Absolutely frustrating!

Question

babiebkb123 0 Newbie Poster

15 Years Ago

Where do I start? I've actually tried to fix this problem by myself a month ago with no luck and my last hope is someone here able to help me.

To begin, my Desktop has been taken over by a black screen with the words, "WARNING Dangerous Spyware, Many viruses were found on your computer, etc", whenever I turn on my computer a login window pops up but thankfully I'm able to login with "Owner" as the username, my internet connection is completely disabled, I can't get past the last screen of System Restore, my PC only reads discs after inserting them a thousand times, none of my currently installed programs can get rid of this nuisance and I can't really transfer any programs from my laptop to my PC because it has a hard time reading discs, and finally, after running System Recovery from the disc, I get a blue screen error that says "STOP: c000021a {Fatal System Error} The Windows Logon Process system process terminated unexpectedly with a status of 0x00000080 (0x00000000 0x00000000). The system has been shut down."

I have no idea how I got this bug. I remembering putting my PC on sleep mode just like any other time and the next day, it's completely useless. I was able to get a HJT log, and as you can see, there are several things missing that I hope I can get back.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:13 PM, on 3/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\init32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google-s.alltalkspectrum.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google-s.alltalkspectrum.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-21-3179404709-2665549527-2793222974-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3179404709-2665549527-2793222974-1003\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - S-1-5-21-3179404709-2665549527-2793222974-1003 Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe (User '?')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {25FD7375-AB50-4EE1-8D4E-F76ECAC680B2} (CPlayFirstC4CControl Object) - http://www.playfirst.com/play/game/connectfour/C4C.1.0.0.50.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//html/activexplayer/SMALStreaming.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BA2D9665-D672-446F-98F4-E3E41FA12A01} (PCAObj Class) - http://www.mypccenter.com/PCA.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.playfirst.com/play/game/sweetopia/Sweetopia.1.0.0.22.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,nkzowp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: dtseqrxk - {48977F26-485C-4F9C-A1B5-AC7839F50904} - (no file)
O21 - SSODL: mgxfebsq - {882AE2FA-63E6-4323-871B-DAC28B5EFCA2} - (no file)
O23 - Service: 6to4 - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL ACS - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeedMonitor - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: AppMgmt - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: AudioSrv - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: BITS - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Bonjour Service - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Browser - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Capture Device Service - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: clr_optimization_v2.0.50727_32 - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: COMSysApp - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: DcomLaunch - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Dhcp - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: dmadmin - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: dmserver - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Dot3svc - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: EapHost - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: ERSvc - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Eventlog - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: EventSystem - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: FastUserSwitchingCompatibility - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: gusvc - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: helpsvc - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: hkmsvc - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: HTTPFilter - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: IDriverT - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: ImapiService - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: iPod Service - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: JavaQuickStarterService - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: lanmanserver - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: lanmanworkstation - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: LightScribeService - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: MSIServer - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: napagent - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Netlogon - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Netman - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Nla - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: NtLmSsp - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: NtmsSvc - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: NVSvc - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: odserv - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: ose - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: PlugPlay - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: PolicyAgent - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: PrismXL - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: ProtectedStorage - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: RasAuto - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: RasMan - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

I appreciate any help I can get!

windows-virus

3 Contributors
15 Replies
287 Views
1 Week Discussion Span
Latest Post 15 Years Ago Latest Post by PhilliePhan

hughv 104 Veteran Poster

15 Years Ago

Malwarebytes Anti-malware
See here:
http://www.techspot.com/vb/topic116808.html

hughv 104 Veteran Poster

15 Years Ago

Try this and see if it helps:
"Another way to get around the inability to access your antivirus program is to check your system for the presence of a particular rogue device driver:

• Step 1: Click Start, Control Panel, Performance and Maintenance (in Categories view), System.
• Step 2: Select the Hardware tab and click Device Manager.
• Step 3: Choose the View menu and select Show hidden devices.
• Step 4: Scroll to the Non-plug and play drivers section and expand the tree.
• Step 5: If you see an item labeled TDSSserv.sys, right-click it and select Disable.
fter you reboot your computer, you'll be able to access your antivirus program and browse to anti-malware sites to remove the pest from your PC. Once you've cleaned your system, make certain that you update your antivirus software every day to avoid reinfection."

PhilliePhan 171 Central Scrutinizer

15 Years Ago

In all honesty, it would probably be best (and easier) to reformat your machine in this case. This baddie is difficult to recover from and even then things may still not work properly.....

You might want to wait for crunchie or Judy to weigh in with an opinion, but I would recommend a reformat.

-- Do you have a copy of your OS on disc? (Recovery discs, etc...)

