Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot hang @ xp splash screen


  • Please log in to reply
1 reply to this topic

#1 philhuy

philhuy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 11 February 2011 - 11:46 PM

I am helping a friend clean out his dell laptop. When i got it, the laptop was infected with dozens of viruses/malware and most notibly hang on the xp splash screen with the loadbar for ~5min. When the system booted to windows, all administrator functions were not functioning, windows securty center was overwriten, windows update not functioning and website unreachable, and everything ran slow.

Dell Vostro 1500
Windows Xp Home SP3

Current Problem: System hangs on the xp splash bootscreen with white loadbar for about 5 minutes.

What i did:
Booted safemode and disabled all startup items and rebooted.

Updated Avast Antivirus and spybot.

Rebooted and ran both anti-malware programs separately, they both found many malware issues and removed them.

After removal of malware, i rebooted and was able to once again regain admin controls over the pc and re-enable windows security center.

I ran windows update and brought everything up-to-date. I uninstalled all useless and most probably hazardous software. Rebooted.

I removed older versions of software ei. java/adobe and installed fresh up-to-date versions.

I removed the old video card drivers and installed the newest version fresh. Rebooted.

I ran system cleanups and computer defrag. Rebooted.

I installed microsoft security essentials, ran it and rebooted. After i ran Avast and spybot again and no malware hits.

The computer runs fine however the 5 min boot hang a the xp splash screen still occurs.

I installed the recovery console.

I did a SFC /scannow, /CHKDSK /F /R, fixboot, and fixmbr.

Non of those commands did anything to correct the boot hang on the xp splash screen. It just pauses there for about 5 minutes.

I checked for any conflicts in the device manager and found none.

I am out of ideas, if you have any pleaes reply.

Here is the list of malware that was found on the computer before it was removed:
57b38d8-7926344 Win32:Dropper-FFC [Drp]
A0130853.lnk.vir LNK:Lnkbaddst-S [Trj]
A0142011.exe Win32:FakeSysdef-AO [Trj]
A0142012.dll Win32:FakeSysdef-AO [Trj]
A0142013.exe Win32:FakeSysdef-AO [Trj]
A0142448.exe Win32:Crypt-IJJ [Trj]
A0142449.exe Win32:Crypt-IJJ [Trj]
A0142450.exe Win32:FakeSysdef-AO [Trj]
KAVS.class Java:Jade-A [Heur]
KABS.class Java:Jade-A [Heur]
KB221863734.exe Win32:Crypt-IJJ [Trj]
KB221895171.exe Win32:FakeSysdef-AO [Trj]
nHkCpLd06504.exe Win32:Crypt-IJJ [Trj]
pizdi.class Java:Agent-BM [Expl]
purok.class Java:Agent-BW [Trj]
svchost.exe.hdmp Win32:Alureon-LU [Trj]

Exploit:Java/CVE-2010-0840.AN
Trojan:Win32/Hiloti.gen!D

I also have a bootlog from before:

Service Pack 3 1 29 2011 18:42:36.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver ohci1394.sys
Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver cercsr6.sys
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver PCTCore.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\bcmwl5.sys
Loaded driver \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
Loaded driver \SystemRoot\system32\DRIVERS\nic1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\sdbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\rimmptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\rimsptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\rixdptsk.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\drivers\sthda.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSF_DPV.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\System32\Drivers\aswTdi.SYS
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\arp1394.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\aswSP.SYS
Loaded driver \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
Loaded driver \SystemRoot\System32\Drivers\Aavmker4.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\aswFsBlk.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\System32\Drivers\aswMon2.SYS
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Did not load driver \SystemRoot\System32\Drivers\Parport.SYS
Did not load driver \SystemRoot\System32\Drivers\Serial.SYS
Loaded driver \SystemRoot\system32\drivers\AVRec.sys
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys
Loaded driver \SystemRoot\system32\drivers\AVHook.sys
Loaded driver \SystemRoot\system32\drivers\AVFilter.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Loaded driver \SystemRoot\System32\Drivers\aswRdr.SYS
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:48 PM

Posted 12 February 2011 - 08:32 AM

Since the system has a history of malware problems...that's where I would start. I would post in the Am I Infected forum here at BC.

But...since you are not me and seem to believe that malware is no longer a concern...I can only say that you might try a repair install of XP, at this time.

<<I installed microsoft security essentials, ran it and rebooted. After i ran Avast and spybot again and no malware hits.>>

Does that mean that you currently have two AV programs installed/running? If so, I suggest that you remove one.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users