Windows XP Hangs on Login

[Jimbo2150]

I have had this problem for YEARS, I just never bothered with it before. As long as I have had XP it has done this within a week of any fresh Windows XP install.

When I boot up and have the blue "select user to login" blue screen, if I select my user (there is only one anyway) within a short period (a minute?) of the screen appearing (after the black 'boot' screen disapears), it will load the desktop and start bar but then hangs for a while. Usually about a minute or two.

If I mouse-over the start bar the icon turns to an frozen hour-glass. Other programs start loading durring this time, but the ones that load before the start bar unfreezes do not show up with their icons in the taskbar (next to the clock).

Simillary, at some random times it seems to lock up (start bar and desktop) for a short period of time (about 30 seconds).

My guess is explorer.exe is the culprit. If I hit alt-cntr-del and end the explorer.exe task, then choose run->explorer.exe it will reload fine.

I have run anti-X (virus, spyware, etc), so don't try to blame it on a virus. It has happened for years and I HIGHLY doubt it is a virus or spyware.

[rightcoast]

Just an honest question:

Are you talking about Cisco's (expensive) adaptive Anti-x measures, or some antivirus application no one has ever heard of?

[Jimbo2150]

X stands for a variable. The variables are listed in the ()'s. Meaning anti-spyware, anti-virus, etc. I have used nearly all of them (Norton, Kaspersky, AVG, McAfee, etc.) My favorite of them all is Panda, which I use now. Nowhere in this message did I mention anything about Cisco.

[rightcoast]

Ok...like I said honest question, no need for a flame my friend.
Cisco makes a product nicknamed Anti-X. Which was a possibility since you said

Quote:

I have run Anti-X

Luckily I deal with angry end-users all day. I need to ask another honest question.

Quote:

I have used nearly all of them (Norton, Kaspersky, AVG, McAfee, etc.) My favorite of them all is Panda, which I use now.

Those are all anti-virus applications, but none of them are very adept at removing spyware. Have you used any programs specializing in spyware, and if so which ones?

In either case, since you have used many applications as you have pointed out. Why don't you run Hijack this, and post a log, so we can eliminate the possibility to everyones satisfaction and take it from there.

Hijack-this:
http://www.spywareinfo.com/~merijn/downloads.html

[Jimbo2150]

I was not being hostle tword you, just pointing out that you really over-assumed and over-analyzed a simpler situation.

Here is the HiJackThis log:

** START OF LOG **

Logfile of HijackThis v1.99.1
Scan saved at 1:22:55 AM, on 3/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-max-nt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
G:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\WINDOWS\system32\ctfmon.exe
G:\program files\valve\steam\steam.exe
C:\Program Files\Abyss Web Server\abyssws.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
G:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Abyss Web Server\abyssws.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
G:\Program Files\MySQL\MySQL Administrator 1.0\MySQLSystemTrayMonitor.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Jim\LOCALS~1\Temp\Rar$EX00.938\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchdot.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\System32\crazytalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [gcasServ] "G:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "g:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AbyssWebServer] C:\Program Files\Abyss Web Server\abyssws.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: MySQL System Tray Monitor.lnk = G:\Program Files\MySQL\MySQL Administrator 1.0\MySQLSystemTrayMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Monitor Apache Servers.lnk = G:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: WinInsider - {27cead85-f307-4275-b396-e34cd8c4221f} - http://www.wininsider.com (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FastNet99 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FastNet99 - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.broadbandreports.com
O15 - Trusted Zone: *.cnet.com
O15 - Trusted Zone: *.news.com.com
O15 - Trusted Zone: *.download.com
O15 - Trusted Zone: *.dslreports.com
O15 - Trusted Zone: *.gamespot.com
O15 - Trusted Zone: *.launch.com
O15 - Trusted Zone: *.pandasoftware.com
O15 - Trusted Zone: *.sbc.com
O15 - Trusted Zone: *.yimg.com
O15 - Trusted Zone: *.zdnet.com
O15 - Trusted IP range: http://198.87.82.242
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebca...ebMonProj1.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12e3a296...p/RdxIE601.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://64.119.5.59/home/SonySncRz30View.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_2.ocx
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O20 - AppInit_DLLs: PAVWAIT.DLL CTRLPAN.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BMFTPRealTimeStats - Selom Ofori - C:\Program Files\Selom Ofori\BlackMoon FTP Server\3rdParty\BMFTPRealTimeStats.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Dynu Basic Dynamic DNS Service v2.6 (DynuBasic) - Unknown owner - C:\Program Files\Dynu Systems\Basic\basicsvc.exe (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe

** END OF LOG **

MOST of this stuff is legit, besides a couple of search urls, and I am not sure what that IP address is doing in my Trusted sites listing.

As for spyware I have used MOST of them at one point or another, but since some of them were under fire for allowing certain spyware through or installing spyware themselves I stuck with AdAware (latest version). Today since AdAware is under fire now as well, I am using Microsoft Antispyware Beta which seems to catch more than any of the others.

[rightcoast]

Yeah it is obvious from what is on your PC you know enough between using MySQL, Apache etc. to keep your PC clean. Please understand whether it is work or here, you never know just how much someone knows or doesn't...the best way to find out is just ask the question. For all I knew Anti-X was the latest on the Rouge spyware app list and I figured I would save the Google time and ask. I will look over the rest but since you didn't know who's IP that was, that can be an obvious red flag. I got you a contact:
Email:
support@verio.net and ask what that IP is doing in your trusted sites zone.
or you can call:
1-800-551-1630 and see who answers, ask them "what up" ...lol

Lemme look over the rest, I wanted to track that down for you. Sounds like it will be an OS issue, but I haven't really done anything but skim your log. I just know if it was me I would want that email and # asap.

