Windows Legacy OS forum

General discussion

XP wont let me log on

by kd7yar / December 14, 2004 2:36 AM PST

Recently my Dell 4600 with XP would give me a welcome/log on screen at start up, which it never did before in the 8 months I have owned it. On the screen is my main and only identity with the icon that I chose for this identity. I am given the option to click the identity I wish to use or shut down my computer. When I click on the icon for the identity a message comes up for no longer than one second that says "loading profile", then the screen blinks, and it then says "logging off", and I am taken back to the main log on screen with the icon and identity name. The only way I have been able to get back into XP is to do a reinstall from the rescue disk, but each time I shut the computer off the same thing starts up when I power up. I have norton 2005 with the current definitions, I have used a few web based virus scan programs, and I have run several spyware scans to no avail. The Dell tech. does not know what to say other than I must have a virus, but I dont think that I do. Any ideas???

Discussion is locked
You are posting a reply to: XP wont let me log on
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: XP wont let me log on
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: XP wont let me log on
by R. Proffitt Forum moderator / December 14, 2004 2:43 AM PST
In reply to: XP wont let me log on

You didn't NAME what spyware scans you used. This is a common form of malware that can be inflicted on internet explorer users and the incidents are rising. Maybe we'll get a one cure for all someday, but for now I have to dissect each case one by one.

Tell what scans you used.

Bob

Collapse -
Re: XP wont let me log on
by kd7yar / December 14, 2004 3:02 AM PST

I used ad-aware, "spy catcher" in Ghost Surf Pro, and a2 personal to scan for spyware. All 3 found various programs that the others did not, but I had them all deleted.

Collapse -
Think about why these get on your machine.
by R. Proffitt Forum moderator / December 14, 2004 3:09 AM PST

What good does it do to remove them if you go back on the internet and put them back on the machine?

Think about it.

Bob

Collapse -
Re: Think about why these get on your machine.
by kd7yar / December 14, 2004 3:17 AM PST

I dont quite know what the point of your post is since I have not been on the internet since this problem started (I am using my daughters computer now), I reboot with the boot disk then scanned with Norton and the other programs with my modem turned off. Since the initial scans nothing has showed up, but I still cant log on. Anyone have any advice?

Collapse -
" I have been able to get back into XP "
by R. Proffitt Forum moderator / December 14, 2004 3:23 AM PST

This is when you can use the HIJACKTHIS to find the pest.

I'm very bullish that we need to start addressing how these pests get onto the machines. You have to think about it or it will happen again and again.

Bob

Collapse -
Re: " I have been able to get back into XP "
by kd7yar / December 14, 2004 3:31 AM PST

I will try it later today, thank you!

Collapse -
After you install a safer browser...
by R. Proffitt Forum moderator / December 14, 2004 3:16 AM PST

Go read about HIJACKTHIS and look the Virus and Security Forum about what to do with a HIJACKTHIS LOG.

If you can produce a log, feel free to post one in a reply here, but remember that we don't do these often. But many will take a peek.

Bob

Collapse -
Here is the log...
by kd7yar / December 15, 2004 10:35 AM PST

Logfile of HijackThis v1.98.2
Scan saved at 7:31:05 PM, on 12/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee.com\Agent\McDash.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Documents and Settings\Bryan\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/techsupp/servlet/ProductMessages?product=LU&version=1.90&language=English&module=LU&error=1814&build=Symantec
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe, %SystemRoot%\iProtect.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1BB87441-6B7F-4B60-885C-B7AF9F9AFDE3} - C:\WINDOWS\SYSTEM32\comnt32.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D8FF9A84-FEB9-4B4B-B36B-D46570203C39} - C:\WINDOWS\SYSTEM32\key.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [Mskexe] C:\Program Files\McAfee SpamKiller\msk\winxp\SpamKiller.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Microsoft] c:\wintask.exe
O4 - HKLM\..\Run: [Microsoft Critical Security Update] "%SystemRoot%\securityconnect.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Windows Security Manager] c:\winsecure.exe
O4 - HKLM\..\Run: [Microsoft Security Update] "%SystemRoot%\security32.exe"
O4 - HKLM\..\Run: [Microsoft Cab Manager] c:\exec.exe
O4 - HKLM\..\Run: [Printer Spooler] c:\printerspooler.pif
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\RunServices: [WinTask] c:\wintask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
O4 - Startup: Scheduler.lnk = C:\RECYCLER\NPROTECT\00024967.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: default.scr
O4 - Global Startup: highspeed-cable.exe
O4 - Global Startup: Norton Internet Security.lnk = ?
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

Collapse -
There is some unknown items there. And why this is...
by R. Proffitt Forum moderator / December 15, 2004 11:05 AM PST
In reply to: Here is the log...

Bad. Many pests rename themselves to hide.

The first unknown entry is ...

