Won't boot up after scan

[epicmiler]

Okay I am sorry if this is a frequent question around here, but when I ran Malwarebytes and got the results it said to reboot.

So I rebooted, but my computer just keeps looping the Windows loading screen.

I CAN start it in Safe Mode, but when I start it in Safe Mode I am guessing Malwarebytes doesn't run the final clean up that would run had it started normally.

This is the only anti-virus program I've used that has had this problem, but it's also probably the only one that will get rid of my annoying virus!

Thank you very much if you can help.

[GT500]

Sounds like a problem with the Delete On Reboot driver.

Please start your computer in Safe Mode With Networking, download HijackThis, run a scan, and copy and paste the log into a reply.

[epicmiler]

Sounds like a problem with the Delete On Reboot driver.

Please start your computer in Safe Mode With Networking, download HijackThis, run a scan, and copy and paste the log into a reply.

Well I think the virus I have did something to my networking, because although my wireless card is on, it gets no connection. Same with when I plug in with a network cable, it says "connected" but doesn't do anything.

But anyways... I did what you asked.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:39:06 PM, on 2/13/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

H:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe

O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe

O4 - HKCU\..\Run: [Registry] "C:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "C:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"

O4 - HKUS\S-1-5-18\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [kjmqvytv.exe] C:\WINDOWS\kjmqvytv.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [mxxyoimr.exe] C:\WINDOWS\mxxyoimr.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [lfwsmrfv.exe] C:\WINDOWS\lfwsmrfv.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [sfoikgkx.exe] C:\WINDOWS\sfoikgkx.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [fprbuyhj.exe] C:\WINDOWS\fprbuyhj.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [rwsuigwa.exe] C:\WINDOWS\rwsuigwa.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [tjbpxppc.exe] C:\WINDOWS\tjbpxppc.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: D-Link AirPlus Utility.lnk = ?

O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe

O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187925756997

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188018411387

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: rchiomjk - rchiomjk.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[GT500]

OK, run another scan with HijackThis, put a check mark in the box to the left of each line I list in bold below, and then click the 'Fix' button at the bottom:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/

O1 - Hosts: 195.245.119.131 browser-security.microsoft.com

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKUS\S-1-5-18\..\Run: [kjmqvytv.exe] C:\WINDOWS\kjmqvytv.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [mxxyoimr.exe] C:\WINDOWS\mxxyoimr.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [lfwsmrfv.exe] C:\WINDOWS\lfwsmrfv.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [sfoikgkx.exe] C:\WINDOWS\sfoikgkx.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [fprbuyhj.exe] C:\WINDOWS\fprbuyhj.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [rwsuigwa.exe] C:\WINDOWS\rwsuigwa.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [tjbpxppc.exe] C:\WINDOWS\tjbpxppc.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe (User 'SYSTEM')

O20 - Winlogon Notify: rchiomjk - rchiomjk.dll (file missing)

After HijackThis is done fixing, make sure to restart your computer. Once started up normally, update Malwarebytes' Anti-Malware, run a Quick Scan, remove anything it finds, and then restart your computer again. If all is well, then please follow these instructions for running ComboFix, and make sure to copy and paste the contents of the log into a reply for me.

[epicmiler]

Is my computer supposed to boot up in normal more or should I go into safe mode again?

Because it's still only starting in safe mode.

[GT500]

Is my computer supposed to boot up in normal more or should I go into safe mode again?

Because it's still only starting in safe mode.

You need to start your computer up in Safe Mode to run another HijackThis scan, and fix the lines I listed in bold in my last reply. After that, your computer should start normally again.

[epicmiler]

No what I meant was that I did what you said, fixed the things in HijackThis on safe mode, but it still won't start normally. It's still looping the windows loading screen.

[GT500]

No what I meant was that I did what you said, fixed the things in HijackThis on safe mode, but it still won't start normally. It's still looping the windows loading screen.

OK, start back up in Safe Mode, and get me another HijackThis log.