Clusterheadaches.com Message Board
        (http://www.clusterheadaches.com/cgi-bin/yabb/YaBB.cgi)
      

        New Message Board Archives >> 2004 Posts >> Puter Geeks- HELP!
        
(Message started by: alleyoop on Aug 23rd, 2004, 10:09pm)
Title: Puter Geeks- HELP!
Post by alleyoop on Aug 23rd, 2004, 10:09pm
HELP!!!

I'm running out of options here. I recently posted to Tom Coyote in hopes of getting some help, but so far- no response. After running at least a half dozen different scans or more, I came up with zilch. I finally ran hijackthis and posted it to Tom Coyote.

Here is my post:

platform:
windows xp home
IE 6.0
FireFox 0.9.1

Problems:

1) Crashes- sometimes when running Webroot's SpySweeper & AdAware. Everytime when running SpyBot. Everytime when running Norton AV(Norton Internet Security 2003) unless I uncheck "Scan Compressed Files". Also crashes when running on-line scans.

2) Start menu- When I press start menu button on task bar the start menu comes up, but when I try to move the cursor off of the task bar to the start menu, it disappears. The only way I can get into the start menu is by prepositioning the cursor in the start menu area and pressing the windows button on my keyboard.

3) Window swapping(very annoying!)- If I have more than one window open at a time and I move my cursor over a backguound window, it brings that window to the foreground, without clicking on it. If it's a small (pop-up, download, etc.) window, it automatically hides behind the window I'm working in. This happens with both IE and FireFox. If I open multiple windows, I have to minimize all but the one I'm working in.

4) Phantom app in task bar(mildly annoying)- I sometimes have what I call a phantom app lodge itself in my task bar. It's simply a button with a white screen with a blue band across the top(application icon?). No matter how many times you click on it, nothing happens- no window. The only way I can get rid of it is to reboot.

I have followed all instructions to a T, including running all scans in safe mode and making sure everything was updated first. I made my root HJT folder and downloaded the latest version of highjackthis. I've run it once (in normal mode) and saved the log. I will be glad to run it in safe mode if that's what you want me to do. It is a rather large log.

TIA for any and all help!

Alley

.................................cont.
Title: Re: Puter Geeks- HELP!
Post by alleyoop on Aug 23rd, 2004, 10:21pm
Here is my HJT file:

Logfile of HijackThis v1.98.2
Scan saved at 8:25:20 AM, on 8/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\aaksrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\PC Magazine Utilities\DiskPiePro\DiskPiePro.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\Program Files\Advanced Anti Keylogger\aak.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorServiceNPF03.exe
c:\windows\system32\grr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Corel\Office7\Shared\PFit7\ps70.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newnan.cc
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newnan.cc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Web Historian - {4018FEE0-AAEB-4c2f-8F5A-66A637718AE5} - C:\Program Files\PC Magazine Utilities\WebHistorian\CacheKeeperHlprNT.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: inetLock route - {E02E86EB-220B-4B59-A251-F849405E1D64} - C:\Program Files\PC Magazine Password Profiler\inetLockBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [DiskPiePro] "C:\Program Files\PC Magazine Utilities\DiskPiePro\DiskPiePro.exe" /m
O4 - HKCU\..\Run: [AAK] C:\Program Files\Advanced Anti Keylogger\aak.exe /silent
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: BHO Cop.lnk = C:\Program Files\BHOCop\BHOCop.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
Title: Re: Puter Geeks- HELP!
Post by alleyoop on Aug 23rd, 2004, 10:25pm
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WebHistorian - {6D10817C-3C32-4479-AB42-70EF3A6D1762} - C:\Program Files\PC Magazine Utilities\WebHistorian\WebHistorianDlg.dll (HKCU)
O9 - Extra 'Tools' menuitem: &WebHistorian - {6D10817C-3C32-4479-AB42-70EF3A6D1762} - C:\Program Files\PC Magazine Utilities\WebHistorian\WebHistorianDlg.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
Title: Re: Puter Geeks- HELP!O12 - Plugin for .spop: C:\P
Post by alleyoop on Aug 23rd, 2004, 10:26pm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://headaches.about.com
O15 - Trusted Zone: http://*.ajc.com
O15 - Trusted Zone: http://*.ajcjobs.com
O15 - Trusted Zone: http://www.bankofamerica.com
O15 - Trusted Zone: http://www.choppersinc.com
O15 - Trusted Zone: http://www.clusterheadaches.com
O15 - Trusted Zone: http://andrius.esu.lt
O15 - Trusted Zone: http://www.greyware.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://www.mozilla.org
O15 - Trusted Zone: http://www.pgp.com
O15 - Trusted Zone: http://www.spcollege.edu
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/C...nts/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/C...nts/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...73/mcinsctl.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned35.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/software/express...tall/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp...23/cpbrkpie.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ron/install.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O20 - AppInit_DLLs: wbsys.dll, system32\aakah.dll

Would greatly appreciate any help I can get with this!

..........................alley
Title: Re: Puter Geeks- HELP!
Post by Cerberus on Aug 24th, 2004, 12:31am
Best Guess?.....Worm.

I am no computer guru by any means, but I would reformat if there isnt too terribly much important info ya absolutely cant live without.

Ramon
Title: Re: Puter Geeks- HELP!
Post by alleyoop on Aug 24th, 2004, 12:46am
I was beginning to think I wasn't going to get any response! Thanks Ramon! I'm hoping I can find a 'less drastic' route. If it were a worm, wouldn't the AV have caught it?

.................................alley [smiley=huh.gif]
Title: Re: Puter Geeks- HELP!
Post by Jonny on Aug 24th, 2004, 3:33pm
Go here, these dudes rock....they will read your log and help you out.

http://computercops.biz/forums.html

.............................jonny
Title: Re: Puter Geeks- HELP!
Post by Root on Aug 24th, 2004, 4:02pm
You might try this also:
http://www.sisoftware.net/index.html?dir=dload&location=sware_dl_x86&langx=en&a=

It's called Sandra. I hope it helps.

If not try http://fedora.redhat.com That will definetely fix yer problem with XP [smiley=smokin.gif]
Title: Re: Puter Geeks- HELP!
Post by Mark C on Aug 24th, 2004, 4:36pm
Bob....can you bum  stick of memory you know is good?
I suspect possible memory failure, it is a guess though at this point.
I see no immediate threats in you HJ list. In addition check the Windows XP Event Viewer (http://www.windowsnetworking.com/j_helmig/wxpevent.htm) for error messages. I have tracked down a few bugs with this tool.

Safe Surfing,
Mark
Title: Re: Puter Geeks- HELP!
Post by Opus on Aug 24th, 2004, 6:43pm
To test your memory use this program.

Memtest86 (http://www.memtest86.com/)

You can get it to make a bootable floppy or CD-Rom.

Let it run for a long time to see if you have heat related memory failures.

Opus/Paul
Title: Re: Puter Geeks- HELP!
Post by Ronny on Aug 24th, 2004, 6:51pm
hey,

I would say: reformat the damn thing, start fresh.
I just did mine and its flying now. :)
I had lots of problems, the greatest problem for me is that i install every program i run in to on the net. I have learned my lesson. (i say that every time i reformat) ;)

    Ronny.
Title: Re: Puter Geeks- HELP!
Post by alleyoop on Aug 25th, 2004, 9:51pm
THANKS to ALL who posted suggestions. I have tried a few of them. Right now I'm not sure what I'm going to do although I'm leaning toward reformatting & reinstalling. Got to do a major back-up first though, if I do go that route. Gotta make a decision soon cause the OS is getting more and more unstable!

..................................alley :-/


Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB © 2000-2003. All Rights Reserved.