1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System Keeps Rebooting

Discussion in 'Virus & Other Malware Removal' started by jolichwier, Sep 29, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    I am running XP Home on a computer and it keeps rebooting. I cannot even log in before it reboots.

    I put it in Safe mode and ran the FixBlaster exe from Symantec but it said that FixBlaster was not found.

    Is there more than one FixBlaster exe that I should be trying to run?

    I tried to load and run AVG in Safe Mode to find the virus and couldn't.

    Since I can't get on the internet from that computer any suggestions given will take a while to give feedback (since I will need to be able to do it from a different computer).

    I know that I could probably just restore with the system disk and reload everything, but I would prefer not to if I don't have to.

    Any help is appreciated.
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Get Hijackthis and post the log. You can put this on a disk and copy the log back to he disk to post here.

    Don't make any changes until someone assists you with the log.
     
  3. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    Okay, will do.

    I can only run the computer in safe mode.

    Thanks.
     
  4. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    Okay, I booted up in Safe Mode (for networking) and ran Hijack This. The results follow.

    I also tried to run hijavk this with a normal boot, but I was just barely able to log in and then the computer reboots, so I could not run hijack this under a normal boot.

    Logfile of HijackThis v1.97.2
    Scan saved at 7:07:06 AM, on 7/30/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    A:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
    O2 - BHO: (no name) - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_0_8_6.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_8_6.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
    O4 - Global Startup: HP OfficeJet Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Program Files\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
    O9 - Extra button: Yahoo! Login (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  5. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Have you tried restarting normally, but choose from the F 8 menu, last good known configuration?
     
  6. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    Yes, I have tried that and that allowed me to get into Safe Mode but still would not let me boot normally. Before I did that I couldn't even boot in safe mode.

    I could try it again tonight if you think that might have some impact.

    Thanks.
     
  7. orchid5683

    orchid5683

    Joined:
    Sep 19, 2003
    Messages:
    11
    There are a couple possibilities as far as reasons for this.

    Yes, you could have a worm, like Blaster, in which case I would recommend going to www.soloantivirus.com and downloading their free trial which is an awesome cleaner. Take it over Symantec or McAfee any day ('cause it works!).

    You also could have a driver conflict. I see from your HiJack log that you have at least one type of "companion" bar loaded, this one happening to be Yahoo! related...I am currently repairing a laptop that was used on SBC DSL and so had the SBC-Yahoo! connection manager loaded, which happened to have a major conflict with the person's Ndis.vxd driver (this is the one that runs any hardware that is network or internet related). This was only the case because of some other third party software they had installed from Cisco. Bottom line = If you get reboots but can load in safe mode then while it may be a worm, there is a healthy chance you may have a driver issue/conflict.
     
  8. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Last good known only got you to safe mode? If so, then probably trying again wouldn't do any better.

    I don't understand why it would keep rebooting in normal mode though, perhaps others will have some better ideas for you......I'm thinking the restore sounds good :D
     
  9. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    As far as the driver conflict, it may be but I don't think so. The reason I don't think that is the problem is that it worked for a long time before I had this problem. If it was a driver conflict it probably would have occured when I loaded sbc dsl mgr, right? (Not sure since I don't know a lot about that and if it could happen over time).

    I tried the fixblast from Norton and it said that Blaster was not found. Do you think that it could be another type of virus?

    There seemed to be several types of Blaster virus is there several different types of repairs? I only tried one.

    I know that there have been a few viruses that have caused the machines to reboot, blaster being one of them. Not sure what the others were or what the repairs are for those.

    Any help from anyone?

    Thanks.
     
  10. orchid5683

    orchid5683

    Joined:
    Sep 19, 2003
    Messages:
    11
    Hey Jolichwier, wasn't sure if you would notice my post because AcaCandy managed to be following close behind with a post as well! hehehe Seems like AcaCandy posts some pretty regular support on here! I'm impressed...26000 posts!...anyway, if you feel my post has any bearing on your issue feel free to get me by email, PM or ICQ...

    Laterz!
     
  11. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    When you boot in safe mode with networking, does that give you access to the internet too?

    If so, try an online virus scan:

    http://housecall.trendmicro.com/

    Or the one mentioned above by orchid.

    Orchid, welcome aboard, any input is always welcomed, but we like to keep all the communication in the thread so others with the same problem will be able to follow along too :)
     
  12. orchid5683

    orchid5683

    Joined:
    Sep 19, 2003
    Messages:
    11
    Cool...glad you can be pretty sure it is not driver related...

    Give Solo a try...It is not mainstream, but is really good...many of the mainstream AVs are targeted for kill by well written virii and though they will look like they are working, they will actually not be using anything for comparison as their virus definition files may ahve been tampered with, or wiped out altogether.

    Did you happen to install any hardware in the last couple/few months? Like say an upgraded video card or another hard drive or anything? If your power supply can kind of handle the drain sometimes, but not all the time, then you can get random, or continuous reboots. When the Windows GUI kicks in some of the more powerful AGP cards it puts a decent hit on the 12volt line and if that line happens to be shared with too many other things, and/or your power supply is on it's way out, you can get reboots...

    hmmmm...
     
  13. VirtualMe

    VirtualMe

    Joined:
    Sep 27, 2002
    Messages:
    867
    If you right click on My Computer

    Properties

    Hardware tab

    Device Manager

    Do you see any (!) or (?) by any of the devices?
     
  14. jolichwier

    jolichwier Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    65
    Have not been able to get to the internet. The sbc dsl connection will not establish through the connection manager.

    I can call SBC tonight and see if there is a way to connect while in safe mode and run the virus scan.

    Have not upgraded any hardware on this machine at all.

    The system will work for hours in safe mode and not reboot. Soon as I try to boot "normally" it will reboot itself everytime within about 60-90 seconds of being booted up. It just continues to repeat that process until I either shut it down or boot in safe mode.

    Thanks for the suggestions. Please keep them coming!

    I will check tonight to see if there is anything up with the device managers like you ask.
     
  15. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Just for fun, can you post your IRQ listing. XP is supposed to play nicer with IRQs, but that's about the only thing I can think of that should be causing the reboot only in normal mode, as in safe mode, most of the hardware drivers don't load.

    Start, run, msinfo32 and ok....hardware, IRQs, edit, select all, edit, copy and come back and paste.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168323

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice