Member Avatar for DoomWear

About a week ago,
My NOD32 gave me a message that the 30day trial had expired and i needed to purchase. I didnt really like the GUI of NOD32 so i decided to get Norton 2005 wich got very good reviews. Stupid maybe but i uninstalled NOD32 before installing Norton and i didnt disable the internet connection. I also forgot that my firewall (sygate) had been disabled since last night (or rather been set to Allow all trafic) cause i had troubles sending and recieveng files through IRC.

Well,during norton installation my computer froze up and i had to HARD RESET it. When i logged back in it didnt want to launch the installation program again, So i went to "Add/Remove Programs" and tried to uninstall it, which ofc it didnt want to allow.

I rebooted again to try and do it from failsafe mode without any luck there either. When i came back to normal mode all my autostart objects had been removed and when i put them there again it just takes it away right infront of my eyes.

I started internet explorer to search for info and i noticed that my startpage was set to: Martfinder.com , so I went to altavista and searched for martfinder and the first hit was this kick-***-what-seems-to-be-an-awesome-site. I found some info in the forum about this unchangable startpage, but non of the tips seems to work for me.

I got similar problems once before after installing Kazaa and i had a hell b4 i understod that it was kazaa that caused all this from the beginning. (this was 2 years ago and i had several formats and even a new harddrive now)

I signed up for this but noticed that the screen went blank when i tried to log in to my e-mail account (gmail.com), so i had my friend log in for me and forward the mail to my hotmail account instead.

I used all the tools i could find on this page and others and scanned several times and removed gazillions of "reported bad stuff".

Now i turn to you with a last pledge for help

Thank you for your time and concideration.

/Kristian


OS: XP sp1
Firewall: sygate
AV: NOD32 and AntiVirXP(recomended by this site)
additional related programs: HijackThis, Ad-Aware, Spybot - Search & Destroy, SpywareGuard, SpywareBlaster, Malware Removal - June 2005

Logfile of HijackThis v1.99.1
Scan saved at 18:38:10, on 2005-06-23
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThis.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O19 - User stylesheet: C:\WINDOWS\windows.dat
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O CleverCache Pro (OOCleverCache) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

  • 2 Contributors
  • 7 Replies
  • 255 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by DoomWear

Recommended Answers

All 7 Replies

Member Avatar for DMR

There are one or two hidden files which will keep bringing the Martfinder hijack back to life if you don't fully remove the infection. Please do the following so that we locate those files:

Download: "StartDreck", from here:

Unzip to its own folder and start the program,

Press 'Config'

Press 'Unmark All'

Check the following boxes only:
In this section >System/drivers
[x] Running processes
[x] list modules
[x] NT services
[x] List binaries
[x] NT kernal and FS drivers

Press 'Ok'

Press 'Save' and select the location to save the log file
(default is the same folder as the application)

Exit StartDreck and post the log in this thread.

Member Avatar for DoomWear

Thanks for such a fast reply :)

I attatched the file because you had to scroll for ever to reach the bottom and very annoying for readers indeed. Hope that was ok.

StartDreck (build 2.1.7 public stable) - 2005-06-23 @ 21:52:53 (GMT +02:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)
Internet Explorer: 6.0.2800.1106
Logged in as Kristian at D1

