Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

XP Hangs on Boot, right before Welcome screen. 2

Status
Not open for further replies.
Mickerry

Mickerry

Technical User
Jan 8, 2005
118
US
Nasty little thing - my computer - intermittently (don't you hate that?) - hangs in boot right after the XP logo where the blue lines scroll/roll near the bottom of the screen. it seems to finish that but then hangs there and does not get to the welcome screen or the "windows is starting up" screen.

any ideas? my services.msc has been acting a little funny too - is there a service or two that, if disabled, might cause that? or anything else i might try to re-set? brainstorming most welcome.

Thanks, Mikl

Mikl

A bird in the hand makes typing difficult.
 
Sort by date Sort by votes
Sounds like either an infection, or some hardware troubles. I'd say first and foremost run checkdisk by booting into safemode. if that doesnt resolve the problem boot into safemode with networking and run an online scanner like which can only be run in internet explorer.
 
Upvote 0 Downvote
CHKDSK has been done, very recently and more than once ... i can try an on-line scanner ... is the one you suggested like Panda scan or Trend Micro Housecall or PC Pitstop, or different/better than those?
You suggested running it from Safe Mode with Networking ... would any or all of these scans benefit from running in Safe mode? Is that so that fewer systems are started, so the scan may find something that would otherwise be hidden?

Thx for your help
Mikl

Mikl

A bird in the hand makes typing difficult.
 
Upvote 0 Downvote
Have you checked the event log (run eventvwr.msc) to see if any clues there?

History? - when did it start this behaviour - and had you added/removed any hardware/software prior to this?

If it will boot in Safe Mode, first thing I'd try is run msconfig and disable all start up item. Reboot and if it loads ok (try as many times as makes you confident it always will) process of elimination (enable one at a time).

If you've not had a good antivirus program in place (good AV will prevent virtually 100% viruses if used properly) then suggest (if you can) mounting the drive in another machine & scanning it there.

malware/spyware is IMO more likely (scan with at least 2 if you can get then installed - eg, AVG, spybot, adaware, windows defender).

Of course if it will run Safe Mode, you could always try system restore to before the problem started (if restore point available).

But without knowing about any changes you might have made, can only generalise.
 
Upvote 0 Downvote
i did look at eventvwr and saw no clues, no events happening at the time of the failed boots. maybe it's so early in the boot process that eventmgr doesn't pick it up.

i'm not sure when this started, really ... 2, 3 weeks ago? not associated with any hardware changes, or software changes that i recall ...

gotcha on the msconfig startup - i can try that.

running AVG AV program - good reviews, as you know. also run ad-aware, spybot s&d, spyware blaster and Win defender weekly.

Mikl

A bird in the hand makes typing difficult.
 
Upvote 0 Downvote
To check your RAM.


To check your Hard Drive.

The drive manufacturer will have free diagnostic software to thoroughly check your drive for problems.

You can also load the Recovery Console and run ChkDsk /r to check for problems.

HOW TO: Install and Use the Recovery Console for Windows XP (Q307654)

To check your drivers.

HOW TO: Verify Unsigned Device Drivers in Windows XP


To check conflicting software.

310353 - How to Perform a Clean Boot in Windows XP

316434 - HOW TO: Perform Advanced Clean-Boot Troubleshooting in Windows XP

310560 - How to Troubleshoot By Using the Msconfig Utility in Windows XP




Removing adware & spyware
faq608-4650

Will check your computer for spyware and adware.



See if you have any services that are flagging as "Starting" but not actually running.


Some general things to try.

Try removing any easily detached hardware such as connected USB things.

Set the Bios to use Safe Defaults.

See if System Restore will get you back to a restore point before your problem with Windows.

Try Safe Mode (Do you have this problem in Safe Mode?).

Run the System File Checker program from the Run Box by typing.....Sfc /Scannow in it and have your XP CD handy.

If they don't work you could try repairing windows itself by running it over itself. You will lose all your windows updates but your files will be untouched.

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)
 
Upvote 0 Downvote
can you look and see if there were any minidumps created for these crashes? by default they should be in the c:/minidump folder. but for the simple things first, try F8 during the bootup and select "last known good". now this wont work if we have a software or security corruption in the registry, but this will fix any settings or tweaks that you might have done that finally triggered a bug in a third party driver.

last known good will load up the last good control set that worked for your system, this is at least worth a shot at first, so then you can better narrow down your search for the problematic cause.

i always try to start off with the easy stuff then if i have to work my way toward the hard stuff.
 
Upvote 0 Downvote
also forgot to say, one instance where this wont work is if a driver was updated but was already present in the last good control set, so that driver will still be there updated. there are a few other things but if you have to you'll come to that later if needed. i'd really like to take a look at a minidump if one was generated, not all the time this is possible cause there are certain arguments that can bypass the creation of a minidump..


and sorry meant to say c:/windows/minidump
 
Upvote 0 Downvote
and also, sorry i didnt read the initial post better, but it looks like it crashes before the first user mode process even starts, smss.exe, this is what opens up the page file and this is one example of when a dump will not be recorded. this step happens kinda late in the startup process, so we might have to take another approach if you dont have any minidumps to go on at first. since dumps are recorded in the page file area, if its not started by the process manager, the dump will not be written. so i hope this at least is running before you pc hangs or crashes.
 
Upvote 0 Downvote
Thanks all for your experience and thoughts ...
Dogbyte, the last Minidump is dated 6/10/07, for whatever reason that would be ...

Linney, RAM and HDD are fine.

I will try booting into Safe Mode shortly and see if the problem recurs there ...

have run CHKDSK /r, no problems. also have run sfc.

"See if you have any services that are flagging as "Starting" but not actually running." ... i'm used to going into services.msc, but would that be where i'd look to find out if services are flagged as Starting but aren't actually running? Do you mean flagged as starting in msconfig, for example? (BTW, i have been having a few ocassional sporadic problems with services suddenly getting Disabled in Services.msc out of the clear blue sky, no known reason ...)

System Restore is useless, it never seems to be able to successfully go to a restore point.

should i run and post a hijack this logfile? should i do it right here, on this thread? i haven't done that before ...

I surely could do a reinstall, but i'm trying to avoid it b/c of the problems for a while now of needing to take extra steps (i have them written down somewhere) to successfully re-load all those updates ...

So i'll try a Safe Mode boot soon here, see if it's a problem there too ...

thx again, for all your time. (love giving stars and will be taking care of that soon too ...)

Mikl

A bird in the hand makes typing difficult.
 
Upvote 0 Downvote
yeah i would run spybot S$D and Adaware before i really got deep into troubleshooting...
after you do that and it still hangs....then..
its not far enough along in the boot loader to be able to write a dump. there is more that we can try. but first...

have you tried last known good configuration yet?
if that doesnt fix it right off the bat, if you havent already, try to restore to a point that you know for sure you could boot up fine. if these two dont work, then its still narrowing down the choices we have and telling us what and where the probable cause is. could be registry, could be file corruption, could be bad driver/out of date/buggy driver causing exceptions. if these two choices dont work off the F8 list, then i would suggest boot logging, to see exactly where the boot process is failing.

this doesnt happen at every boot right?
 
Upvote 0 Downvote
and also, is your system set to automatic restart upon crashing? by default it is turned in XP. to check, right clk my computer---properties----advanced tab---startup and recovery---settings-- and under system failure, have reboot unchecked, this way if a BSOD is issued, then at least you can see it before the system reboots.
 
Upvote 0 Downvote
In Services, you would check for any Services which are listed as "Automatic", glance to the left along that line and see if they also say "Started".

System Restore is not as bad as you say, it is often a life saver. While you in Safe Mode, try System Restore from there, it often works in the cleaner Safe Mode environment when it fails in Normal Mode. It is also handy to have restore points which can be restored while not in the Windows environment such as in the Recovery Console.

As you have a semi-working install, you might be able to make use of Microsoft's Guided Help, which will do all the fiddly stuff for you.

How to recover from a corrupted registry that prevents Windows XP from starting

An easy to follow recovery console description when unable to start computer due to corrupt registry.

This is a layman's version of Q307545 in simple language.


Trouble with other Services that you mention, should not be ignored, and is a sure sign of an unhealthy install.

By all means post your "Hijack This log" as part of this thread, someone will look at it and tell you what might be a problem, if anything is.

System Restore Service. Make sure it is set to Automatic and started in your services.

Also check these.

Q310405 - How to Turn On and Turn Off System Restore in Windows XP

Q302796 - Troubleshooting System Restore in Windows XP
 
Upvote 0 Downvote
Dogbyte, i have taken your suggestion - no auto restart.

Linney, i did try the eset site in Safe Mode, - then Explorer went down in the middle of the scan, and would not re-start, as if there a network connection problem had developed ... but firefox started fine. strange.

also, you said "Trouble with other Services that you mention, should not be ignored, and is a sure sign of an unhealthy install." Basic suggestion i hear here is, do a repair install (at least) at some point soon. Do i have that right?
BTW, I have set up recovery console as a boot option, but i am not skillful at using the commands there. :-(

i am not clear about what the "How To recover from a corrupted registry..." procedure does ... it looks like it eliminates any changes made to the reg after install ... does it then use the restore point to re-install the changes made to the reg for all the programs that were added after Win was installed?
if it takes the reg back to pristine shape like right after install, I'd be better off doing a Repair install, cleaning up the windows parts of the reg and leaving the remainder alone and re-downloading all the Win Updates that would be waiting for me, in order to repair the reg without losing everything else that's in there. am i understanding these procedures rightly?

Thx for all your time and help. As luck would have it, not only did it fire up fine in Safe Mode, it then booted without problems three times in regular startup.

I certainly can do a HijackThis log file. Still seems like that might be helpful, since i don't trust that the problem is just disappeared. i know there are other sites that would look at that log too, if i needed that.

Thx again, i appreciate it.


Mikl

A bird in the hand makes typing difficult.
 
Upvote 0 Downvote
HijackThis Start-up log ... should i do a complete scan as well?
StartupList report, 1/30/2008, 5:27:58 PM
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG7\avgamsvr.exe
C:\PROGRA~1\AVG7\avgupsvc.exe
C:\PROGRA~1\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\AVG7\avgcc.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\PROGRA~1\WEBSHOTS\Webshots.scr
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\MDM.EXE
C:\WINDOWS\system32\mmc.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Michael\Start Menu\Programs\Startup]
MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

type32 = "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
SBDrvDet = "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
UpdReg = C:\WINDOWS\UpdReg.EXE
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
AVG7_CC = "C:\PROGRA~1\AVG7\avgcc.exe" /STARTUP
SiteAdvisor = "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
CTDVDDET = "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
BJCFD = "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
DMXLauncher = "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
SpySweeper = C:\Program Files\Spy Sweeper\SpySweeperUI.exe /startintray

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Creative Detector = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
WMPNSCFG = "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: NO!)
.pif: HIDDEN! (arrow overlay: NO!)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll - {089FD14D-132B-48FC-8861-0048AE113215}
(no name) - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Fire-Trust SiteHound - (no file) - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
MP Scheduled Scan.job
Norton SystemWorks One Button Checkup.job
RegCure.job
RoxioUpdator.job
Symantec Drmc.job
Uniblue SpeedUpMyPC Nag.job
Uniblue SpeedUpMyPC.job
Uniblue SpyEraser.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE =
[{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
CODEBASE =
[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
CODEBASE =
[Microsoft Data Collection Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSDcode.dll
CODEBASE =
[Creative Software AutoUpdate]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CTSUEng.ocx
CODEBASE =
[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
CODEBASE =
[SpinTop DRM Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\stg_drm.ocx
CODEBASE = file://C:\Program Files\Mahjong Escape - Ancient Japan\Images\stg_drm.ocx

[COPPDetector Control]
InProcServer32 = C:\Program Files\COPPDetector\COPPDetector.ocx
CODEBASE =
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE =
[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE =
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE =
[Automatic Driver Installation Control]
InProcServer32 = C:\WINDOWS\system32\gtdownlr_134.ocx
CODEBASE =
[Symantec AntiVirus scanner]
CODEBASE =
[Microsoft Data Collection Control]
InProcServer32 = C:\WINDOWS\system32\odc.dll
CODEBASE =
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE =
[TotalScan Installer Class]
InProcServer32 = C:\WINDOWS\system32\Panda Software\ActiveScan2\ascstubie.dll
CODEBASE =
[OnlineScanner Control]
InProcServer32 = C:\WINDOWS\system32\ONLINE~1.OCX
CODEBASE =
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE =
[Symantec RuFSI Utility Class]
CODEBASE =
[Kodak Gallery Easy Upload Manager Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\axofupld.dll
CODEBASE =
[NanoInstaller Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\NanoInst.dll
CODEBASE =
[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE =
[mhLabel Class]
CODEBASE =
[{A8F2B9BD-A6A0-486A-9744-18920D898429}]
CODEBASE =
[{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}]
CODEBASE =
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE =
[{CC450D71-CC90-424C-8638-1F2DBAC87A54}]
CODEBASE = file://C:\Program Files\Mahjong Escape - Ancient Japan\Images\armhelper.ocx

