Author |
Topic: Puter Geeks- HELP! (Read 274 times) |
|
alleyoop
New Board Hall of Famer
Wake me up when it's all over.
 
Gender: 
Posts: 1143
|
 |
Puter Geeks- HELP!
« on: Aug 23rd, 2004, 10:09pm » |
 Quote  Modify
|
HELP!!!
I'm running out of options here. I recently posted to Tom Coyote in hopes of getting some help, but so far- no response. After running at least a half dozen different scans or more, I came up with zilch. I finally ran hijackthis and posted it to Tom Coyote.
Here is my post:
platform:
windows xp home
IE 6.0
FireFox 0.9.1
Problems:
1) Crashes- sometimes when running Webroot's SpySweeper & AdAware. Everytime when running SpyBot. Everytime when running Norton AV(Norton Internet Security 2003) unless I uncheck "Scan Compressed Files". Also crashes when running on-line scans.
2) Start menu- When I press start menu button on task bar the start menu comes up, but when I try to move the cursor off of the task bar to the start menu, it disappears. The only way I can get into the start menu is by prepositioning the cursor in the start menu area and pressing the windows button on my keyboard.
3) Window swapping(very annoying!)- If I have more than one window open at a time and I move my cursor over a backguound window, it brings that window to the foreground, without clicking on it. If it's a small (pop-up, download, etc.) window, it automatically hides behind the window I'm working in. This happens with both IE and FireFox. If I open multiple windows, I have to minimize all but the one I'm working in.
4) Phantom app in task bar(mildly annoying)- I sometimes have what I call a phantom app lodge itself in my task bar. It's simply a button with a white screen with a blue band across the top(application icon?). No matter how many times you click on it, nothing happens- no window. The only way I can get rid of it is to reboot.
I have followed all instructions to a T, including running all scans in safe mode and making sure everything was updated first. I made my root HJT folder and downloaded the latest version of highjackthis. I've run it once (in normal mode) and saved the log. I will be glad to run it in safe mode if that's what you want me to do. It is a rather large log.
TIA for any and all help!
Alley
.................................cont.
|
|
 IP Logged |
I know that the Good Lord won't put any more on you than you can stand, but sometimes I wish He weren't quite so PROUD of ME!
|
|
|
alleyoop
New Board Hall of Famer
Wake me up when it's all over.
Gender:
Posts: 1143
|
 |
Re: Puter Geeks- HELP!
« Reply #1 on: Aug 23rd, 2004, 10:21pm » |
Quote Modify
|
Here is my HJT file:
Logfile of HijackThis v1.98.2
Scan saved at 8:25:20 AM, on 8/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\aaksrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\PC Magazine Utilities\DiskPiePro\DiskPiePro.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\Program Files\Advanced Anti Keylogger\aak.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
c:\windows\system32\grr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Corel\Office7\Shared\PFit7\ps70.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newnan.cc
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newnan.cc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web Historian - {4018FEE0-AAEB-4c2f-8F5A-66A637718AE5} - C:\Program Files\PC Magazine Utilities\WebHistorian\CacheKeeperHlprNT.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: inetLock route - {E02E86EB-220B-4B59-A251-F849405E1D64} - C:\Program Files\PC Magazine Password Profiler\inetLockBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [DiskPiePro] "C:\Program Files\PC Magazine Utilities\DiskPiePro\DiskPiePro.exe" /m
O4 - HKCU\..\Run: [AAK] C:\Program Files\Advanced Anti Keylogger\aak.exe /silent
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: BHO Cop.lnk = C:\Program Files\BHOCop\BHOCop.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
|
|
IP Logged |
I know that the Good Lord won't put any more on you than you can stand, but sometimes I wish He weren't quite so PROUD of ME!
|
|
|
alleyoop
New Board Hall of Famer
Wake me up when it's all over.
Gender:
Posts: 1143
|
|
Re: Puter Geeks- HELP!
« Reply #2 on: Aug 23rd, 2004, 10:25pm » |
Quote Modify
|
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WebHistorian - {6D10817C-3C32-4479-AB42-70EF3A6D1762} - C:\Program Files\PC Magazine Utilities\WebHistorian\WebHistorianDlg.dll (HKCU)
O9 - Extra 'Tools' menuitem: &WebHistorian - {6D10817C-3C32-4479-AB42-70EF3A6D1762} - C:\Program Files\PC Magazine Utilities\WebHistorian\WebHistorianDlg.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
|
|
IP Logged |
I know that the Good Lord won't put any more on you than you can stand, but sometimes I wish He weren't quite so PROUD of ME!
|
|
|
Cerberus
New Board Hall of Famer
Whomever said that two heads are better than one?
Gender:
Posts: 2117
|
|
Re: Puter Geeks- HELP!
« Reply #4 on: Aug 24th, 2004, 12:31am » |
Quote Modify
|
Best Guess?.....Worm.
I am no computer guru by any means, but I would reformat if there isnt too terribly much important info ya absolutely cant live without.
Ramon
|
|
IP Logged |
I would rather face the end with terror than terror without end. - (Deitrich Sawatsky 194?)
|
|
|
alleyoop
New Board Hall of Famer
Wake me up when it's all over.
Gender:
Posts: 1143
|
|
Re: Puter Geeks- HELP!
« Reply #5 on: Aug 24th, 2004, 12:46am » |
Quote Modify
|
I was beginning to think I wasn't going to get any response! Thanks Ramon! I'm hoping I can find a 'less drastic' route. If it were a worm, wouldn't the AV have caught it?
.................................alley 
|
|
IP Logged |
I know that the Good Lord won't put any more on you than you can stand, but sometimes I wish He weren't quite so PROUD of ME!
|
|
|
Mark C
CH.com Alumnus
New Board Hall of Famer
Onward through the fog.
Gender:
Posts: 2660
|
|
Re: Puter Geeks- HELP!
« Reply #8 on: Aug 24th, 2004, 4:36pm » |
Quote Modify
|
Bob....can you bum stick of memory you know is good?
I suspect possible memory failure, it is a guess though at this point.
I see no immediate threats in you HJ list. In addition check the Windows XP Event Viewer for error messages. I have tracked down a few bugs with this tool.
Safe Surfing,
Mark
|
|
IP Logged |
Click The Flag
|
|
|
Opus
New Board Hall of Famer
(Insert witty comment here)
 
Gender:
Posts: 2509
|
|
Re: Puter Geeks- HELP!
« Reply #9 on: Aug 24th, 2004, 6:43pm » |
Quote Modify
|
To test your memory use this program.
Memtest86
You can get it to make a bootable floppy or CD-Rom.
Let it run for a long time to see if you have heat related memory failures.
Opus/Paul
|
| « Last Edit: Aug 24th, 2004, 6:44pm by Opus » |
IP Logged |
Zed-Zed-nine plural-Zed alpha,
There is no place like home.
|
|
|
Ronny
CH.com Alumnus
New Board Hall of Famer
Yabba Dabba Doo
Gender:
Posts: 914
|
|
Re: Puter Geeks- HELP!
« Reply #10 on: Aug 24th, 2004, 6:51pm » |
Quote Modify
|
hey,
I would say: reformat the damn thing, start fresh.
I just did mine and its flying now. 
I had lots of problems, the greatest problem for me is that i install every program i run in to on the net. I have learned my lesson. (i say that every time i reformat) 
Ronny.
|
|
IP Logged |
Count your rainbows, not your thunderstorms.
|
|
|
alleyoop
New Board Hall of Famer
Wake me up when it's all over.
Gender:
Posts: 1143
|
|
Re: Puter Geeks- HELP!
« Reply #11 on: Aug 25th, 2004, 9:51pm » |
Quote Modify
|
THANKS to ALL who posted suggestions. I have tried a few of them. Right now I'm not sure what I'm going to do although I'm leaning toward reformatting & reinstalling. Got to do a major back-up first though, if I do go that route. Gotta make a decision soon cause the OS is getting more and more unstable!
..................................alley 
|
|
IP Logged |
I know that the Good Lord won't put any more on you than you can stand, but sometimes I wish He weren't quite so PROUD of ME!
|
|
|
|
|
|
Home
Help
Search
Members
Member Map
Login
Register
Reply
Notify of replies
Send Topic
Print
Remove
test rss