startup ? - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 07-19-2006, 10:26 AM   #1 (permalink)
Banned
 
Join Date: Mar 2006
Posts: 1,829
Default startup ?

When my computer boots up and i logon to windows xp the application my computer opens.

How do i logon to windows without the my computer opening up?

I checked msconfig and disabled all startup apps and that didn't do it.
__________________

Norcent is offline  
Old 07-19-2006, 12:00 PM   #2 (permalink)
S e c u r e d
 
Join Date: Feb 2005
Location: Somewhere Sunny
Posts: 3,760
Default

Scan your machine with :


Ewido
AVG
Spybot Search and Destroy
Adware-SE
Then Finally - HighJackThis (then post the log here)
*REMEMBER*
All scans must be performed in "Safe Mode"
__________________

__________________
brady is offline  
Old 07-19-2006, 12:00 PM   #3 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

post a hijackthis log and Ill check it to see if its in there...
__________________
Osiris is offline  
Old 07-19-2006, 12:14 PM   #4 (permalink)
Banned
 
Join Date: Mar 2006
Posts: 1,829
Default

hijackthis showed up as a virus.

So i couldn't install it.
Norcent is offline  
Old 07-19-2006, 12:25 PM   #5 (permalink)
S e c u r e d
 
Join Date: Feb 2005
Location: Somewhere Sunny
Posts: 3,760
Default

lol what AV do you have running?


Disable your Antivirus (for the time being) and then boot into safe mode to install HJT...

Then scan when windows boots normally, we need to see all running processes.
__________________
brady is offline  
Old 07-19-2006, 01:32 PM   #6 (permalink)
Banned
 
Join Date: Mar 2006
Posts: 1,829
Default

Logfile of HijackThis v1.99.1
Scan saved at 1:30:11 PM, on 7/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\007\LOCALS~1\Temp\Rar$EX05.641\HijackT his.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by119fd.bay119.hotmail.msn.co...548f321198472a
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
O1 - Hosts: AmsServer
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - Global Startup: AT&T Plug&Share 54 Mbps Pocket-Size Wireless USB Adapter.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dl l,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - (no file)
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://toolbar.imageshack.us
O17 - HKLM\System\CCS\Services\Tcpip\..\{06871442-FE3D-437F-AD7D-45251CA1D358}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{2385E496-1E88-42DB-AC85-4FE7E2D92BFA}: NameServer = 216.144.187.199
O17 - HKLM\System\CS1\Services\Tcpip\..\{06871442-FE3D-437F-AD7D-45251CA1D358}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\..\{06871442-FE3D-437F-AD7D-45251CA1D358}: NameServer = 85.255.115.34,85.255.112.63
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Norcent is offline  
Old 07-19-2006, 01:43 PM   #7 (permalink)
S e c u r e d
 
Join Date: Feb 2005
Location: Somewhere Sunny
Posts: 3,760
Default

log isn't as bad as I thought it was going to be...

Have you scanned your machine with ewido or AVG yet?
__________________
brady is offline  
Old 07-19-2006, 01:44 PM   #8 (permalink)
Banned
 
Join Date: Mar 2006
Posts: 1,829
Default

no why should i?

I will do that right now
Norcent is offline  
Old 07-19-2006, 01:46 PM   #9 (permalink)
S e c u r e d
 
Join Date: Feb 2005
Location: Somewhere Sunny
Posts: 3,760
Default

Just to rule out malware...

Let me know what the scans find.
__________________
brady is offline  
Old 07-19-2006, 01:49 PM   #10 (permalink)
Banned
 
Join Date: Mar 2006
Posts: 1,829
Default

Ewido scan

I didn't think it would find that much...

Heres what it found

Tracking cookies, adaware.180solutions, a worm.vb.dw, worm.vb.am ,adaware zango, trojan.small, downloader.Zlob.to

found 328 things wrong allready and its done...
__________________

Norcent is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 10:43 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.