 |  |  |  |  |  |  |  |
Computer soon unsaveable?
 |
About a week ago,
My NOD32 gave me a message that the 30day trial had expired and i needed to purchase. I didnt really like the GUI of NOD32 so i decided to get Norton 2005 wich got very good reviews. Stupid maybe but i uninstalled NOD32 before installing Norton and i didnt disable the internet connection. I also forgot that my firewall (sygate) had been disabled since last night (or rather been set to Allow all trafic) cause i had troubles sending and recieveng files through IRC.
Well,during norton installation my computer froze up and i had to HARD RESET it. When i logged back in it didnt want to launch the installation program again, So i went to "Add/Remove Programs" and tried to uninstall it, which ofc it didnt want to allow.
I rebooted again to try and do it from failsafe mode without any luck there either. When i came back to normal mode all my autostart objects had been removed and when i put them there again it just takes it away right infront of my eyes.
I started internet explorer to search for info and i noticed that my startpage was set to: Martfinder.com , so I went to altavista and searched for martfinder and the first hit was this kick-***-what-seems-to-be-an-awesome-site. I found some info in the forum about this unchangable startpage, but non of the tips seems to work for me.
I got similar problems once before after installing Kazaa and i had a hell b4 i understod that it was kazaa that caused all this from the beginning. (this was 2 years ago and i had several formats and even a new harddrive now)
I signed up for this but noticed that the screen went blank when i tried to log in to my e-mail account (gmail.com), so i had my friend log in for me and forward the mail to my hotmail account instead.
I used all the tools i could find on this page and others and scanned several times and removed gazillions of "reported bad stuff".
Now i turn to you with a last pledge for help
Thank you for your time and concideration.
/Kristian
OS: XP sp1
Firewall: sygate
AV: NOD32 and AntiVirXP(recomended by this site)
additional related programs: HijackThis, Ad-Aware, Spybot - Search & Destroy, SpywareGuard, SpywareBlaster, Malware Removal - June 2005
Logfile of HijackThis v1.99.1
Scan saved at 18:38:10, on 2005-06-23
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThis.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemp...veSekurity.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O19 - User stylesheet: C:\WINDOWS\windows.dat
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O CleverCache Pro (OOCleverCache) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
My NOD32 gave me a message that the 30day trial had expired and i needed to purchase. I didnt really like the GUI of NOD32 so i decided to get Norton 2005 wich got very good reviews. Stupid maybe but i uninstalled NOD32 before installing Norton and i didnt disable the internet connection. I also forgot that my firewall (sygate) had been disabled since last night (or rather been set to Allow all trafic) cause i had troubles sending and recieveng files through IRC.
Well,during norton installation my computer froze up and i had to HARD RESET it. When i logged back in it didnt want to launch the installation program again, So i went to "Add/Remove Programs" and tried to uninstall it, which ofc it didnt want to allow.
I rebooted again to try and do it from failsafe mode without any luck there either. When i came back to normal mode all my autostart objects had been removed and when i put them there again it just takes it away right infront of my eyes.
I started internet explorer to search for info and i noticed that my startpage was set to: Martfinder.com , so I went to altavista and searched for martfinder and the first hit was this kick-***-what-seems-to-be-an-awesome-site. I found some info in the forum about this unchangable startpage, but non of the tips seems to work for me.
I got similar problems once before after installing Kazaa and i had a hell b4 i understod that it was kazaa that caused all this from the beginning. (this was 2 years ago and i had several formats and even a new harddrive now)
I signed up for this but noticed that the screen went blank when i tried to log in to my e-mail account (gmail.com), so i had my friend log in for me and forward the mail to my hotmail account instead.
I used all the tools i could find on this page and others and scanned several times and removed gazillions of "reported bad stuff".
Now i turn to you with a last pledge for help
Thank you for your time and concideration.
/Kristian
OS: XP sp1
Firewall: sygate
AV: NOD32 and AntiVirXP(recomended by this site)
additional related programs: HijackThis, Ad-Aware, Spybot - Search & Destroy, SpywareGuard, SpywareBlaster, Malware Removal - June 2005
Logfile of HijackThis v1.99.1
Scan saved at 18:38:10, on 2005-06-23
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThis.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemp...veSekurity.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O19 - User stylesheet: C:\WINDOWS\windows.dat
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O CleverCache Pro (OOCleverCache) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Last edited by DMR; Jun 23rd, 2005 at 3:42 pm. Reason: Profanity snip
There are one or two hidden files which will keep bringing the Martfinder hijack back to life if you don't fully remove the infection. Please do the following so that we locate those files:
Download: "StartDreck", from here:
Unzip to its own folder and start the program,
Press 'Config'
Press 'Unmark All'
Check the following boxes only:
In this section >System/drivers
[x] Running processes
[x] list modules
[x] NT services
[x] List binaries
[x] NT kernal and FS drivers
Press 'Ok'
Press 'Save' and select the location to save the log file
(default is the same folder as the application)
Exit StartDreck and post the log in this thread.
Download: "StartDreck", from here:
Unzip to its own folder and start the program,
Press 'Config'
Press 'Unmark All'
Check the following boxes only:
In this section >System/drivers
[x] Running processes
[x] list modules
[x] NT services
[x] List binaries
[x] NT kernal and FS drivers
Press 'Ok'
Press 'Save' and select the location to save the log file
(default is the same folder as the application)
Exit StartDreck and post the log in this thread.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Thanks for such a fast reply 
I attatched the file because you had to scroll for ever to reach the bottom and very annoying for readers indeed. Hope that was ok.
I attatched the file because you had to scroll for ever to reach the bottom and very annoying for readers indeed. Hope that was ok.
•
•
•
•
Thanks for such a fast reply
Please download ESS3remove.zip and unzip it into its a folder of its own.
