| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 85926 | 2007-12-27 08:50:00 | xp login scren | jayal (1291) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 624958 | 2007-12-27 08:50:00 | hi, have been reading the recent posts regarding the login screen in xp, i have a "similar" problem - the wording only occupies half the screen with "to begin, click your user name" but it's not there! - - from the control panel - user accounts - change the way users log on or off - use the welcome screen, doesn't make any difference, i login using ctrl-alt-del which opens a password prompt that allows me to get going - Avast came up with a trojan, "win32: trojano 3384" but doesn't appear to be able to clean it out - i have an Hijack this log file with one questionable entry, ALCMTR.EXE - i can post the log file if required - i booted into safe mode but the screen there was incomplete, no wording or files, only "safe mode" in the 4 corners, and "start" bottom left - to elaborate even further, a coupla weeks ago the system crashed, no apparent obvious reason - i'd just done a disc cleanup and on the screen a note saying a DLL file was missing and some files had been interfered with by other programmes, recommended a re-install, simple i thought "cause i have a legit O/S disk - partway through it came to a halt and presented a blue screen with two options, something like, press ?? to quit and another which i've forgotten, but the end result was a repeat process, reinstall to blue screen and so on - a tech managed to get it running again and did a reinstall but i suspect he formatted first "cause everything had gone, luckily i had some backups - sorry to be so long winded but would appreciate some comments and perhaps a solution - just happened to notice in Jan Netguide a possible solution to the blue screen, press r? | jayal (1291) | ||
| 624959 | 2007-12-27 09:01:00 | ALCMTR.EXE is a file belonging to the drivers for a soundcard. Try what it says here (forum.avast.com) Run Avast from the menu, then select schedule boot time scan. Then reboot WHAT did the blue screen say? Post the log if u want, I'll check it out |
Speedy Gonzales (78) | ||
| 624960 | 2007-12-27 09:01:00 | Geez your post is hard to read. Sentence and paragraph are words that come to mind. |
beama (111) | ||
| 624961 | 2007-12-27 09:37:00 | thanks Speedy will do that scan, gonna take some time though so maybe will be back in the morning where do i post the log file? can't remember exactly what was on the blue screen only there were two options, quit or reinstall possibly that better Beama? |
jayal (1291) | ||
| 624962 | 2007-12-27 09:41:00 | You copy and post the full log here in this thread. | Speedy Gonzales (78) | ||
| 624963 | 2007-12-27 10:09:00 | that better Beama?Tons better. And as Speedy says, copy and paste the full log into a reply in this thread. |
Greg (193) | ||
| 624964 | 2007-12-27 10:10:00 | Logfile of HijackThis v1.99.1 Scan saved at 11:07:52 PM, on 12/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOW\System32\smss.exe C:\WINDOW\system32\winlogon.exe C:\WINDOW\system32\services.exe C:\WINDOW\system32\lsass.exe C:\WINDOW\system32\Ati2evxx.exe C:\WINDOW\system32\svchost.exe C:\WINDOW\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOW\system32\spoolsv.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOW\system32\ssoftsrv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOW\system32\Ati2evxx.exe C:\WINDOW\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOW\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Comodo\Firewall\cfp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOW\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Quick ShutDown\qsd.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOW\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - Startup: Quick ShutDown.lnk = C:\Program Files\Quick ShutDown\qsd.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O20 - AppInit_DLLs: C:\WINDOW\system32\guard32.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOW\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOW\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOW\SYSTEM32\ssoftsrv.exe |
jayal (1291) | ||
| 624965 | 2007-12-27 10:18:00 | I would get rid of Nvidia firewall. It looks like this is installed. That and Comodo will conflict. You shouldnt have 2 firewalls running at the same time. Run HJT again tick these then tick fix checked Close browser/s O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" I would get rid of this, and install the latest version Of Windows live messenger. Windows messenger is to buggy.. O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background Get this from (www.dougknox.com) Here (www.dougknox.com) Quit Windows messenger, double click on this file and select uninstall. Look in control panel / admin tools / event viewerr. Under apps or system. For a X or ! or when this crash happened. Tell us what it says. Right mouse / properties on my computer on the desktop. Go to the advanced tab / startup and recovery. Untick automatically restart. |
Speedy Gonzales (78) | ||
| 624966 | 2007-12-27 11:30:00 | you sure about Nvidia? on the disk it says ASROCK & AMD-nVIDIA series, it's not something else is it? cleared those entries in Hijack this there's heaps of Xs & !s, like between 17th & 27th Dec for entries such as for Xs a2service.exe application error DCOM Service ControlManager Windows Update Agent Service Control manager Dhcp and !s Win Managment Windows Product Activation ASP Net 1.1.4322.0 Userenv COM+ MsiInstaller W32time Server Dhcp cdrom and unticked "automatically restart" |
jayal (1291) | ||
| 624967 | 2007-12-27 11:41:00 | Is this installed? Related to Nvidia Corp. Network Access Manager.- Does this include a firewall? Hmm check those entries to see if any say bugcheck. Double click on those entries u posted. |
Speedy Gonzales (78) | ||
| 1 2 3 | |||||