Registry
Files
System/Drivers
 Running Processes
  +0=<idle>
  +4=<system>
  +488=\SystemRoot\System32\smss.exe
   *C:\WINDOWS\System32\ntdll.dll
  +552=\??\C:\WINDOWS\system32\csrss.exe
   *C:\WINDOWS\System32\ntdll.dll
   *C:\WINDOWS\system32\CSRSRV.dll
   *C:\WINDOWS\system32\basesrv.dll
   *C:\WINDOWS\system32\winsrv.dll
   *C:\WINDOWS\system32\GDI32.dll
   *C:\WINDOWS\system32\KERNEL32.dll
   *C:\WINDOWS\system32\USER32.dll
   *C:\WINDOWS\system32\ADVAPI32.dll
   *C:\WINDOWS\system32\RPCRT4.dll
   *C:\WINDOWS\System32\sxs.dll
  +576=\??\C:\WINDOWS\SYSTEM32\winlogon.exe
   *C:\WINDOWS\System32\ntdll.dll
   *C:\WINDOWS\system32\kernel32.dll
   *C:\WINDOWS\system32\ADVAPI32.dll
   *C:\WINDOWS\system32\RPCRT4.dll
   *C:\WINDOWS\system32\AUTHZ.dll
   *C:\WINDOWS\system32\msvcrt.dll
   *C:\WINDOWS\system32\CRYPT32.dll
   *C:\WINDOWS\system32\USER32.dll
   *C:\WINDOWS\system32\GDI32.dll
   *C:\WINDOWS\system32\MSASN1.dll
   *C:\WINDOWS\system32\NDdeApi.dll
   *C:\WINDOWS\system32\PROFMAP.dll
   *C:\WINDOWS\system32\NETAPI32.dll
   *C:\WINDOWS\system32\USERENV.dll
   *C:\WINDOWS\system32\PSAPI.DLL
   *C:\WINDOWS\system32\REGAPI.dll
   *C:\WINDOWS\system32\Secur32.dll
   *C:\WINDOWS\system32\SETUPAPI.dll
   *C:\WINDOWS\system32\VERSION.dll
   *C:\WINDOWS\system32\WINSTA.dll
   *C:\WINDOWS\system32\WS2_32.dll
   *C:\WINDOWS\system32\WS2HELP.dll
   *C:\WINDOWS\System32\IMM32.DLL
   *C:\WINDOWS\System32\MSGINA.dll
   *C:\WINDOWS\system32\SHELL32.dll
   *C:\WINDOWS\system32\SHLWAPI.dll
   *C:\WINDOWS\system32\COMCTL32.dll
   *C:\WINDOWS\System32\ODBC32.dll
   *C:\WINDOWS\system32\comdlg32.dll
   *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
   *C:\WINDOWS\System32\odbcint.dll
   *C:\WINDOWS\System32\SHSVCS.dll
   *C:\WINDOWS\system32\sfc.dll
   *C:\WINDOWS\System32\sfc_os.dll
   *C:\WINDOWS\System32\WINTRUST.dll
   *C:\WINDOWS\system32\ole32.dll
   *C:\WINDOWS\system32\IMAGEHLP.dll
   *C:\WINDOWS\System32\msctfime.ime
   *C:\WINDOWS\System32\WINSCARD.DLL
   *C:\WINDOWS\System32\WTSAPI32.dll
   *C:\WINDOWS\System32\uxtheme.dll
   *C:\WINDOWS\System32\WINMM.dll
   *C:\WINDOWS\SYSTEM32\cscdll.dll
   *C:\WINDOWS\SYSTEM32\WlNotify.dll
   *C:\WINDOWS\System32\WINSPOOL.DRV
   *C:\WINDOWS\system32\MPR.dll
   *C:\WINDOWS\System32\rsaenh.dll
   *C:\WINDOWS\System32\sxs.dll
   *C:\WINDOWS\System32\SAMLIB.dll
   *C:\WINDOWS\System32\cscui.dll
   *C:\WINDOWS\System32\NTMARTA.DLL
   *C:\WINDOWS\system32\WLDAP32.dll
   *C:\WINDOWS\system32\msv1_0.dll
   *C:\WINDOWS\System32\wdmaud.drv
   *C:\WINDOWS\System32\SSSensor.dll
   *C:\WINDOWS\System32\msacm32.drv
   *C:\WINDOWS\System32\MSACM32.dll
   *C:\WINDOWS\System32\midimap.dll
   *C:\WINDOWS\System32\COMRes.dll
   *C:\WINDOWS\system32\OLEAUT32.dll
   *C:\WINDOWS\System32\CLBCATQ.DLL
   *C:\WINDOWS\System32\wbem\wbemprox.dll
   *C:\WINDOWS\System32\wbem\wbemcomn.dll
   *C:\WINDOWS\System32\wbem\wbemsvc.dll
   *C:\WINDOWS\System32\wbem\fastprox.dll
  +620=C:\WINDOWS\system32\services.exe
   *C:\WINDOWS\System32\ntdll.dll
   *C:\WINDOWS\system32\kernel32.dll
   *C:\WINDOWS\system32\msvcrt.dll
   *C:\WINDOWS\system32\ADVAPI32.dll
   *C:\WINDOWS\system32\RPCRT4.dll
   *C:\WINDOWS\system32\USER32.dll
   *C:\WINDOWS\system32\GDI32.dll
   *C:\WINDOWS\system32\USERENV.dll
   *C:\WINDOWS\system32\SCESRV.dll
   *C:\WINDOWS\system32\AUTHZ.dll
   *C:\WINDOWS\system32\umpnpmgr.dll
   *C:\WINDOWS\system32\WINSTA.dll
   *C:\WINDOWS\system32\NCObjAPI.DLL
   *C:\WINDOWS\System32\IMM32.DLL
   *C:\WINDOWS\system32\secur32.dll
   *C:\WINDOWS\system32\eventlog.dll
   *C:\WINDOWS\system32\WS2_32.dll
   *C:\WINDOWS\system32\WS2HELP.dll
   *C:\WINDOWS\system32\PSAPI.DLL
   *C:\WINDOWS\system32\wtsapi32.dll
   *C:\WINDOWS\system32\netapi32.dll
  +632=C:\WINDOWS\system32\lsass.exe
   *C:\WINDOWS\System32\ntdll.dll
   *C:\WINDOWS\system32\kernel32.dll
   *C:\WINDOWS\system32\ADVAPI32.dll
   *C:\WINDOWS\system32\RPCRT4.dll
   *C:\WINDOWS\system32\LSASRV.dll
   *C:\WINDOWS\system32\MPR.dll
   *C:\WINDOWS\system32\USER32.dll
   *C:\WINDOWS\system32\GDI32.dll
   *C:\WINDOWS\system32\MSASN1.dll
   *C:\WINDOWS\system32\msvcrt.dll
   *C:\WINDOWS\system32\NETAPI32.dll
   *C:\WINDOWS\system32\NTDSAPI.dll
   *C:\WINDOWS\system32\DNSAPI.dll
   *C:\WINDOWS\system32\WS2_32.dll
   *C:\WINDOWS\system32\WS2HELP.dll
   *C:\WINDOWS\system32\WLDAP32.dll
   *C:\WINDOWS\system32\Secur32.dll
   *C:\WINDOWS\system32\SAMLIB.dll
   *C:\WINDOWS\system32\SAMSRV.dll
   *C:\WINDOWS\system32\cryptdll.dll
   *C:\WINDOWS\System32\IMM32.DLL
   *C:\WINDOWS\system32\msprivs.dll
   *C:\WINDOWS\system32\kerberos.dll
   *C:\WINDOWS\system32\msv1_0.dll
   *C:\WINDOWS\system32\netlogon.dll
   *C:\WINDOWS\system32\w32time.dll
   *C:\WINDOWS\system32\MSVCP60.dll
   *C:\WINDOWS\system32\iphlpapi.dll
   *C:\WINDOWS\system32\USERENV.dll
   *C:\WINDOWS\system32\schannel.dll
   *C:\WINDOWS\system32\CRYPT32.dll
   *C:\WINDOWS\system32\wdigest.dll
   *C:\WINDOWS\System32\rsaenh.dll
   *C:\WINDOWS\system32\scecli.dll
   *C:\WINDOWS\system32\SETUPAPI.dll
   *C:\WINDOWS\system32\OLEAUT32.dll
   *C:\WINDOWS\system32\OLE32.DLL
   *C:\WINDOWS\system32\shell32.dll
   *C:\WINDOWS\system32\SHLWAPI.dll
   *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
   *C:\WINDOWS\system32\comctl32.dll
   *C:\WINDOWS\system32\ipsecsvc.dll
   *C:\WINDOWS\system32\oakley.DLL
   *C:\WINDOWS\system32\WINIPSEC.DLL
   *C:\WINDOWS\system32\pstorsvc.dll
   *C:\WINDOWS\system32\psbase.dll
   *C:\WINDOWS\system32\imon.dll
   *C:\WINDOWS\system32\WSOCK32.dll
   *C:\WINDOWS\system32\NTMARTA.DLL
   *C:\WINDOWS\system32\mswsock.dll
   *C:\WINDOWS\system32\rsvpsp.dll
   *C:\WINDOWS\System32\wshtcpip.dll
   *C:\WINDOWS\System32\dssenh.dll
  +792=C:\WINDOWS\system32\svchost.exe
   *C:\WINDOWS\System32\ntdll.dll
   *C:\WINDOWS\system32\kernel32.dll
   *C:\WINDOWS\system32\ADVAPI32.dll
   *C:\WINDOWS\system32\RPCRT4.dll
   *c:\windows\system32\rpcss.dll
   *C:\WINDOWS\system32\msvcrt.dll
   *c:\windows\system32\Secur32.dll
   *C:\WINDOWS\system32\USER32.dll
   *C:\WINDOWS\system32\GDI32.dll
   *c:\windows\system32\WS2_32.dll
   *c:\windows\system32\WS2HELP.dll
   *C:\WINDOWS\System32\IMM32.DLL
   *C:\WINDOWS\system32\userenv.dll
   *C:\WINDOWS\System32\rsaenh.dll
   *C:\WINDOWS\system32\mswsock.dll
   *C:\WINDOWS\system32\imon.dll
   *C:\WINDOWS\system32\WSOCK32.dll
   *C:\WINDOWS\system32\NTMARTA.DLL
   *C:\WINDOWS\system32\WLDAP32.dll
   *C:\WINDOWS\system32\ole32.dll