Edit: CA says your searchv is a hijack trojan: alias: MsUpdate, W32/Dumaru trojan
Google Cache:
http://64.233.161.104/search?q=cache...pest/pest.aspx

EDIT2:searchdot is serving up malicious scripts as well....you are most certainly infected Jim.

This may not explain why you have had the extended issue for such a long period, but it is one of your problems.

My advice would be to scan again, this time with fully updated AV, in safe mode, after cleaning out your browsers cache etc...

this may be overkill, but if followed it is a guaranteed fix:

http://forums.majorgeeks.com/showthread.php?t=35407

[Lobos]

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's
anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers
when you are following the procedures below.

Download CWShredder and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Run hijack this check each one below in bold with all browsers closed click fix

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

[CWS] - R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchdot.net
- CWS Domain Contained in Address (searchdot.net)
[CWS] - R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
- CWS Domain Contained in Address (searchv.com)
[CWS] - R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
- CWS Domain Contained in Address (searchv.com)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

[X] O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
-YourSiteBar (YSB.DLL)

[X] O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12e3a29...ip/RdxIE601.cab
-Netster


The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.


Post another Hijackthis log

[Jimbo2150]

This is getting rediculus. I have been working with computers for years and removing minute details of spyware that has been long since deleted is not going solve anything. I added the YAHOO search blocks in there myself and Yahoo is my default search engine.
I did remove that SearchV and Search.net, but it was an obsolete string as it was. The YoursiteBar has long since been removed and was also an obsolete string. The last one was simply a RealPlayer Cab. I removed RealPlayer a while ago and that is really not doing anything. You guys are worse than all that tier 1 telephone junk that they run you through only to tell you that they cannot fix the problem.

Asking me to delete this rediculus nonsense is not going to solve it.
Just as I have noticed from the beginning, and as RightCoast pointed out, it is probably an OS issue.

So please stop with all this, 'run this, run that, run it again just to remove remnants of spyware that I am ubsessed with'. Save it for people who know no less and have a million on their computer.

So I ask of you all, if anyone who HAS HAD THIS PROBLEM AND HAS CORRECTED THE ISSUE, if you would be so kind as to post the fix you used.

EDIT:
Here is the detailed story:
My computer runs fine eitherwise except when logging in, then explorer.exe just craps out for about a minute or two (I never really timed how long it lasts). Everything else loads (startup programs). Once explorer.exe gets over it's guilt trip it works fine then for the most part. I am just looking for any way to lessen the time it takes for login to finish and stop explorer.exe (IE the Start Bar) from halting in the beginning.
If I leave the login screen on without logging in for a few minutes, explorer.exe loads fine.

[Lobos]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com



these are Redsherrif servers tracking you (spying) across the Internet.

[Lobos]

ok you can leave the spyware adware and cws entries on your computer i was just trying to help

[Panama Red]

Jimbo, it's apparent from your attitude that you haven't read the Forum Rules here when you signed up. We don't go in for flaming or defamation here. I'd suggest you tone it down a notch and quit insulting the folks that are offering you some suggestions to correct your problem. You posted a Hijack This log in order to have it analyzed. Lobos is one of the best at helping to identify and correct adware and spyware. Any more of this attitude and I'm closing this thread.

----------------moderator--------------------

[Jimbo2150]

Wow, you really dont listen. Enough means enough.
I track the packets being sent in and out. There is nothing being sent to these unless I ask for a search, then a search string is sent, thats it.
It is part of the Yahoo! Toolbar that I installed, just as well Microsoft AntiSpyware detected and allowed the change beause it was a "Legitimate Change" by the Yahoo! Toolbar.

Finally, if anyone, who HAS HAD the problem, would step forward.

EDIT TO THE MODERATOR:
I have already had these tips by many 'tier 1' type people (aka people who normally read from a computer screen to fix the problem). I am simply asking for someone who has had the problem before to help out. I have tried the spyware stuff enough, and I also added things (like the Yahoo! SearchBar) myself and would not like it removed.

[Panama Red]

I'm not questioning your skill. It's your disrespectful attitude that won't be tolerated. No one is going to force you to take any advice you don't want to. But with the attitude you've portrayed so far, I'll be suprised if anyone even bothers to help now.

[Jimbo2150]

Well to everyone I appoligize.

It appears that I will probably not get a solid answer from ANY message boards (not just this site).

I will continue to hunt for an answer to this question.

Farwell.

[rightcoast]

I think Lobos is using that new hijackthis reader I have read about, it does flag Yahoo pages. He was trying to help you. How was he supposed to know you have an SBC email....not everyones forte is tracking people.

I come here to keep Windows skills sharp, they are unfourtunatly nessesary in the working world. But, IGTK, since you are so knowledgable, why are you running a swiss cheese OS?

Or more to the point, why did you waste time learning VB? learn perl or python or something useful.

Be my guest if you want to leave cool web search in your trusted zone. I can give you assuances no one

Quote:

who HAS HAD the problem,

will step forward anytime soon.

[glc]

Quote:

Finally, if anyone, who HAS HAD the problem, would step forward.

You know - you can troubleshoot this very easily by using MSCONFIG to selectively disable startup items and services to determine which one is causing the hangup - but I guess you already know this. There is no way for anyone to tell you exactly which one of your many is doing this. Have you ever tried Bootvis?

Quote:

Farwell.

Sorry we did not meet your expectations. I wish you good luck finding some place that does - I personally don't see that happening.

Quote:

It appears that I will probably not get a solid answer from ANY message boards (not just this site).

You are probably right when you exhibit this attitude. Help is a 2 way street, which requires a respectful dialog in both directions. I'm closing this thread now because the members who are trying to help you are starting to snap back which we cannot allow to happen. I sympathize with your frustration, but WE are also human.