PP :)

hughv 104 Veteran Poster

15 Years Ago

Recovery disks should work just fine.
Boot to the CD and begin your recovery, or use whatever procedure your PC maker recommends.
It sounds to me as though you have many services disabled.
You may be abkle to enable these in Msconfig/Services or Admin Tools.
I agree that a reinstall may be the better idea.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

babiebkb123 0 Newbie Poster · Answer 1 · 2009-04-30T20:29:38+00:00

Malwarebytes Anti-malware
See here:
http://www.techspot.com/vb/topic116808.html

I already ran it with no luck and I can't even update it.

babiebkb123 0 Newbie Poster · Answer 2 · 2009-05-01T06:24:30+00:00

Thanks for the reply. Here's another can of worms about to be opened. My Device Manager List is completely empty. I looked in my services to find that "Plug and Play" is disabled and of course, I can't enable it. I also noticed my Network Connections folder is completely empty. These problems would be a lot easier to fix if I can properly transfer files. If anyone has any ideas on how to kind of "force" my PC to read discs, I'll be really thankful.

babiebkb123 0 Newbie Poster · Answer 3 · 2009-05-01T10:51:26+00:00

Yes, I have my system recovery discs, but as of right now, they are useless.

babiebkb123 0 Newbie Poster · Answer 4 · 2009-05-01T18:10:08+00:00

As explained earlier, whenever I boot my recovery discs, I get a blue screen error.

hughv 104 Veteran Poster · Answer 5 · 2009-05-01T19:45:43+00:00

I don't see anything about an error when booting to a CD .
If you get an error when the boot order is set to CD first, what is it?
What's the make and model of your PC?

babiebkb123 0 Newbie Poster · Answer 6 · 2009-05-02T03:26:18+00:00

Sorry if I was confusing, but whether I boot to CD first or do it the traditional way I get this blue screen error: "STOP: c000021a {Fatal System Error} The Windows Logon Process system process terminated unexpectedly with a status of 0x00000080 (0x00000000 0x00000000). The system has been shut down."

PhilliePhan 171 Central Scrutinizer Team Colleague · Answer 7 · 2009-05-02T06:53:02+00:00

Sorry if I was confusing

No worries! ;)

Problems like this are really difficult to deal with in a forum setting - much easier if we all were sitting in front of the machine.

These M$ error codes are next to useless due to their ambiguity.
M$ does say this, though:
The STOP 0xC000021A error occurs when either Winlogon.exe or Csrss.exe fails. When the Windows NT kernel detects that either of these processes has stopped, it stops the system and raises the STOP 0xC000021A error. This error may have several causes. Among them are the following:

* Mismatched system files have been installed.
* A Service Pack installation has failed.
* A backup program that is used to restore a hard disk did not correctly restore files that may have been in use.
* An incompatible third-party program has been installed.

-- Have you tried booting and tapping F8 and trying to load the "Last Known Good Configuration?" Probably won't help, but worth a go. Or maybe even getting rstrui.exe to run in Safe Mode and trying that to get the compy in a state where you can proceed to try another repair?

-- Do you think your recovery partition is viable?

-- What about a complete wipe and then reinstall starting with something such as Darik's Boot and Nuke to wipe the drive and then try the reinstall from disc?

Sorry I can't be of more help - maybe Hugh has a better suggestion?

PP :)

hughv 104 Veteran Poster · Answer 8 · 2009-05-02T14:50:19+00:00

If you have the BIOS set to Boot from CD, Windows isn't involved. I question whether this is so. Double-check your boot settings.
If you're actually bootiung from CD, then you have a different problem-a bad CD, bad memory, over-heating or some such.

babiebkb123 0 Newbie Poster · Answer 9 · 2009-05-08T08:53:57+00:00

Ok, after some intense research, I found out that my PC is infected with Trojan.Win32.Small.bvb Normally this would be an easy bug to get rid of, but it seems like I got the worst of the worst. I also have a theory on why booting my system recovery discs gave me the "Windows Logon" blue screen error. This trojan modified my PC to where I have to login every time I use it which was never the case before. So, I tried to disable the automatic login, and after attempting to boot my system recovery discs again it went straight to the "windows logon" blue screen error instead of loading through the first screen like it did before. So now I'm thinking the reason why System Recovery will not work is because for some obscure reason the windows login system can't recognize a true user. I'm not sure if this is correct but it's the only logical thing I can think of. If anyone knows a way around this, I would really appreciate it because I'm almost about to raise the white flag.

hughv 104 Veteran Poster · Answer 10 · 2009-05-08T11:58:34+00:00

I don't think that's possible.
You're not booting to your recovery disk for some reason.
Try a known good bootable disk like an XP install disk, verify your BIOS boot order is set properly and try again.

PhilliePhan 171 Central Scrutinizer Team Colleague · Answer 11 · 2009-05-09T09:50:19+00:00

Ok, after some intense research, I found out that my PC is infected with Trojan.Win32.Small.bvb Normally this would be an easy bug to get rid of, but it seems like I got the worst of the worst.

I agree with Hugh's last post.

Additionally, I think the damage may be worse than a simple trojan. I suspect some system files have been irreparably damaged which is why I recommended a reformat.

An easy way to find out is to run the ESET or Kaspersky online scans (if you are able) in the linky below and post the resulting logs:

http://www.daniweb.com/forums/thread134865.html

PP :)