| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 70725 | 2006-07-14 00:49:00 | Win32 opens on bootup | cowboy stu (7021) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 470665 | 2006-07-14 00:49:00 | What have I done. On any restart a window's explorer opens at win32. closes okay ..all normal afterwards ?? Any ideas appreciated |
cowboy stu (7021) | ||
| 470666 | 2006-07-14 02:00:00 | Is there anything here that shouldn't be ? Logfile of HijackThis v1.99.1 Scan saved at 11:49:31 a.m., on 14/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\htpatch.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\ihug\ultra\UltraSetup.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\isat\tc-recv.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\gearsec.exe C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Fast.exe C:\Program Files\isat\tc-recv.exe C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\ntvdm.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Computer Concepts\Cash Manager\Cash Manager.exe C:\PROGRA~1\WinZip8\winzip32.exe C:\Documents and Settings\Stuart\My Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bordernet.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bordernet.co.nz/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bordernet.co.nz/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:9202;https=localhost:9202;ftp=:0;go pher=:0;socks=localhost:9203 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [IHUG Ultra] C:\Program Files\ihug\ultra\UltraSetup.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Tellique.lnk = C:\Program Files\isat\tc-recv.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ppctlcab - www.pestscan.com O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - extraweb-apac.ey.com O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - www.pestscan.com O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - software-dl.real.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - messenger.zone.msn.com O17 - HKLM\System\CCS\Services\Tcpip\..\{5DE6BF69-7100-42A8-AF0E-EE45466EC807}: NameServer = 203.109.252.42 203.109.252.43 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
cowboy stu (7021) | ||
| 470667 | 2006-07-14 06:58:00 | Boot into safe mode run HJT again tick these entgries and tick fix checked. Unzip HJT first before u run it again. O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll 016 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net Do you know what this is?? C:\Program Files\Computer Concepts\Cash Manager\Cash Manager.exe Do you use this? |
Speedy Gonzales (78) | ||
| 470668 | 2006-07-14 08:46:00 | Cash Manager is the farmers bible... accounting program. I have trouble booting into safe mode.. correct procedure please. Thanks for your help |
cowboy stu (7021) | ||
| 470669 | 2006-07-14 08:48:00 | Reboot and hold F8 down. Then select Safe Mode. | Speedy Gonzales (78) | ||
| 470670 | 2006-07-14 09:07:00 | Sorry F8 does nothing at reboot. Does cordless keybd affect this ? | cowboy stu (7021) | ||
| 470671 | 2006-07-14 09:13:00 | Rather than hold down the F8 function key, try keep tapping it as the computer first boots and before the Windows splash screen shows. It should force open an boot menu which you can select Safe Mode from. | Jen (38) | ||
| 470672 | 2006-07-14 09:17:00 | Thanks I have just had AVG warn me of some trojan called altmalk.exe ? was in win32 and healed it .. could be part of the prob ? | cowboy stu (7021) | ||
| 470673 | 2006-07-14 09:24:00 | That was most likely behind your problems. Was that the correct trojan name? Google shows no information on it. Do you get the same problem when you reboot now? To be safe, do as Speedy suggests and fix those entries in Safe Mode as well. |
Jen (38) | ||
| 470674 | 2006-07-14 09:27:00 | no my spelling may be a bit out. Just had another called dcomcfg.exe linked to zlob.blu trojan dialer. sorry no amount of F8 gets me to safe mode |
cowboy stu (7021) | ||
| 1 2 | |||||