PDA

View Full Version : vista starts with cmd box opening. hijackthis done. pls help



prajna
18-03-2009, 09:44 AM
Hello friends,

when i shutdown my laptop from the start-shut button, the booting thereafter invariably starts by opening a cmd box followed by several runs in system 32 finally prompting me to type desktop...... for the desktop icons to actually appear. i can quit the box then by typing exit.

Logfile is like this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:51 PM, on 3/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Speed+\Configurator\ventcfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\EpiValley\TATA Indicom Dialer\TATA Indicom Dialer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\real player\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Speed+\Configurator\ventcfg.exe -nomsgbox
O4 - HKLM\..\RunOnce: [DeleteOcx] C:\Windows\system32\Dell\SystemProfiler\DeleteOcx. cmd
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://supportapj.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC1DB037-3D63-410B-BD14-B2BBB239452D}: NameServer = 202.54.15.30 202.54.1.30
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_238116a1\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_238116a1\STacSV.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Speed+\Client\ventc.exe

--
End of file - 7232 bytes

i want vista to start normally without hav want vista ting to reformat.

What runs in the cmd box is typically as follows:

C:\Windows\system32>if exist c:\windows\*.dmp echo [ErrorHandler.CMD] It appears
a BSOD occured check C:\Windows\*.DMP 1>>C:\Dell\fist\errorHandler.err

C:\Windows\system32>if exist c:\windows\minidump\*.dmp echo [ErrorHandler.CMD] I
t appears a BSOD occured check C:\Windows\minidump\*.DMP 1>>C:\Dell\fist\errorH
andler.err

C:\Windows\system32>echo [ErrorHandler.CMD] Error! Vista process called ErrorHan
dler for an unknown process error. 1>>C:\Dell\fist\errorHandler.err

C:\Windows\system32>echo [ErrorHandler.CMD] Please include these files in your r
eport for trouble-shooting: 1>>C:\Dell\fist\errorHandler.err

C:\Windows\system32>echo [ErrorHandler.CMD] setupact.cab 1>>C:\Dell\fist\errorH
andler.err

C:\Windows\system32>echo [ErrorHandler.CMD] setuperr.cab 1>>C:\Dell\fist\errorH
andler.err

C:\Windows\system32>echo [ErrorHandler.CMD] unattend.cab 1>>C:\Dell\fist\errorH
andler.err

C:\Windows\system32>echo [ErrorHandler.CMD] pkgmgrxl.cab 1>>C:\Dell\fist\errorH
andler.err

C:\Windows\system32>echo [ErrorHandler.CMD] setupdev.cab 1>>C:\Dell\fist\errorH
andler.err

C:\Windows\system32>echo [ErrorHandler.CMD] setupapp.cab 1>>C:\Dell\fist\errorH
andler.err

C:\Windows\system32>echo [ErrorHandler.CMD] pkgmgrlg.cab 1>>C:\Dell\fist\errorH
andler.err

C:\Windows\system32>echo [ErrorHandler.CMD] cbslog.cab 1>>C:\Dell\fist\errorHan
dler.err

C:\Windows\system32>echo [ErrorHandler.CMD] If they aren't on your manufacturing
media, zip up entire windows\panther directory 1>>C:\Dell\fist\errorHandler.er
r

C:\Windows\system32>copy c:\windows\panther\unattendgc\setupact.log c:\dell\logs
\setupact.log
1 file(s) copied.

C:\Windows\system32>copy c:\windows\panther\unattendgc\setuperr.log c:\dell\logs
\setuperr.log
1 file(s) copied.

C:\Windows\system32>copy c:\windows\panther\unattend.xml c:\dell\logs\unattend.x
ml
1 file(s) copied.

C:\Windows\system32>copy c:\windows\panther\pkgmgr.xml c:\dell\logs\pkgmgr.xml
1 file(s) copied.

C:\Windows\system32>copy c:\windows\inf\setupapi.dev.log c:\dell\logs\setupapi.d
ev.log
1 file(s) copied.

C:\Windows\system32>copy c:\windows\inf\setupapi.app.log c:\dell\logs\setupapi.a
pp.log
1 file(s) copied.

C:\Windows\system32>copy c:\windows\logs\cbs\cbs.log c:\dell\logs\cbs.log
1 file(s) copied.

C:\Windows\system32>makecab c:\dell\logs\setupact.log c:\dell\logs\setupact.cab

Cabinet Maker - Lossless Data Compression Tool

100.00% [flushing current folder]
C:\Windows\system32>makecab c:\dell\logs\setuperr.log c:\dell\logs\setuperr.cab

Cabinet Maker - Lossless Data Compression Tool

100.00% [flushing current folder]
C:\Windows\system32>makecab c:\dell\logs\unattend.xml c:\dell\logs\unattend.cab

Cabinet Maker - Lossless Data Compression Tool

100.00% [flushing current folder]
C:\Windows\system32>makecab c:\dell\logs\pkgmgr.xml c:\dell\logs\pkgmgrxl.cab
Cabinet Maker - Lossless Data Compression Tool

100.00% [flushing current folder]
C:\Windows\system32>makecab c:\dell\logs\setupapi.dev.log c:\dell\logs\setupdev.
cab
Cabinet Maker - Lossless Data Compression Tool

100.00% [flushing current folder]
C:\Windows\system32>makecab c:\dell\logs\setupapi.app.log c:\dell\logs\setupapp.
cab
Cabinet Maker - Lossless Data Compression Tool

100.00% [flushing current folder]
C:\Windows\system32>makecab C:\Dell\Logs\pkgmgrlog.xml.txt c:\dell\logs\pkgmgrl
g.cab
Cabinet Maker - Lossless Data Compression Tool

100.00% [flushing current folder]
C:\Windows\system32>makecab C:\Dell\Logs\cbs.log c:\dell\logs\cbslog.cab
Cabinet Maker - Lossless Data Compression Tool

100.00% [flushing current folder]
C:\Windows\system32>Net stop browser
The Computer Browser service is not started.

More help is available by typing NET HELPMSG 3521.


C:\Windows\system32>Net stop workstation /y
The Workstation service is stopping.
The Workstation service was stopped successfully.


C:\Windows\system32>Net start workstation
The Workstation service is starting...
The Workstation service was started successfully.


C:\Windows\system32>c:\dell\fist\delay.exe 10

C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\setupa
ct.cab setupact.cab
[TAL.BAT] Version A01
[TAL.BAT] Warning - TAL.ERR Exists At Startup.
[DismountUtilityPartition] Status: 0(0x0)
[TAL.BAT] Manufacturing Media: DMP
[TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\setupact.cab to DMP:\setupact.cab

[DismountUtilityPartition] Status: 0(0x0)

[rw_fat16] Unable To Locate A Valid Partition To Mount
Looked For Partition Number: 0 (DMP)

[TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700

[TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated
[TAL.BAT] Program Exit: Result Code = 2

C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\setupe
rr.cab setuperr.cab
[TAL.BAT] Version A01
[TAL.BAT] Warning - TAL.ERR Exists At Startup.
[DismountUtilityPartition] Status: 0(0x0)
[TAL.BAT] Manufacturing Media: DMP
[TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\setuperr.cab to DMP:\setuperr.cab

[DismountUtilityPartition] Status: 0(0x0)

[rw_fat16] Unable To Locate A Valid Partition To Mount
Looked For Partition Number: 0 (DMP)

[TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700

[TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated
[TAL.BAT] Program Exit: Result Code = 2

C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\unatte
nd.cab unattend.cab
[TAL.BAT] Version A01
[TAL.BAT] Warning - TAL.ERR Exists At Startup.
[DismountUtilityPartition] Status: 0(0x0)
[TAL.BAT] Manufacturing Media: DMP
[TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\unattend.cab to DMP:\unattend.cab

[DismountUtilityPartition] Status: 0(0x0)

[rw_fat16] Unable To Locate A Valid Partition To Mount
Looked For Partition Number: 0 (DMP)

[TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700

[TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated
[TAL.BAT] Program Exit: Result Code = 2

C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\pkgmgr
xl.cab pkgmgrxl.cab
[TAL.BAT] Version A01
[TAL.BAT] Warning - TAL.ERR Exists At Startup.
[DismountUtilityPartition] Status: 0(0x0)
[TAL.BAT] Manufacturing Media: DMP
[TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\pkgmgrxl.cab to DMP:\pkgmgrxl.cab

[DismountUtilityPartition] Status: 0(0x0)

[rw_fat16] Unable To Locate A Valid Partition To Mount
Looked For Partition Number: 0 (DMP)

[TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700

[TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated
[TAL.BAT] Program Exit: Result Code = 2

C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\setupd
ev.cab setupdev.cab
[TAL.BAT] Version A01
[TAL.BAT] Warning - TAL.ERR Exists At Startup.
[DismountUtilityPartition] Status: 0(0x0)
[TAL.BAT] Manufacturing Media: DMP
[TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\setupdev.cab to DMP:\setupdev.cab

[DismountUtilityPartition] Status: 0(0x0)

[rw_fat16] Unable To Locate A Valid Partition To Mount
Looked For Partition Number: 0 (DMP)

[TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700

[TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated
[TAL.BAT] Program Exit: Result Code = 2

C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\setupa
pp.cab setupapp.cab
[TAL.BAT] Version A01
[TAL.BAT] Warning - TAL.ERR Exists At Startup.
[DismountUtilityPartition] Status: 0(0x0)
[TAL.BAT] Manufacturing Media: DMP
[TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\setupapp.cab to DMP:\setupapp.cab

[DismountUtilityPartition] Status: 0(0x0)

[rw_fat16] Unable To Locate A Valid Partition To Mount
Looked For Partition Number: 0 (DMP)

[TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700

[TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated
[TAL.BAT] Program Exit: Result Code = 2

C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\pkgmgr
lg.cab pkgmgrlg.cab
[TAL.BAT] Version A01
[TAL.BAT] Warning - TAL.ERR Exists At Startup.
[DismountUtilityPartition] Status: 0(0x0)
[TAL.BAT] Manufacturing Media: DMP
[TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\pkgmgrlg.cab to DMP:\pkgmgrlg.cab

[DismountUtilityPartition] Status: 0(0x0)

[rw_fat16] Unable To Locate A Valid Partition To Mount
Looked For Partition Number: 0 (DMP)

[TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700

[TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated
[TAL.BAT] Program Exit: Result Code = 2

C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\cbslog
.cab cbslog.cab
[TAL.BAT] Version A01
[TAL.BAT] Warning - TAL.ERR Exists At Startup.
[DismountUtilityPartition] Status: 0(0x0)
[TAL.BAT] Manufacturing Media: DMP
[TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\cbslog.cab to DMP:\cbslog.cab
[DismountUtilityPartition] Status: 0(0x0)

[rw_fat16] Unable To Locate A Valid Partition To Mount
Looked For Partition Number: 0 (DMP)

[TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700

[TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated
[TAL.BAT] Program Exit: Result Code = 2

C:\Windows\system32>cmd /c c:\dell\fist\gk_fail.bat

GK_FAIL has already been run at least once to fail this system.
You should only see this if you booted to the customer partition
after an audit mode failure.


Use this cmd prompt to troubleshoot the failure.
To interact with the Vista desktop type "desktop" [Enter]

Closing or exiting this window in audit mode will reboot the system.

c:\DELL\FIST>desktop

c:\DELL\FIST>wmic PROCESS WHERE (Name="Audit.exe") DELETE /NOINTERACTIVE
Deleting instance \\D8P2L2BS\ROOT\CIMV2:Win32_Process.Handle="3232"
Instance deletion successful.

c:\DELL\FIST>



how to get out of this jam?

Speedy Gonzales
18-03-2009, 09:58 AM
Tick these entries, then tick fix checked

Close browsers

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

This looks suss

O4 - HKLM\..\RunOnce: [DeleteOcx] C:\Windows\system32\Dell\SystemProfiler\DeleteOcx. cmd

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O13 - Gopher Prefix:

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

I would get malwarebytes (http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=76e323e29ae1893acf1b10e85b459155&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=11004434&mfgId=6290020&merId=6290020&pguid=zXAi9AoPjGAAAHRVRh4AAAA@&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-8022_4-10804572.html%3Fspi%3D76e323e29ae1893acf1b10e85b45 9155%26part%3Ddl-10804572) update it then scan

Then get trojan remover (http://www.simplysup.net/download/dl/trjsetup676.exe) update it then scan

Then select all options under the utilities menu

linw
18-03-2009, 01:42 PM
This looks like Dell going into audit mode after detecting an error dump file (.dmp). (Have you had a BSOD just before this problem?).

C:\Windows\system32>if exist c:\windows\*.dmp echo [ErrorHandler.CMD] It appears
a BSOD occured check C:\Windows\*.DMP 1>>C:\Dell\fist\errorHandler.err

C:\Windows\system32>if exist c:\windows\minidump\*.dmp echo [ErrorHandler.CMD] I
t appears a BSOD occured check C:\Windows\minidump\*.DMP 1>>C:\Dell\fist\errorH
andler.err

Look at these two commands. They are looking for .dmp files in C:\Windows and C:\Windows\minidump.

Look in both these folders for .dmp files. I am betting you will find at least one. Delete all you find and reboot.

This may get you out of it this time but will not prevent it happening again. Perhaps you need to ask Dell about this process.

Let's know how you go.

prajna
19-03-2009, 04:28 PM
searched for the *.dmp files in the two locations.None found. It may be a blue screen of death error handler and definitely audit mode response. Dell asks me to format and reload vistas which is a big hassle since they are asking me to backup all data. I have shifted data (except favorites, my documents) from C: (boot) drive to the partitioned drive d:However Dell does not guarantee protection of the partition while formatting and asks to reset to factory setting from E:

Is there a way to avoid this?
As regards hijackthis logfile i want a definite advice. The listed items are to be fixed only after i am sure no further harm will come from such action. I am downloading the two programs regarding malware and trojans but doubt anything will be found since i did an on line kapersky scan and nothing was detected.

Thanks for the help and do let know what more.

Speedy Gonzales
19-03-2009, 04:39 PM
Tick all of the entries in the log, if you havent yet. Then reboot

If you dont know what this is ring Dell and ask them

O4 - HKLM\..\RunOnce: [DeleteOcx] C:\Windows\system32\Dell\SystemProfiler\DeleteOcx. cmd

This is probably whats bringing up that cmd window

prajna
19-03-2009, 05:14 PM
This is what i found with advanced search in hidden files. Is this relevant?

Mini031509-01.dmp opens with Windows Shell Common Dll
Size 135kb attributes CAN


Object name : C:\Users\Administrator\AppData\Local\Microsoft\Win dows\WER\ReportQueue\Report0d2e1332\Mini031509-01.dmp

linw
20-03-2009, 03:52 PM
Please take this as opinion, only, as I don't think any of us can tell you what is wrong and how to fix it.

There does seem something is seriously screwed with your system (not news to you!) and you should plan to get ALL your data saved to an external drive. After that you should seriously consider reverting it to the factory default.

The system seems to be trying a re-install and failing resulting in it trying to save all sorts of log files into a cab file. You see mention of the Windows\Panther folder. This is used by Vista for installation log files. I have this folder on my machine, too.

There are several worrying partition fails from TAL.bat. Partition not found. RW_FAT16 problems. Look here for similar errors http://allquests.com/question/2224532/new-replacement-hard-drive-install-failure.html

Good luck and sorry to not be able to help more. Let's know how it pans out.

prajna
15-04-2009, 06:10 AM
i want to avoid saving data to an external drive.In fact i don't have the equipments. My desktop PC is not with me. I don't have the cables/accessories nor know how to connect my laptop with a PC (which should serve like an external drive). My laptop has three drives: C with the OS, D with data, and E for recovery programs and data like factory default etc. There is ample space in D:.If i transfer my Documents file and favorites from C: to D: and sacrifice the program files installed in c: and go for re-installing factory setting or reinstalling Vista will i lose data in D: and E: or will all the partitions get formatted and i will lose all data? Please suggest so that i can get rid of the original problem about bootup.

gary67
15-04-2009, 07:38 AM
It should only overwrite your C drive if you select that option when doing the re install, make sure you read all of the screen prompts.