wanted to toss up a reply, even though it's a little late.
    I had used the suggestion and reinstalled the video driver. As far as I know, his machine is working up to par now and isn't having these particular problems any more.
    He has problems still, but not this type of problem.

    Just wanted to say thanks and let you know you can close this tread as completed.

    I'll be posting again shortly as I'm having all sorts of lockups and system crashes with my own computer now. But that's for another thread. :)
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Thanks for the update, always glad to put a "resolved" on something :)
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/166233

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice