We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
The Forum is currently experiencing technical issues which the team are working to resolve. Thank you for your patience.
Windows startup stalling - help please
elektra
Posts: 1,361 Forumite
in Techie Stuff
I'll start by saying thanks for any help offered.
Windows appears to be stalling - i.e not fully completing startup
I first noticed it when switching on PC on Monday morning and I noticed that the bar at the bottom of the screen was not fully populated. In particular I noticed the absence of the blue avast spinning ball.
Other symptoms:-
Malaware unable to start - error message ...something about runtime error - dll misssing(sorry I'll have to find that later when able to switch PC on again)
Windows Help and support - click and nothing happens
Unable to successfully use explorer to copy/paste files to USB stick
hover over Zone Alarm - says Protection is up, UI initializing
History :-
day before DH had downloaded some software to convert media files to MP3. This was unsuccessful - it asked for a higher version of directx which he downloaded, but software still did not work.
Actions :-
Have deleted above software.
Restored registry to 2 days before (using boot/repair disc)
Run Avast scan - no problems found, It did say however resident shield disabled
Run Superantispyware which found a few things
Logs posted below. Unfortunately I was unable to update hijack this as did not want to go on internet with Avast apparently disabled, maybe I can do an updated one with the boot disk.
Ccleaner list of progs at startup - I'm sure some of these can be disabled anyway
HHKCU:Run CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
HKCU:Run Creative Detector C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
HKCU:Run swg "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKCU:Run HKCU C:\WINDOWS\system32\svchost\svchost
HKLM:Run ehTray C:\WINDOWS\ehome\ehtray.exe
HKLM:Run NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
HKLM:Run RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
HKLM:Run P17Helper Rundll32 P17.dll,P17Helper
HKLM:Run CTSysVol C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
HKLM:Run UpdReg C:\WINDOWS\UpdReg.EXE
HKLM:Run VTTimer VTTimer.exe
HKLM:Run VTTrayp VTtrayp.exe
HKLM:Run MediaFace Integration C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
HKLM:Run TVTray
HKLM:Run ZoneAlarm Client "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HKLM:Run ISW "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
HKLM:Run avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM:Run SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM:Run HKLM C:\WINDOWS\system32\svchost\svchost
Startup Common Adobe Reader Speed Launch.lnk C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Startup Common EPSON Status Monitor 3 Environment Check(2).lnk C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
Startup User Adobe Gamma.lnk C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Startup User Screen Saver Control.lnk C:\WINDOWS\FSScrCtl.exe
Superantispyware - i've removed the detail related to tracking cookie
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/11/2011 at 11:23 PM
Application Version : 4.55.1000
Core Rules Database Version : 7396
Trace Rules Database Version: 5208
Scan type : Complete Scan
Total Scan Time : 01:49:39
Memory items scanned : 414
Memory threats detected : 0
Registry items scanned : 9768
Registry threats detected : 1
File items scanned : 36221
File threats detected : 266
Trojan.SVCHost/Fake
[svchost.exe] C:\DOCUMENTS AND SETTINGS\IQON\LOCAL SETTINGS\TEMP\SVCHOST.EXE
C:\DOCUMENTS AND SETTINGS\IQON\LOCAL SETTINGS\TEMP\SVCHOST.EXE
Trojan.Agent/CDesc[Generic]
C:\PROGRAM FILES\COMMON FILES\SNDP106\DSNDP106.DLL
C:\WINDOWS\SYSTEM32\DSNDP106.DLL
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D8870DC5-36F1-4BF0-BAFA-B795D6858C56}\RP1200\A0519319.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D8870DC5-36F1-4BF0-BAFA-B795D6858C56}\RP1200\A0519320.EXE
Windows appears to be stalling - i.e not fully completing startup
I first noticed it when switching on PC on Monday morning and I noticed that the bar at the bottom of the screen was not fully populated. In particular I noticed the absence of the blue avast spinning ball.
