TechSpot

Windows stuck at login screen

By Transform
Oct 19, 2008
Topic Status:
Not open for further replies.
  1. Transform

    Transform TS Rookie Topic Starter Posts: 70

    here is my HJT log for post#23:

    ----------

    Moderator Edit:
    Pasted HJT log removed, and then attached
    Please attach your logs, do not paste them into a reply
    .

    This is the second time I have attached your pasted logs Transform, in any future posts any pasted logs will just be removed
    You must ATTACH the logs, not paste them in
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    To the Moderator: thank you for removing the paste and attaching the log. It's very difficult to work through the log in the pasted format.

    The only entry I see that needs to be removed is this:
    I had asked
    Otherwise the log is clean. Make sure the Java is showing as v6u10 in Add/Remove Programs. It appears it only displays as Jave v6 in the log.

    What is the system status now? Have the original problems been resolved? If so, we can finish up:

    * Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe)
    * Click the CleanUp! button.
    * It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).

    Clear your existing System Restore points and establish a new clean restore point:
    Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
    Next, go to Start > Run and type in cleanmgr> Select the More options tab> Choose the option to clean up System Restore and OK it.
    This will remove all restore points except the new one you just created.

    Please let us know if you need further help.
  3. gguerra

    gguerra TS Enthusiast Posts: 559

    It may be too late now but nobody mentioned it.. Boot in safe mode (or normal mode) and do a system restore to a point when the computer was working.. This is assuming you have it turned on. If you dont get start menu and icons you can run it from task manager here C:\Windows\System32\restore\rstrui.exe
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Sadly it is too late to do this, as by doing this it will cause all the support fixes already done to be removed

    Note also the System Restore points are usually the first part to be infected
  5. Transform

    Transform TS Rookie Topic Starter Posts: 70

    Firstly I must apologise for pasting the log. I used to regularly use another forum where I would always be told to paste the logs. I will remember to attach them from now.

    Secondly, VNC is what I use to control the computer with the problem. Unfortunately the problem is still there :(

    I believe it happened at the beginning of the year when I installed Kaspersky onto the computer. I have spend a long time since trying to rectify the problem with no luck. Where do I go from here?
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This thread has gone over a two week period. Replies have sent you in different directions and it appears you've gotten nowhere. I suggest we begin again, running MalwareBytes, SuperAmtispyware, then HIjackThis.

    Please attach the logs from the programs. We will try to go in one direction. If you did a repair, what was done got undone. Let's try and go straight through and see if we can resolve the issue.
  7. Transform

    Transform TS Rookie Topic Starter Posts: 70

    Before running the scans I noticed that the Windows Firewall was not on and so there is a large number of spyware in these logs. I have now turned on the firewall and re-ran the scans which came out clear 2nd time around. Here is all 3 scan files for you.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I can only work with what I'm seeing in the logs. From a malware point of view, you're in worse shape now that when you started! I can't chalk it all up to not having the Windows firewall on:

    Your first Mbam log was clean. The current one shows multiple infections.

    The current SAS log shows multiple tracking Cookies. Instructions were given to reset Cookies. Apparently that wasn't done as the current SAS log if full of them!
    Have SAS remove all findings. These screen shots will help you find the features to check. Click on any of the screens to enlarge:
    http://superantispyware.en.softonic.com/images

    Reset Cookies:
    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below:
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot.

    Please advise system status, IT doesn't seem like any progress is being made and when you followed the repair instruction, what had been done previously was undone.
  9. Transform

    Transform TS Rookie Topic Starter Posts: 70

    thanks for your reply.

    I went into SAS and Manage Quarantined Items and deleted the tracking cookies. I then edited the cookie settings in IE as shown. HJT entries also removed.