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE =
[Driver Agent ActiveX Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\driveragent.ocx
CODEBASE =
[Creative Software AutoUpdate Support Package]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CTPID.ocx
CODEBASE =
--------------------------------------------------

Enumerating Windows NT/2000/XP services

Ad-Aware 2007 Service: "C:\Program Files\Ad-Aware 2007\aawservice.exe" (autostart)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
ASInsHelp: \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)
AVG7 Alert Manager Server: C:\PROGRA~1\AVG7\avgamsvr.exe (autostart)
AVG7 Update Service: C:\PROGRA~1\AVG7\avgupsvc.exe (autostart)
AVG E-mail Scanner: C:\PROGRA~1\AVG7\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
BCMNTIO: \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys (autostart)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
Indexing Service: %SystemRoot%\system32\cisvc.exe (autostart)
Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.exe (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Diskeeper: "C:\Program Files\Diskeeper\DkService.exe" (autostart)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IIS Admin: C:\WINDOWS\system32\inetsrv\inetinfo.exe (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
MAPMEM: \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys (autostart)
Network DDE: %SystemRoot%\system32\netdde.exe (autostart)
Net.Tcp Port Sharing Service: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (autostart)
Norton Ghost: C:\Program Files\Norton Ghost\Agent\VProSvc.exe (autostart)
Norton Unerase Protection: C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (autostart)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
PfDetNT: \??\C:\WINDOWS\system32\drivers\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Roxio Upnp Server 10: "C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" (autostart)
LiveShare P2P Server 10: "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" (autostart)
Roxio Hard Drive Watcher 10: "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
sbbotdi: \??\C:\PROGRA~1\VIDEOA~1\sbbotdi.sys (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
SessionLauncher: C:\DOCUME~1\Michael\LOCALS~1\Temp\DX9\SessionLauncher.exe (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiteAdvisor Service: C:\Program Files\SiteAdvisor\6253\SAService.exe (autostart)
Simple Mail Transfer Protocol (SMTP): C:\WINDOWS\system32\inetsrv\inetinfo.exe (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (autostart)
Webroot Spy Sweeper Engine: C:\Program Files\Spy Sweeper\SpySweeper.exe (autostart)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 18,950 bytes
Report generated in 1.500 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Mikl

A bird in the hand makes typing difficult.
 
Upvote 0 Downvote
How To recover from a corrupted registry..."

This procedure uses the Snapshot of the Registry, contained in every System Restore point, to restore a corrupted Registry. You choose which System Restore point to use. Normally you would pick one not too far back in time, but far enough back to reverse leap frog the current problem.

Maybe (fingers crossed) you wont have any more problems, but somehow I don't feel that confident.

I notice you are running "Go Back", that is a program which can cause strange errors, likewise ZoneAlarm has a similar history.

To GoBack or SystemRestore !
thread779-928674

Try a "Hijack This" automatic analysis. It is only a guide, not gospel, but it will give you some "flags" to look at and think about.

HijackThis log file analysis

You seem to have enough malware protection and security, so you ought to be alright on that front.

People seem to be wary of a repair install, I'm not sure why, you only lose your Windows Updates, which with fast Internet, is only a couple of hours or less of downloading, programs and data are carried across safely. It is a valuable and quick repair strategy. One downside, however, is that it will also carry across malware and some corrupt registry entries entries, this is because it tries to save settings etc.
 
Upvote 0 Downvote
i've been a little wary of a repair install since i read about KB/943144, though before that issue started i'd used repair install semi-regularly.
but it's my next move if the one i just did doesn't work -- using Ghost 10.0 to revert my drive back to early Jan., the oldest date i have for reasons too lengthy and not worth it to explain, having to do with Ghost 12.0 not working out.

Mikl

A bird in the hand makes typing difficult.
 
Upvote 0 Downvote
Reverting the drive SEEMS to have solved the problem. you have a wealth of information, and i really appreciate your time and help.

Mikl

A bird in the hand makes typing difficult.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question
Windows 11 Screen Colours have changed (slightly) 3
Replies
14
Views
2K
pjw001
pjw001
spamjim
  • Locked
  • Question
Sanitizing illegal filenames on NTFS volumes
Replies
2
Views
231
spamjim
spamjim
pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
496
pjw001
pjw001
jmarkus
  • Locked
  • Question
Windows 10 Explorer - Thumbnail Icon View flashing old thumbnails briefly before showing current
Replies
0
Views
119
jmarkus
jmarkus
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
664
Flinx
Flinx

Part and Inventory Search

Sponsor

Back
Top