Other symptoms:-
Malaware unable to start - error message ...something about runtime error - dll misssing(sorry I'll have to find that later when able to switch PC on again)
Windows Help and support - click and nothing happens
Unable to successfully use explorer to copy/paste files to USB stick
hover over Zone Alarm - says Protection is up, UI initializing
History :-
day before DH had downloaded some software to convert media files to MP3. This was unsuccessful - it asked for a higher version of directx which he downloaded, but software still did not work.
Actions :-
Have deleted above software.
Restored registry to 2 days before (using boot/repair disc)
Run Avast scan - no problems found, It did say however resident shield disabled
Run Superantispyware which found a few things
Logs posted below. Unfortunately I was unable to update hijack this as did not want to go on internet with Avast apparently disabled, maybe I can do an updated one with the boot disk.
Ccleaner list of progs at startup - I'm sure some of these can be disabled anyway
HHKCU:Run CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
HKCU:Run Creative Detector C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
HKCU:Run swg "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKCU:Run HKCU C:\WINDOWS\system32\svchost\svchost
HKLM:Run ehTray C:\WINDOWS\ehome\ehtray.exe
HKLM:Run NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
HKLM:Run RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
HKLM:Run P17Helper Rundll32 P17.dll,P17Helper
HKLM:Run CTSysVol C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
HKLM:Run UpdReg C:\WINDOWS\UpdReg.EXE
HKLM:Run VTTimer VTTimer.exe
HKLM:Run VTTrayp VTtrayp.exe
HKLM:Run MediaFace Integration C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
HKLM:Run TVTray
HKLM:Run ZoneAlarm Client "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HKLM:Run ISW "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
HKLM:Run avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM:Run SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM:Run HKLM C:\WINDOWS\system32\svchost\svchost
Startup Common Adobe Reader Speed Launch.lnk C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Startup Common EPSON Status Monitor 3 Environment Check(2).lnk C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
Startup User Adobe Gamma.lnk C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Startup User Screen Saver Control.lnk C:\WINDOWS\FSScrCtl.exe
Superantispyware - i've removed the detail related to tracking cookie
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/11/2011 at 11:23 PM
Application Version : 4.55.1000
Core Rules Database Version : 7396
Trace Rules Database Version: 5208
Scan type : Complete Scan
Total Scan Time : 01:49:39
Memory items scanned : 414
Memory threats detected : 0
Registry items scanned : 9768
Registry threats detected : 1
File items scanned : 36221
File threats detected : 266
Trojan.SVCHost/Fake
[svchost.exe] C:\DOCUMENTS AND SETTINGS\IQON\LOCAL SETTINGS\TEMP\SVCHOST.EXE
C:\DOCUMENTS AND SETTINGS\IQON\LOCAL SETTINGS\TEMP\SVCHOST.EXE
Trojan.Agent/CDesc[Generic]
C:\PROGRAM FILES\COMMON FILES\SNDP106\DSNDP106.DLL
C:\WINDOWS\SYSTEM32\DSNDP106.DLL
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D8870DC5-36F1-4BF0-BAFA-B795D6858C56}\RP1200\A0519319.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D8870DC5-36F1-4BF0-BAFA-B795D6858C56}\RP1200\A0519320.EXE
0
Comments
-
Hijack log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:10:46, on 12/07/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\FSScrCtl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\PC Wizard 2006\PC Wizard.exe
C:\Program Files\PC Wizard 2006\pcwizard.dll
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\svchost\svchost
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\svchost\svchost
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\svchost\svchost
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\svchost\svchost
O4 - HKUS\S-1-5-21-725345543-861567501-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-725345543-861567501-839522115-1003\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R (User '?')
O4 - HKUS\S-1-5-21-725345543-861567501-839522115-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-21-725345543-861567501-839522115-1003\..\Run: [HKCU] C:\WINDOWS\system32\svchost\svchost (User '?')