   *C:\WINDOWS\system32\SAMLIB.dll
   *C:\WINDOWS\system32\rsvpsp.dll
   *C:\WINDOWS\System32\wshtcpip.dll
   *C:\WINDOWS\system32\DNSAPI.dll
   *C:\WINDOWS\system32\iphlpapi.dll
   *C:\WINDOWS\System32\winrnr.dll
   *C:\WINDOWS\system32\rasadhlp.dll
   *C:\WINDOWS\system32\CLBCATQ.DLL
   *C:\WINDOWS\system32\OLEAUT32.dll
   *C:\WINDOWS\system32\COMRes.dll
   *C:\WINDOWS\system32\VERSION.dll
   *C:\WINDOWS\system32\Apphelp.dll
  +852=C:\WINDOWS\System32\svchost.exe
   *C:\WINDOWS\System32\ntdll.dll
   *C:\WINDOWS\system32\kernel32.dll
   *C:\WINDOWS\system32\ADVAPI32.dll
   *C:\WINDOWS\system32\RPCRT4.dll
   *C:\WINDOWS\system32\ole32.dll
   *C:\WINDOWS\system32\GDI32.dll
   *C:\WINDOWS\system32\USER32.dll
   *C:\WINDOWS\System32\IMM32.DLL
   *c:\windows\system32\shsvcs.dll
   *C:\WINDOWS\system32\msvcrt.dll
   *C:\WINDOWS\system32\SHLWAPI.dll
   *C:\WINDOWS\system32\shell32.dll
   *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
   *C:\WINDOWS\system32\comctl32.dll
   *C:\WINDOWS\System32\WINSTA.dll
   *C:\WINDOWS\System32\UxTheme.dll
   *C:\WINDOWS\System32\rsaenh.dll
   *c:\windows\system32\dhcpcsvc.dll
   *c:\windows\system32\DNSAPI.dll
   *c:\windows\system32\WS2_32.dll
   *c:\windows\system32\WS2HELP.dll
   *c:\windows\system32\iphlpapi.dll
   *c:\windows\system32\Secur32.dll
   *C:\WINDOWS\System32\imon.dll
   *C:\WINDOWS\System32\WSOCK32.dll
   *C:\WINDOWS\System32\NTMARTA.DLL
   *C:\WINDOWS\system32\WLDAP32.dll
   *C:\WINDOWS\System32\SAMLIB.dll
   *C:\WINDOWS\system32\mswsock.dll
   *C:\WINDOWS\system32\rsvpsp.dll
   *C:\WINDOWS\System32\wshtcpip.dll
   *c:\windows\system32\wzcsvc.dll
   *c:\windows\system32\rtutils.dll
   *c:\windows\system32\WMI.dll
   *C:\WINDOWS\system32\OLEAUT32.dll
   *C:\WINDOWS\system32\CRYPT32.dll
   *C:\WINDOWS\system32\MSASN1.dll
   *c:\windows\system32\WTSAPI32.dll
   *c:\windows\system32\ESENT.dll
   *c:\windows\system32\NETAPI32.dll
   *C:\WINDOWS\System32\rastls.dll
   *C:\WINDOWS\System32\ATL.DLL
   *C:\WINDOWS\System32\CRYPTUI.dll
   *C:\WINDOWS\System32\WINTRUST.dll
   *C:\WINDOWS\system32\IMAGEHLP.dll
   *C:\WINDOWS\system32\WININET.dll
   *C:\WINDOWS\System32\MPRAPI.dll
   *C:\WINDOWS\System32\ACTIVEDS.dll
   *C:\WINDOWS\System32\adsldpc.dll
   *C:\WINDOWS\System32\SETUPAPI.dll
   *C:\WINDOWS\System32\RASAPI32.dll
   *C:\WINDOWS\System32\rasman.dll
   *C:\WINDOWS\System32\TAPI32.dll
   *C:\WINDOWS\System32\WINMM.dll
   *C:\WINDOWS\System32\SCHANNEL.dll
   *C:\WINDOWS\system32\USERENV.dll
   *C:\WINDOWS\System32\WinSCard.dll
   *C:\WINDOWS\System32\raschap.dll
   *C:\WINDOWS\system32\msv1_0.dll
   *C:\WINDOWS\System32\CLBCATQ.DLL
   *C:\WINDOWS\System32\COMRes.dll
   *C:\WINDOWS\system32\VERSION.dll
   *c:\windows\system32\schedsvc.dll
   *c:\windows\system32\NTDSAPI.dll
   *C:\WINDOWS\System32\MSIDLE.DLL
   *c:\windows\system32\audiosrv.dll
   *c:\windows\system32\cryptsvc.dll
   *c:\windows\system32\certcli.dll
   *c:\windows\system32\es.dll
   *c:\windows\system32\ersvc.dll
   *c:\windows\system32\dmserver.dll
   *c:\windows\system32\seclogon.dll
   *c:\windows\system32\sens.dll
   *c:\windows\system32\srsvc.dll
   *c:\windows\system32\POWRPROF.dll
   *c:\windo
Member Avatar for DMR