Double-click on the ESSremove.bat file to run it. Reboot after that, and post a new HijackThis log.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Downloaded and ran the program and went for reboot. Got a popup saying Drive a: not ready, please check if the door might be open (or something similar). If i only had a floppy...
After reboot my desktop start menu and taskbar just disappeared after after a few seconds. I forgot to mention earlier but i got this problem yesterday already. The thing i did was to open taskmanager and through there start a new task: msconfig. Went and deisabled everything in startup and rebooted. Didnt help so i started msconfig again. the disabled items was still unchecked so i went to services TAB and disabled everything rebooted and this time the desktop did appear as it should. so now to get sound and network again i went back and enabled everything again and only disabled afew checkboxes at the time until i lokalized the problem. After 10 or so reboots i got the desktop back and only theese checkboxes are now unchecked:
Help And Support - Microsoft
IMAPI CD-Burning COM Service - Microsoft
Server - Microsoft
Workstation - Microsoft
TCP/IP NetBIOS Helper - Microsoft
Machine Debug Manager - Unknown
Messenger - Microsoft
NetMeeting Remote Desktop Sharing - Microsoft
Distributed Transaction Coordinator - Microsoft
Windows Installer - Microsoft
I guess its only one of the above causing this but since computer takes 5 minutes to reboot i didnt have time to investigate further yet.
Well now this time after doing what you told me i still have the Services mentioned unchecked but i also have 2 new checked items at the startup tab (i made them Bold in the highjackthis log). And since the desktop did dissapear again i guess one of those caused it. So i unchecked them and rebooted but still the same and they are back checked.
BUT!!! good thing is that that stupid homepage is finally gone and i can now set it to anything i want
thanks. (problem 1 of 2385285 solved? 
)
Also during the time of writing this i got a message saying im "Low on virtual memmory and its being adjusted..."
Here is my new HJ log.
Logfile of HijackThis v1.99.1
Scan saved at 01:18:54, on 2005-06-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemp...veSekurity.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O CleverCache Pro (OOCleverCache) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
After reboot my desktop start menu and taskbar just disappeared after after a few seconds. I forgot to mention earlier but i got this problem yesterday already. The thing i did was to open taskmanager and through there start a new task: msconfig. Went and deisabled everything in startup and rebooted. Didnt help so i started msconfig again. the disabled items was still unchecked so i went to services TAB and disabled everything rebooted and this time the desktop did appear as it should. so now to get sound and network again i went back and enabled everything again and only disabled afew checkboxes at the time until i lokalized the problem. After 10 or so reboots i got the desktop back and only theese checkboxes are now unchecked:
Help And Support - Microsoft
IMAPI CD-Burning COM Service - Microsoft
Server - Microsoft
Workstation - Microsoft
TCP/IP NetBIOS Helper - Microsoft
Machine Debug Manager - Unknown
Messenger - Microsoft
NetMeeting Remote Desktop Sharing - Microsoft
Distributed Transaction Coordinator - Microsoft
Windows Installer - Microsoft
I guess its only one of the above causing this but since computer takes 5 minutes to reboot i didnt have time to investigate further yet.
Well now this time after doing what you told me i still have the Services mentioned unchecked but i also have 2 new checked items at the startup tab (i made them Bold in the highjackthis log). And since the desktop did dissapear again i guess one of those caused it. So i unchecked them and rebooted but still the same and they are back checked.
BUT!!! good thing is that that stupid homepage is finally gone and i can now set it to anything i want
thanks. (problem 1 of 2385285 solved? )Also during the time of writing this i got a message saying im "Low on virtual memmory and its being adjusted..."
Here is my new HJ log.
Logfile of HijackThis v1.99.1
Scan saved at 01:18:54, on 2005-06-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemp...veSekurity.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O CleverCache Pro (OOCleverCache) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
sigh..
After another 50 reboots and scans i think im going insane..
I just tried to put Startup Selection to Normal to load everything.. rebooted and everything started as it should and desktop was there.. rebooted once again just to make sure and now its gone again!
and while writing this i tried to find a way to open the controll panel and i clicked on every .exe in my system32 folder that looked like something that could help me, and all of a sudden the startmenu and taskbar appeared again.
Now im not sure if it was cause i rightclicked a folder and chose explore or if it was one of the .exe files i clicked earlier that just had slow reaction.. OR maybe the startup prosess is just incredible slow when a certain component i have on my system loads (34 minutes since i rebooted)
I will reboot again and wait 30-40 more minutes and see if that happens again without me doing anything at all.
After another 50 reboots and scans i think im going insane..
I just tried to put Startup Selection to Normal to load everything.. rebooted and everything started as it should and desktop was there.. rebooted once again just to make sure and now its gone again!
and while writing this i tried to find a way to open the controll panel and i clicked on every .exe in my system32 folder that looked like something that could help me, and all of a sudden the startmenu and taskbar appeared again.
Now im not sure if it was cause i rightclicked a folder and chose explore or if it was one of the .exe files i clicked earlier that just had slow reaction.. OR maybe the startup prosess is just incredible slow when a certain component i have on my system loads (34 minutes since i rebooted)
I will reboot again and wait 30-40 more minutes and see if that happens again without me doing anything at all.
|
Similar Threads
- can you hook a computer up to a receiver for surround sound? (Troubleshooting Dead Machines)
- relation of mathematics with computer science (Computer Science)
- How long do you use your computer each day? (Geeks' Lounge)
- Can my computer support this?!?!? (Motherboards, CPUs and RAM)
- Computer Club (Geeks' Lounge)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Infected by Trojan Horse
- Next Thread: I need help working hijackthis to get rid of spysherrif
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista volume war warning windows worm yahoo zeroday