-> O2 - BHO: (no name) - {1BB87441-6B7F-4B60-885C-B7AF9F9AFDE3} - C:\WINDOWS\SYSTEM32\comnt32.dll

Unless you can identify it, then my choice would be to excise it. You need to know each item or find such on Google.com or treat it as a suspect.

http://www.google.com/search?hl=en&lr=&q=key.dll+hijackthis finds KEY.DLL to be very suspect.

http://www.google.com/search?hl=en&lr=&q=c%3A%5Cwintask.exe+hijackthis finds WINTASK.EXE to be another suspect. And it's in there more than once.

-> Point!!! Microsoft does not drop executables in the root directory such as c:\winsecure.exe. You really need to find out what this is for.

Remember that malware writers love to pick names like that.
c:\exec.exe and c:\cab.exe is also "suspect".

Yes, you have some pests in there and most likely that IncrediMail isn't helping. Many will go into some strong denial position, but use of Internet Explorer, Outlook Express (with the Incredimail addin) can let the pests in.

While I see signs of many commercial ANTI-this software, this issue is not addresed with those.

Best of luck kicking the pests out.

Bob

Collapse -
Well...
by kd7yar / December 19, 2004 10:47 AM PST

it took about 2 weeks, but I am now able to shut off my computer and restart without problem, so thank you a great deal. Hijackthis did the trick. I do still however have one question. I think that the malware came from a download that I scanned with Norton A/V 2005 with updated definitions prior to opening. If I scan the programs that I download prior to executing them, will I still have this problem in the future, or was this a freak event? Thanks again!

Collapse -
Norton did not catch it because...
by R. Proffitt Forum moderator / December 19, 2004 11:02 AM PST
In reply to: Well...

"It's not a virus."
- Symantec rep I cornered at a trade show.

It's fairly rare to download such spyware. It's more common via e-cards, Internet Explorer exploits (please use Mozilla or Firefox), software that bundles spyware etc.

Norton isn't the right tool for this...

Glad to see you fixed it.

Cheers,

Bob

Collapse -
I switched to
by kd7yar / December 19, 2004 11:14 AM PST

Firefox, and I have been much more paranoid about where I go on the internet. thanks for all of the help!

Collapse -
same problem
by cliche / January 25, 2005 4:56 AM PST
In reply to: I switched to

hello i have had the same problem. when i click on my user it logs me straight out again. i have used HIJACKTHIS to get my logs and i need "some knowledgeable folk" to have a look at it for me and tell me what to delete. can anyone help me please?

Collapse -
Window XP won't let me log on
by johnbrentlinger / June 16, 2006 3:26 PM PDT
In reply to: XP wont let me log on

A few days ago I was scanning my computer with McAfee Virus Scanner. All of the sudden the computer froze on me and was force to turn off my computer. Now everytime I try to log on(welcoming/log on screem) a McAfee pops up saying that a theres a suspect file and recommends to scan my computer.Theres a flash and then it just logs off immediately sending me back to the welcoming screem. I have a HP Pavilion 7940 computer and have no idea how to fix this problem. Any ideas?

Collapse -
This is caused by Proxy-Piky trojan virus
by fastlad / June 17, 2006 3:20 AM PDT

Mcafee instructs disabling system restore in order to remove the virus, normal scan does not automatically remove it, but the problem is cannot get into windows to do that, so now what, i am having the same problem with a friends computer that had Mcafee virus and firewall both on it. Please advise if anyone knows a good way to fix this problem. Windows logs you right in and right back off. What a mess. Reinstallation does not fix the problem, nor does Repair installation, it goes right back to the problem, Mcafee says it cleaned it, but when computer is restarted---OOPS there is the problem again.

Collapse -
Same problem on my daughter's PC
by gaara-of-the-funk / July 13, 2006 11:47 AM PDT

She also has McAfee virus scan. I wall able to get past he logon screen (once) by doing a fixboot on the mbr> Virus scan ran and cleaned it. Everything was fine until she had to shut down and reboot. Now I can't get past the log on screen. Nothing works! HEELLPPP!!

Collapse -
HIJACKTHIS
by gaara-of-the-funk / July 19, 2006 4:21 AM PDT

I see reference to HIJACKTHIS as a means to get info on damaging files on the harddrive. Can this be used from the DOS prompt (in the Windows XP repair mode) via a CD? I cannot log on to Windows XP due to the Proxy Piki virus ... even in safe mode, as User or Admin. I am desparately trying to avoid refromatting the hard drive. Any other suggestions?

Collapse -
Start your own post please.
by R. Proffitt Forum moderator / July 19, 2006 7:53 AM PDT
In reply to: HIJACKTHIS
Collapse -
Try avg free virus software
by whiskers78 / September 10, 2008 11:24 PM PDT
In reply to: HIJACKTHIS
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

We are giving away 'Black Panther' swag!

Four lucky readers will be taking home *Marvel*ous "Black Panther" prizes, including magazines autographed by the King of Wakanda himself! Giveaway ends Feb. 25, 2018.