| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 70224 | 2006-06-26 06:40:00 | Browser running on startup | bunta (10620) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 466178 | 2006-06-26 06:40:00 | When I start my computer I get firefox loading up and running in the background. The firewall says it is trying to access remote host 255.255.255.0, remote port 2000, local port 1063. I've looked through all the different processes etc running on startup and nothing seems different to the norm. I've run HiJackThis but have no idea what it all means. Can someone figure out what is doing it? This is the log: Logfile of HijackThis v1.99.1 Scan saved at 5:27:58 p.m., on 26/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\cFosSpeed\cFosSpeed.exe C:\Program Files\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\uTorrent\utorrent.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mapiicon.exe C:\Program Files\Connection Keeper\ConKeepM.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\FlashGet\flashget.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ADSL_A2] A2Installed O4 - HKLM\..\Run: [nvCpl32] C:\WINDOWS\system32\nvCpl32.exe O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Internet Security 6.0\avp.exe" O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [nvCpl32] C:\WINDOWS\system32\nvCpl32.exe O4 - Startup: Connection Keeper.lnk = C:\Program Files\Connection Keeper\ConKeepM.exe O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\system32\mapiicon.exe O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - www.kaspersky.com O17 - HKLM\System\CCS\Services\Tcpip\..\{9919F128-B92B-4DDB-AC46-BE66C09AB857}: NameServer = 202.89.128.16 202.89.128.17 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe |
bunta (10620) | ||
| 466179 | 2006-06-26 21:26:00 | Bump | roddy_boy (4115) | ||
| 466180 | 2006-06-26 23:26:00 | Well, it looks like you have a torrent program running, plus a connection keeper program, whatever that is, plus a few other "interesting" internet type of programs. They would be the first ones I would be looking at disabling if you are concerned. |
FoxyMX (5) | ||
| 466181 | 2006-06-27 04:31:00 | All the processes listed as running are ok. They have been in use for a while and never caused a problem. One is a torrent program, Connection Keeper keeps my internet connection active if it is dropped, cFosSpeed regulates the bandwidth between upload packets to allow maximum usage of bandwidth. The other things are pretty standard. So far none of them have caused a problem and this problem has only developed recently. The ones that load on startup are: Connection keeper, uTorrent and cFosSpeed. Most of the other running programs don't run at startup. |
bunta (10620) | ||
| 466182 | 2006-06-27 04:39:00 | Is firefox starting with a specific page, or with the home page that you specified? | MMNZ (10621) | ||
| 466183 | 2006-06-27 04:43:00 | Firefox starts with the normal homepage. However the firefox that runs on startup accessing the 255.255.255.0 address opens as a hidden window and I can't see it running. | bunta (10620) | ||
| 466184 | 2006-06-27 04:53:00 | If firefox is your standard browser, any program could cause the startup by following a hyperlink e.g. Anyhow you should see in the history of firefox, which site it is trying to open. But lookes suspicious to me. There are some tools at tucows, that can analyse what else will be performed at start up of windows (e.g. Run / runonce entries in registration). I used sysoft sandra once to find out mor about my PC settings, but had a freeware tool for performance tuning. Just can't remember the name. I think it was quick Startup, but am not sure. Anyhow the link to it: www.tucows.com Cheers Markus |
MMNZ (10621) | ||
| 466185 | 2006-06-27 05:07:00 | Cheers for that. I have used the StartUpList program from the makers of HiJackThis and couldn't see anything out of the ordinary running... | bunta (10620) | ||
| 466186 | 2006-06-27 05:15:00 | ... No idea. I just would switch off one after another and try to identify which program starts firefox. |
MMNZ (10621) | ||
| 466187 | 2006-06-27 07:08:00 | Get startupcpl from here: mlin.net at the same time pick up, startup monitor: mlin.net This (startupcpl) will show you what is in startup and enable you to disable and delete the bad startup entries if they are there. Get the 59k version. Very useful for speeding up your computer as well. Really good program, read the instructions before you use it, please. After you delete the offending Firefox entry if it is there, then startup monitor will tell you when something is trying to put it back in startup, you can then forbid this and go on to trace down the problem. |
zqwerty (97) | ||
| 1 2 | |||||