    I guess all the viruses have been deleted but the same problem on startup still occurs.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This is a system you're doing a remote on overseas, right? I don't know what's going on with it! Even from a malware issue alone, it's not under control and the original problem wasn't resolved. Honestly, I don't know what to suggest. I am very conservative with reformat suggestions, but the system doesn't sound like it's in good shape and that might be the answer.
  11. Transform

    Transform TS Rookie Topic Starter Posts: 70

    the whole thing came about from installing kaspersky anti virus onto the machine. the computer seems to run perfectly fine except for having to manually start the explorer process on startup. reformatting really would be the last resort as there multiple users on the system.

    i think the malware only came back because after the windows repair, it turned off the firewall. now the firewall is on, it seems that the malware issue has gone.

    i dont know what to do next :confused:
     
  12. sent12b

    sent12b TS Rookie Posts: 21

    --> If we are able to bring up the Task Manager check if we correct registry
    entries

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Shell"="Explorer.exe" (REG_SZ)

    "Userinit"="C:\WINDOWS\system32\userinit.exe,"
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I am very reluctant to send someone into the Registry. There are dangers doing that and doing a backup first should be stressed. If this person is doing remote assistance, he should be aware of the Registry settings. Unfortunately, this person has been sent in too many directions- a Windows Repair to name a major one.

    If you go back and read the posts, you will see that this is about doing a remote assist, where the 'helper' should have access to all the files on the system.
  14. Transform

    Transform TS Rookie Topic Starter Posts: 70

    I am confident enough to edit the registry but what do I do next?
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Too bad that the person who made the suggestion didn't give directions. I will leave it up to that person. But I will tell you to back up the Registry before making any changes.
  16. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes I would be interested to read sent12b's suggestions on this, and then him sticking with the thread and fully resolving the matter. :)
  17. Transform

    Transform TS Rookie Topic Starter Posts: 70

    Tried this but the registry values were the same as above...
  18. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes well if you look back at Post#2 (the second post in this long thread) this was already covered fully. So the last few posts (7 of them!), resolved, well nothing!

    You were being helped by Bobbye, who is probably one of the best (expert that is) on this. (you can tell this by any single one, of his posts)


    I believe for you to get Explorer working again, you may need to do the following:
    Un-install any live protecting software, this includes Antivirus; Firewall; Spyware monitoring programs.
    Run a Repair on Windows, see h e r e on instructions
    Once the repair is complete, please inform us of the outcome
    Note: Running a repair will involve re-activating Windows, and then updating all Windows security updates again

    Please try that
    Note: No data is normally (ever) lost whilst doing a repair, but it is always stated to backup first.
  19. Transform

    Transform TS Rookie Topic Starter Posts: 70

    I guess I should uninstall these things with the Internet disconnected to stop anything accessing the computer?

    Do I need to uninstall all the spyware programs even if they are not running all the time?

    The only thing always running is the AVG anti virus software.
  20. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes.... All of them :)
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You can use File> Work Offline for the security uninstalls.

    Check one thing for me please: Control Panel>Folder options> View tab> CHECK 'do NOT show hidden files and folders'> Apply> OK. Some have noticed- myself included-that if 'show' is left, it can sometimes cause Explorer crashes.
  22. Transform

    Transform TS Rookie Topic Starter Posts: 70

    Here are the results:

    Tried 'do not show hidden files and folders' technique but didnt work.

    Removed all antispyware/virus programs and also removed other programs not being used on the system.

    Next I ran the XP repair however I still had to bring up task manager as the user profile stalled on the wallpaper screen.

    Does this mean that the problem isn't with the operating system but some file(s) from a piece of software on the computer?
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Do you understand that every time you run a repair you undo what we've done?! We're at Post #48 and getting nowhere! Maybe you should just reformat and be done with it.
  24. Transform

    Transform TS Rookie Topic Starter Posts: 70

    Well excuse me but I am following kimsland's advice. Anyhow, I dont think I can reformat because I will lose all the extras that are given by dell.
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please review Post #5. It was NOT kimsland who told you to do the repair:
    kimsland and I have both told you that doing this undoes all the previous work we have done.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.