Jump to content

help,.,start up problem,

Recommended Posts

This may help with pinpointing what is causing that.


Little freeware app called Hijackthis anti-spyware tool.

When you run it select do a scan and save a logfile.

When it finishes it will open a notepad window with the results.

Copy the results from notepad and paste them in a post here.

DO NOT attempt to fix anything.

Just get the logfile then exit the program.

Link to comment
Share on other sites

hello guys ,,heres the log file from hijack this,,hope you can help me..

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:55:27 AM, on 29/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:







C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe


C:Program FilesAlwil SoftwareAvast4ashDisp.exe

C:Program FilesCOMODOFirewallcfp.exe

C:Program FilesFlashGetflashget.exe

C:Program FilesCommon FilesRealUpdate_OBrealsched.exe

C:Program FilesDNAbtdna.exe



C:Program FilesBonjourmDNSResponder.exe

C:Program FilesCOMODOFirewallcmdagent.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE




C:Documents and Settingsend userDesktopHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = http://localhost:0/proxy.pac

F2 - REG:system.ini: UserInit=userinit.exe,wvcst.bat

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program FilesInternet Download ManagerIDMIECC.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:Program FilesFlashGetjccatch.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll

O2 - BHO: TBSB09098 - {EA7EC21B-0589-48F8-AF3D-9A896A3D546D} - (no file)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:Program FilesFlashGetgetflash.dll

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

O4 - HKLM..Run: [avast!] "C:Program FilesAlwil SoftwareAvast4ashDisp.exe"

O4 - HKLM..Run: [COMODO Firewall Pro] "C:Program FilesCOMODOFirewallcfp.exe" -h

O4 - HKLM..Run: [Flashget] C:Program FilesFlashGetflashget.exe /min

O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe"  -osboot

O4 - HKCU..Run: [bitTorrent DNA] "C:Program FilesDNAbtdna.exe"

O4 - HKCU..Run: [sTYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe -Hide

O4 - HKCU..Run: [ctfmon.exe] C:windowssystem32ctfmon.exe

O4 - HKCU..Run: [Yahoo! Pager] "C:PROGRA~1Yahoo!MESSEN~1YahooMessenger.exe" -quiet

O8 - Extra context menu item: &Download All with FlashGet - C:Program FilesFlashGetjc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:Program FilesFlashGetjc_link.htm

O8 - Extra context menu item: Download all links with IDM - C:Program FilesInternet Download ManagerIEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:Program FilesInternet Download ManagerIEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:Program FilesInternet Download ManagerIEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:windowsNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:windowsNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186937846718

O20 - AppInit_DLLs: C:windowssystem32guard32.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:Program FilesCOMODOFirewallcmdagent.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe

O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:windowssystem32nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

O23 - Service: StyleXPService - Unknown owner - C:Program FilesTGTSoftStyleXPStyleXPService.exe

O24 - Desktop Component 0: (no name) - http://photos-910.friendster.com/e1/photos/01/94/44804910/1_220769441l.jpg


End of file - 8055 bytes


Link to comment
Share on other sites

Run it and select do a scan only.

Scroll down until you find this entry: F2 - REG:system.ini: UserInit=userinit.exe,wvcst.bat

Place a tick in the box beside of this entry.

Make sure your web browser IE or Firefox or whatever is closed.

Scroll all the way to the bottom and hit fix selected.

If a message box appears click ok.

That may or may not solve your issue.

There is a lot of stuff listed there that shouldn't be there.

I would suggest that you follow Tommie's advice above and post the logfile on the hijackthis forum where there are people way more experienced than I am with it that will help you get your computer cleaned up.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...