No Malware Present, Per Ryan!


Recommended Posts

Hello, I'm still having problems with my computer. I've posted "MBAM log" and "HJT log" and obviously nothing there, as noted below. Yet I still have the following going on:

1) upon powering on, I get an initial "white screen" with my compaq logo. there is also an hourglass in the bottom left hand corner.

2) seconds later, it loads up my windows XP screen w the name "swissboy" in bottom left-hand corner.

3) seconds after that, it loads up another windows XP screen, with the same name "swissboy" in bottom left-hand corner.

4) moments later, it starts to load up my icons and desktop menu.....

Something's not right!?!?!?!?

Besttechie

Rating: 5

View Member Profile

Add as Friend

Send Message

Find Member's Topics

Find Member's Posts

post Today, 10:34 AM

Post #2

Mr. President

Group Icon

Group: Admin

Posts: 2129

Joined: 23-August 04

From: New York

Member No.: 1

Operating System:

Windows Vista Ultimate, Windows XP Pro, Ubuntu, Debian, Mac OSX

As Ryan stated:

QUOTE

Since the MBAM log was clean, and nothing in the HJT log is malicious, I think its safe to say that your problem isn't malware related.

I would make a thread in the Windows forum about this issue. Tell them that you've been through the malware forum, and that your copmuter is clean.

-Ryan

It does not appear your problem is malware related, make a post in PC Support and someone would be glad to continue to help you out. smile.gif

B

Link to post
Share on other sites

As you can see from my post today, I'm still having problems. Ryan has taken me through the malware forum and his suggestion is that it's not from malware. At this point, I don't think so either. He suggested that I post in this forum, support.

This is the scenario:

1) Initial white screen loads w/compaq logo.

2) seconds later windows xp screen loads with hourglass logo in bottom left corner

3) seconds later another Windows XP screen loads with same name in bottom left corner.

4) Then my icons and programs, desktop loads up.

From what I can tell, It appears to be a hacker and/or system issues. As I have a double loaded system....Hmm...

Also in task manager I have the following:

svchost.exe----one says local service

svchost.exe----two says network

svchost.exe----three says system

So, what I'm saying is I have a total of "six" processes running for the svchost.exe. Now I know that's not right.....

Link to post
Share on other sites

I bought It 1.5 years ago, from a guy that builds/sells them. I never changed anything on it. I just plugged up and started using it. Noone else uses it but me. So, how could this happen?? Could it be done by e-mail, downloaded attachment, redirected website??How?? So, what type of issues would this cause?? What has been happenning?? It sounds a bit scary, as to what the possibilities are.....What's your assessment on it??

When I got it, the memory had been upgraded, as well as windows XP added. This is what was told to me. I don't know what operating system was on it previously..

1st-cd

2nd-floppy

3rd-harddrive

4th-ethernet

That's normal for svchost.exe. I have five instances of it running with many more processes than you. I would say this is an issue with your boot. What is your boot setup, through Vista or one of your 'nix OSes?
Edited by chris50
Link to post
Share on other sites

This is not from any malware or hacker. If this laptop only has XP loaded on it and the person who sold it reloaded XP he may have installed it incorrectly and you now have two installs. Open My Computer and double clcik your hard drive. Double click boot.ini, it should open in Notepad, then copy and paste the contents in a reply here.

Link to post
Share on other sites

I just noticed something...by the way it's a desktop

1) when it's booted in normal mode, there are no other users, so it boots up to desktop

2) When it's booted in safe mode, you have to select between "Admin"-me, which has no password.......Or the previous owners name, which is password protected.

Other puter is loading, will post log in several minutes

By the way, this has only been happening the past 4-5 weeks max!!!

This is not from any malware or hacker. If this laptop only has XP loaded on it and the person who sold it reloaded XP he may have installed it incorrectly and you now have two installs. Open My Computer and double clcik your hard drive. Double click boot.ini, it should open in Notepad, then copy and paste the contents in a reply here.
Edited by chris50
Link to post
Share on other sites

How many hard drives / partitions are shown in My Computer?

When you open My Computer and select Tools then select Folder Options. Under the View tab check the box for Show hidden folders and files plus uncheck and Hide protect operating system files (Recommended). Click Apply then OK.

You should now be able to find the boot.ini file.

Link to post
Share on other sites

There are 2...First is Admin-me-no password...Second is him-Admin capabilities-password protected, with remote It says Administrator account is only visible in welcome screen, or when booted in safe mode

There is no boot.ini file

.....that's kinda interesting that after 1.5 years, it would start up NOW .....

That pretty much confirms he didn't wipe the old OS off and installed XP a second time.
Link to post
Share on other sites
There are 2...First is Admin-me-no password...Second is him-Admin capabilities-password protected, with remote It says Administrator account is only visible in welcome screen, or when booted in safe mode

There is no boot.ini file

.....that's kinda interesting that after 1.5 years, it would start up NOW .....

That pretty much confirms he didn't wipe the old OS off and installed XP a second time.

Read my other reply and follow the directions.

Link to post
Share on other sites

Hi Chris50

Just about anything could have caused the two installs to start showing up all of a sudden. Most likely some updates from Microsoft caused changes the system brought this about.

Here is how to make a copy of your Boot.ini file to post

How to Save a Backup Copy of Boot.ini

1. Right-click My Computer, and then click Properties.

-or-

Click Start, click Run, type sysdm.cpl, and then click OK.

2. On the Advanced tab, click Settings under Startup and Recovery.

3. Under System Startup, click Edit. This opens the file in Notepad ready for editing.

4. In Notepad, click File on the Menu bar, and then click Save As.

5. Right click in an empty area of the Save As dialog box, point to New in the context menu, and then click Folder.

6. Type a name for the new folder, for example temp, and then press the ENTER key to create the folder named temp.

7. Double-click the new folder named temp, and then click the Save button to save a backup copy of the Boot.ini file.

Sample Boot.ini File

This is a sample of a default Boot.ini file from a Windows XP Professional computer.

[boot loader]

timeout=30

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

This is a sample of the above Boot.ini file with a previous installation of Windows 2000 on a separate partition.

[boot loader]

timeout=30

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional" /fastdetect

multi(0)disk(0)rdisk(0)partition(2)\WINNT="Windows 2000 Professional" /fastdetect

If you can make a copy of what your Boot.ini looks like and post it here. That would help us work on this problem.

Link to post
Share on other sites

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=7OHJEB /Kernel=TUKernel.exe

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=7OHJEB-BAK

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

Link to post
Share on other sites

As asked by TheTerrorist_75.

How many partitions show up in your computer? Just your C:/ drive, or do you have more. Not counting your CD drives.

Link to post
Share on other sites

Right click My Computer then select Properties. Click the Advanced tab then the Settings button under Startup and Recovery. Make sure that "Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=7OHJEB /Kernel=TUKernel.exe shows in the window for Default operating system and uncheck the two boxes below the window. Click Apply then OK.

This will remove the other boot options. What the seller did was install a backup program and the Recovery Console which can come in handy if you have a problem.

If it was me I'd leave it alone. It is just a slight annoyance.

Link to post
Share on other sites
As asked by TheTerrorist_75.

How many partitions show up in your computer? Just your C:/ drive, or do you have more. Not counting your CD drives.

Only 1.....Computer has 7.86Gb storage total. All that is on the C:/drive

Wow.....6 guests.......?!?!..ERRR..I mean 7!?!?

Actually I installed the recovery console days ago..

Please tell me someone has something to say....

Edited by chris50
Link to post
Share on other sites

JSKY,

I'm not at all questioning Terrorist_75 recommendations at all. He has guided me quite well so far. What I was referring to was earlier there were 7 people here and noone responded. Obviously they weren't knowledgable enough. I've already done what he's suggested. Since then, I've been running scans out the ying-yang. I'm not coming up with a lot of traces of stuff, as I guess I've killed/deleted most previously. Some of the items found were Keyloggers, Downloaders, Trojans, And Adaware--thousands, YES 1000's. Virus Vault has already filled numerous times thus far, and I'm not done yet. I'll keep the post updated as well............

Terrorist_75 i forgot to ask. If I remove the other boot option, would the white, and/or double screens go away??....As scan is presently running and will be for a while.....

Edited by chris50
Link to post
Share on other sites

Yeah it does need that....That is the plan in the future. With 7.86Gb, this computer has definitely been upgraded. I was thinking maybe windows 98 era??Yet it does have 384mb memory(upgraded), as that's all it'll hold. I'm debating on my next move with it. As I'd like at least 512mb...Well, i guess there's not really an option, as I have to get another....

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...