1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Can't get past the welcome screen in XP

Discussion in 'General Software' started by Chryonn, Nov 10, 2008.

  1. Chryonn

    Chryonn

    Joined:
    Feb 26, 2008
    Messages:
    1,035 (0.44/day)
    Thanks Received:
    100
    Location:
    London, England
    help! hello my trusted TPU'ers, i have a problem with XP starting up properly. this problem happened suddenly and i've been doing everything in my know-how to get it working. as is in the title, my XP will boot up fine right up to the blue welcome screen and just idle.

    sometimes the screen may go blue (the same colour as my default background wallpaper). usually when this happens i've gone to the boot up menu (F5 in my case) and selected Last Known Good config, and it brings it back to normal.

    i almost always found the welcome screen hang to be associated with installing antivirus software but that's by the by in this case.

    anyway, i've tried safe mode to hopefully "jar" something loose and start it up normally after, but still nothing. i've also tried restoring it to the day before when i set up a restoration point after wiping my drive of an annoying pop-up i had. i've run Spybot which reported a few malware that i've since banished, and Defender which reported nothing. i'm not using another PC to write this (thank god for safe mode with networking). so in my mind safe mode starting up is at least a good thing; i just can't get into my normal windows.

    i'm running XP 32bit with SP2, a QX6800 CPU, 2Gb RAM.

    i'd appreciate any help you can give me, thanks
  2. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,330 (2.03/day)
    Thanks Received:
    1,558
    Location:
    στο άλφα έως ωμέγα
    Hello, you still may have a rootkit, virus or something that took over and replaced one of you core files. Run "sfc /scannow" (without the quotes) in a cmd box or type it in at the run box.
    Make sure you have your windows disk in case it finds something it needs to repair. Here is the link to explain this feature:http://support.microsoft.com/kb/310747

    If that don't help then go here and run some of the online scanners to see if they will pick up anything. Honestly, run more than one 'cause some miss things others might pick up on.
    http://projects.securitywonks.net/projects/details.php?file=158
    Last edited: Nov 10, 2008
    Chryonn says thanks.
  3. kenkickr

    kenkickr

    Joined:
    Dec 5, 2007
    Messages:
    4,813 (1.96/day)
    Thanks Received:
    1,442
    Chryonn says thanks.
    Crunching for Team TPU
  4. Chryonn

    Chryonn

    Joined:
    Feb 26, 2008
    Messages:
    1,035 (0.44/day)
    Thanks Received:
    100
    Location:
    London, England
    first of all, thank you both for the helpful information. i've run malwarebytes before and it had detected some errant bugs. but here's the odd thing, i booted up normally and i've gone through to windows without any hindrance, so (fingers crossed) i may have my old XP back.
    EDIT: i actually hit the thanks button for you, kenkickr. but it's not showing up


    as requested here is the hijack this log file:

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:17:07, on 10/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\McAfee Firewall\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\program files\power strip\pstrip.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\MFP Server Control Center\Control Center.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\McAfee Firewall\McAfee Desktop Firewall for Windows XP\FireTray.exe
    C:\Program Files\Spybot\TeaTimer.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.fileplanet.com/[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common 
    
    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {93DC1A63-4562-4DEB-9BD7-EEA6AF4A4946} - C:\WINDOWS\system32\tuvuSkIA.dll (file missing)
    O2 - BHO: (no name) - {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - C:\WINDOWS\system32\mlJBrSMF.dll
    O2 - BHO: (no name) - {C511B31C-28F0-4ACD-B00F-B4951328B0AA} - C:\WINDOWS\system32\khfEXnLD.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network 
    
    Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\McAfee Firewall\McAfee Desktop Firewall for Windows XP\Firetray.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PowerStrip] c:\program files\power strip\pstrip.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\MFP Server Control Center\Control Center.exe -mini
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program 
    
    Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - 
    
    C:\PROGRA~1\Spybot\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network 
    
    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 
    
    Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=www.fileplanet.com
    O15 - Trusted Zone: *.antimalwareguard.com
    O15 - Trusted Zone: *.antispyexpert.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.spyguardpro.com
    O15 - Trusted Zone: *.storageguardsoft.com
    O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
    O15 - Trusted Zone: *.antispyexpert.com (HKLM)
    O15 - Trusted Zone: *.gomyhit.com (HKLM)
    O15 - Trusted Zone: *.imageservr.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.spyguardpro.com (HKLM)
    O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - 
    
    [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab[/url]
    O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - 
    
    [url]http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab[/url]
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - 
    
    [url]http://www.systemrequirementslab.com/sysreqlab2.cab[/url]
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - 
    
    [url]http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1221077950453&h=cc3fd2d1dc73a396520327c005[/url]
    
    d976e0/&filename=jinstall-6u7-windows-i586-jc.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - 
    
    [url]http://driveragent.com/files/driveragent.cab[/url]
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2BE71CA5-0433-4F1D-B462-22D59BF09A80}: NameServer = 62.30.112.39,194.117.134.19
    O20 - Winlogon Notify: c00CACD6 - c00CACD6.mat (file missing)
    O20 - Winlogon Notify: mlJBrSMF - C:\WINDOWS\SYSTEM32\mlJBrSMF.dll
    O20 - Winlogon Notify: sys32 - sys32.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device 
    
    Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\McAfee 
    
    Firewall\McAfee Desktop Firewall for Windows XP\FireSvc.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - 
    
    C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common 
    
    Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network 
    
    Associates\Common Framework\FrameworkService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/User/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
    Last edited: Nov 10, 2008
  5. kenkickr

    kenkickr

    Joined:
    Dec 5, 2007
    Messages:
    4,813 (1.96/day)
    Thanks Received:
    1,442
    I would clear out all those trusted spyware sites, cleaned BHO's, and DPF files. I really can't see much of anything else, besides McAfee but that's for other reasons. I myself would recommend Avast Home, http://www.avast.com/eng/avast_4_home.html, over McAfee but to each his own.
    Crunching for Team TPU
  6. BUCK NASTY

    BUCK NASTY F@H Mod & 4P Enthusiust Staff Member

    Joined:
    Aug 8, 2007
    Messages:
    4,445 (1.73/day)
    Thanks Received:
    3,518
    Location:
    Tallahassee, FL. U.S.A.
    What about a re-install of just the system files? If you are running a pirated version it may not be an option for you.
  7. Chryonn

    Chryonn

    Joined:
    Feb 26, 2008
    Messages:
    1,035 (0.44/day)
    Thanks Received:
    100
    Location:
    London, England
    right, i've cleared al BHOs, DPFs and those spyware sites. thanks again for your help
  8. kenkickr

    kenkickr

    Joined:
    Dec 5, 2007
    Messages:
    4,813 (1.96/day)
    Thanks Received:
    1,442
    Cool,cool:cool: Hope everything is working well for ya.
    Crunching for Team TPU

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page