Thanks for such a fast reply

You're welcome. :)

Please download ESS3remove.zip and unzip it into its a folder of its own.

Double-click on the ESSremove.bat file to run it. Reboot after that, and post a new HijackThis log.

Member Avatar for DoomWear

Downloaded and ran the program and went for reboot. Got a popup saying Drive a: not ready, please check if the door might be open (or something similar). If i only had a floppy...

After reboot my desktop start menu and taskbar just disappeared after after a few seconds. I forgot to mention earlier but i got this problem yesterday already. The thing i did was to open taskmanager and through there start a new task: msconfig. Went and deisabled everything in startup and rebooted. Didnt help so i started msconfig again. the disabled items was still unchecked so i went to services TAB and disabled everything rebooted and this time the desktop did appear as it should. so now to get sound and network again i went back and enabled everything again and only disabled afew checkboxes at the time until i lokalized the problem. After 10 or so reboots i got the desktop back and only theese checkboxes are now unchecked:

Help And Support - Microsoft
IMAPI CD-Burning COM Service - Microsoft
Server - Microsoft
Workstation - Microsoft
TCP/IP NetBIOS Helper - Microsoft
Machine Debug Manager - Unknown
Messenger - Microsoft
NetMeeting Remote Desktop Sharing - Microsoft
Distributed Transaction Coordinator - Microsoft
Windows Installer - Microsoft

I guess its only one of the above causing this but since computer takes 5 minutes to reboot i didnt have time to investigate further yet.


Well now this time after doing what you told me i still have the Services mentioned unchecked but i also have 2 new checked items at the startup tab (i made them Bold in the highjackthis log). And since the desktop did dissapear again i guess one of those caused it. So i unchecked them and rebooted but still the same and they are back checked.


BUT!!! good thing is that that stupid homepage is finally gone and i can now set it to anything i want :D thanks. (problem 1 of 2385285 solved? :P )

Also during the time of writing this i got a message saying im "Low on virtual memmory and its being adjusted..."


Here is my new HJ log.

Logfile of HijackThis v1.99.1
Scan saved at 01:18:54, on 2005-06-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O CleverCache Pro (OOCleverCache) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\OOCCSVC.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Member Avatar for DoomWear

Here are a few pictures that might help to clearify what happend?

MyBlankDesktop.JPG 43.8 KB SysConfigStartup.JPG 124.19 KB TaskManagerProcesses.JPG 113.06 KB
Member Avatar for DoomWear

sigh..

After another 50 reboots and scans i think im going insane..

I just tried to put Startup Selection to Normal to load everything.. rebooted and everything started as it should and desktop was there.. rebooted once again just to make sure and now its gone again!

and while writing this i tried to find a way to open the controll panel and i clicked on every .exe in my system32 folder that looked like something that could help me, and all of a sudden the startmenu and taskbar appeared again.

Now im not sure if it was cause i rightclicked a folder and chose explore or if it was one of the .exe files i clicked earlier that just had slow reaction.. OR maybe the startup prosess is just incredible slow when a certain component i have on my system loads (34 minutes since i rebooted)

I will reboot again and wait 30-40 more minutes and see if that happens again without me doing anything at all.

Member Avatar for DoomWear

computer locks up everytime i scan it and i have to do a hard reset (even in safe mode) :(

I tried all the online a/v scanners.

Any one with suggestions please?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.