Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot Trouble


  • Please log in to reply
6 replies to this topic

#1 EricZ

EricZ

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 31 January 2006 - 12:27 PM

Im running a Presario 6000 if it is of any relevance, And Windows XP Home Edition.

When I boot up my computer, and it enters Windows, It constantly hangs. It only hangs right after it is re/booted and after I end the process Explorer.exe, then restart that process it usually works fine. Sometimes it takes a second try to end Explorer.exe and restart it, but after the second try it always works fine.

There are two different types of "Hanging" that it does.

The first is whenever I move the cursor over the taskbar it turns into the hourglass, and is the regular arrow anywhere else on the screen. When I click on a item on my desktop, It doesnt get highlighted and doesnt execute, And I cant do anything until I restart Explorer.exe.

The second type of problem which occurs is where the cursor stays as an arrow all the time, But I can't click on the Start Button. I can click on items on the desktop, and they will get highlighted, But when I doubleclick to open them nothing happens. If I have a program set to run on startup, such as MSN Messenger, It runs like normal, But doesn't show up on the taskbar. And the only way I can switch windows is through ALT + TAB. Like the first type, This is usually resolved through restarting the process Explorer.exe.

I'm looking for a way to rid myself of this problem every start-up, Once and for all.

Thank you all in advance :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 franktiii

franktiii

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 31 January 2006 - 12:34 PM

There are a couple of possible solutions to your problem. The first suspicion is virus or malware related. I would recommend running and posting a hijack this log for analysis. For instructions on how to do this go to:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


If your system is clean, then it may be a corrupted file or driver in windows, which should be repairable. But first let's make sure there are no nasties causing the problem.

#3 EricZ

EricZ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 31 January 2006 - 01:08 PM

I ran Cleanmgr, Ad-Aware SE Professional, and Spybot Search and Destroy, Housecall, Stinger,

Ad-Aware found 22! Critical files/folders, which I removed.

Spybot S&D didn't find anything. And Stinger is currently running, but taking a very long time, so i'll say if it found anything when it finishes.

Here's the HijackThis log.


---

Logfile of HijackThis v1.99.1
Scan saved at 1:05:40 PM, on 1/31/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\stng259.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s15.invisionfree.com/The_Forgotten_...dex.php?act=idx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus7.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\System32\msnscps.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [cleaner] lib.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A55C641-61E8-4DD4-8849-6BEC39E25E27}: NameServer = 85.255.113.106,85.255.112.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A35F99F-C63C-4DFF-9CDA-47862EF0B676}: NameServer = 85.255.113.106,85.255.112.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{B32AE2FC-D300-4A8A-BE12-304BBA768BF7}: NameServer = 85.255.113.106,85.255.112.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A55C641-61E8-4DD4-8849-6BEC39E25E27}: NameServer = 85.255.113.106,85.255.112.111
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

---

#4 just me

just me

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 31 January 2006 - 01:44 PM

You are running HijackThis form your desktop. The instructions for producing and posting HijackThis logs indicate that HijackThis should be unzipped to C:\Program Files\HijackThis. This is necessary to ensure you have backups should anything go wrong. Please see the instructions again:
Preparation Guide For Use Before Posting A Hijackthis Log
Instructions for receiving help in cleaning your computer

In those instructions there is also a link to where HijackThis logs are normally posted:
Post a HijackThis log

#5 EricZ

EricZ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 31 January 2006 - 03:35 PM

I fixed this issue already by disabling some of the programs that would run on start up via MSConfig.

#6 franktiii

franktiii

  • Members
  • 309 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 31 January 2006 - 03:47 PM

I would still post the Hijack This Log. Start a new post (the HJT folks will think that you are being helped in this post) and wait for someone to have a little time to help you. The HJT folks are good, but they stay busy.

#7 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:08:27 PM

Posted 31 January 2006 - 09:57 PM

You need to rePOST your HJT log in the HJT Forum so that a HJT Team Member can review it and make recommendation. Posting it here will not get you any closer to a solution.
If you have not read "Preparation Guide for use before posting a HijackThis Log" I suggest you do. Please follow the instruction so you are helpped in a timely manor. Once you have a current HJT log, please post it in the " HijackThis Logs and Analysis Forum".
"2007 & 2008 Windows Shell/User Award"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users