| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 83223 | 2007-09-24 05:12:00 | Startup issue | jrust (2064) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 594441 | 2007-09-24 05:12:00 | Hi, been having an issue for a while with startup. Once computer has finished starting up, programs or files tend to freeze when I open them or won't open at all. A classic example is clicking on connection to internet icon on quick launch bar and nothing happens. I have to Ctrl-Alt-Delete and click end process on task manager (even though nothing is shown as running) before things start working normally. Does this mean one of the services starting up is causing this and if so how do I determine which one. I have Windows XP Home Edition Version 2002 Service Pack 2. | jrust (2064) | ||
| 594442 | 2007-09-24 05:34:00 | So what process are u ending in task manager then? Get hijackthis in my sig below. Put it in its own folder. Click on scan the system and save a log. Copy and paste the log here. We'll see whats in it. |
Speedy Gonzales (78) | ||
| 594443 | 2007-09-24 06:20:00 | So what process are u ending in task manager then? Get hijackthis in my sig below. Put it in its own folder. Click on scan the system and save a log. Copy and paste the log here. We'll see whats in it. Hi Speedy ,hope I did this right Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:39:46 PM, on 9/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\system32\sessmgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {435D08DD-665E-474F-B977-5EE75A2BDCB2} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\rrqdesfx.dll O2 - BHO: (no name) - {E64F0381-0053-4842-B3E5-08F6C4A0AEB6} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Super Collapse! Puzzle Gallery\Images\stg_drm.ocx O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Rainbow Mystery\Images\armhelper.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{11E5BF38-819C-413C-B0F5-CF84C531AF13}: NameServer = 60.234.1.1 60.234.2.2 O17 - HKLM\System\CS3\Services\Tcpip\..\{11E5BF38-819C-413C-B0F5-CF84C531AF13}: NameServer = 60.234.1.1 60.234.2.2 O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe -- End of file - 4592 bytes |
jrust (2064) | ||
| 594444 | 2007-09-24 06:35:00 | Looks like you've picked up a trojan.. Run HJT again, tick these entries then tick fix checked. Close browser/s. Safe O2 - BHO: (no name) - {435D08DD-665E-474F-B977-5EE75A2BDCB2} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Nasty O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\rrqdesfx.dll Safe O2 - BHO: (no name) - {E64F0381-0053-4842-B3E5-08F6C4A0AEB6} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k Whats this do? O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe I think this belongs to a trojan too. O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing) Follow whats here (www.bleepingcomputer.com) Or get this (www.symantec.com) And this (www.symantec.com) Run both of them. See if they pick anything up. These are from here (www.symantec.com) Is trojan remover up to date? That should have picked something up. Get rogueremover in my sig too, update it then click on scan. |
Speedy Gonzales (78) | ||
| 594445 | 2007-09-24 06:47:00 | I would also uninstall ALL versions of Sun Java. Latest version is in my sig. | Speedy Gonzales (78) | ||
| 1 | |||||