O4 - HKUS\S-1-5-21-725345543-861567501-839522115-1003\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\svchost\svchost (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-725345543-861567501-839522115-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-725345543-861567501-839522115-1003 Startup: dates.txt (User '?')
O4 - S-1-5-21-725345543-861567501-839522115-1003 Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe (User '?')
O4 - S-1-5-21-725345543-861567501-839522115-1003 Startup: ToDo.txt (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: dates.txt
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: ToDo.txt
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Update Service (gupdate1ca19c8631d284) (gupdate1ca19c8631d284) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 13455 bytes0 -
These are the naughty entries to TICK and FIX, although the active files have been deleted by SAS:
O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\svchost\svchost
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\svchost\svchost
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\svchost\svchost
Use the repair options from SAS.
TICK and FIX = this is with Hijackthis, correct ?
repair options from SAS - not done/seen them before - will look later.
Thanks I may have to look at it later/tomorrow as going out soon and DS will want internet on later with laptop.0 -
When you have got it sorted, it may be a good idea to install XP SP3 and all other updates.4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 tracker again+ Octopus Intelligent Flux leccy0
-
Thanks debitcardmayhem - I will look at SP3 if and when I get it sorted. I've been ignoring/avoiding it - if it aint broke don't fix it scenario. That's backfired - broke now.
So far have done HJT tick and fix which has made no difference - about to look at other options mentioned.0 -
uninstall some of the bloat, rapport, zonealarm, pc wizard, superantispyware
run startuplite
update avast to v6 if it is really v4
do an avast boot time scan
run an updated malwarebytes scan in safe mode, you possibly may need to run rkill first
or instead, reinstall windows, after backing up data using a caddy!!
> . !!!! ----> .0 -
uninstall some of the bloat, rapport, zonealarm, pc wizard, superantispyware
run startuplite
update avast to v6 if it is really v4
do an avast boot time scan
run an updated malwarebytes scan in safe mode, you possibly may need to run rkill first
or instead, reinstall windows, after backing up data using a caddy
I'll uninstall some of bloat once I have it sorted - particularly Rapport - I never wanted it in first place, DH installed it. I like to have Zonealarm, SAS
startuplite - not sure what that is yet, will investigate, I guess the clue is in the name
Avast - had previously tried to update and it caused problems ( can't remember what) so revert to previous version. Again will look at new update once I get startup sorted.
Boot scan - can probably get into it to do one of these.
Malawarebytes - as suggested by RussJK , I tried to run it in safe mode after a copy/rename and get same error which is
Runtime error 372 - failed to load 'vbalgrid' from vbalgrid6.ocx your version may be outdated.
so far I have
run SAS which found a couple of trojans and deleted
run HJT and run tick and fix, reran and items no longer there
tried rkill which found nothing
had a look at Tangosoft re-enable2 but it had too many options- so I would need to be talked through that one.
Not yet looked at others suggested by RussJK - but know can't find them - where has his post gone ????????
PC still stalling on startup
Could my problems be connected to Directx update as stated in first post.
I do have an Acronis full backup albeit probably a couple of months old so may have to revert to that.0 -
Not just SP2, but IE7? Way out of date, and insecure.
Once you are sorted get the updates ASAP.No free lunch, and no free laptop
0 -
don't use IE7. Use firefox and more recently chrome.
anyone any advice on how to fix or only option to restore/reinstall ?0 -
With re-enable, select all, it will only fix anything which needs it
Try the trial of this, run it and see what it says, no need to apply anything, unless it's obvious one(s)
Post what it does suggest
No need to buy this type of programme as they usually spot everything within the trial
http://www.tune-up.com/products/tuneup-utilities/0 -
Thanks Santer - I'll take a look at those but it won't be until Friday now, as need to go overnight visiting.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 242.9K Work, Benefits & Business
- 619.8K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards