Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: F2 - REG:system.ini: Shell=explorer.exe

(New)
(!)

bookime wood's Avatar
bookime wood bookime wood is offline
Senior Member with 615 posts.
THREAD STARTER
 
Join Date: Jul 2003
08-Nov-2005, 12:00 PM #1
Solved: F2 - REG:system.ini: Shell=explorer.exe
Hi I wonder if somebody could identify this entry, not seen it before, but recently upgraded to sp2 and I am thinking it might be from that. I know what the other entries are.


F2 - REG:system.ini: Shell=explorer.exe(((((((THIS ENTRY))))

Thanks



Logfile of HijackThis v1.99.1
Scan saved at 15:51:52, on 08/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\GOLFGTI16V\My Documents\HijackThis v1.99.1\HijackThis.exe
C:\Program Files\TrojanHunter 4.2\TrojanHunter.exe

F2 - REG:system.ini: Shell=explorer.exe(((((((THIS ENTRY))))



O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ManualRun] "Z:\AUTORUN\AutoRun"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "GOLFGTI16V"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7ED414-227D-4C40-8E77-52916DF2AB44}: NameServer = xxxxxxxx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,620 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
08-Nov-2005, 02:37 PM #2
It's safe.

F2 is the UserInit entry which corresponds to the key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit which is found in Windows NT, 2000, XP and 2003. This key specifies what program should be launched right after a user logs into Windows.
bookime wood's Avatar
bookime wood bookime wood is offline
Senior Member with 615 posts.
THREAD STARTER
 
Join Date: Jul 2003
08-Nov-2005, 02:59 PM #3
Quote:
Originally Posted by Cheeseball81
It's safe.

F2 is the UserInit entry which corresponds to the key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit which is found in Windows NT, 2000, XP and 2003. This key specifies what program should be launched right after a user logs into Windows.

Good stuff cheeseball, many thanks
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,620 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
08-Nov-2005, 03:01 PM #4
You're very welcome

You can mark your thread "Solved" from the Thread Tools drop down menu.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