mikeandike22
Nearly a Posting Virtuoso
1,496 posts since May 2004
Reputation Points: 33
Solved Threads: 19
Hardware and Software
>
Microsoft Windows
>
Viruses, Spyware and other Nasties
>
HijackThis Logfile-Probs after XP SP2 download
Have something to say? Contribute New Article Reply to this Article HijackThis Logfile-Probs after XP SP2 download
Help! Recently downloaded XP SP2 and am having serious problems with my computer. I am unable to use my 'search', 'help and support' or 'system restore' functions. Clicking on these just brings up an empty window. I've uninstalled SP2 but still have these problems. I also now get an "internal application error" message on a number of programs that deleting and reinstalling won't fix.
I have previously checked for viruses and am ok.
I took the advice posted on the below link and downloaded Spybot - Search & Destroy as well as Ad-Aware and removed everything that came up questionable and then rebooted. I have attached the subsequent HijackThis logfile, although I have no idea what it means. Again, I am unable to create or load system restore points because the window comes up blank.
http://www.daniweb.com/techtalkforums/thread10287.html
Logfile of HijackThis v1.98.2
Scan saved at 10:08:42 PM, on 9/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINNT\System32\ezSP_Px.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paula's Account\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {9F6A22E6-1682-4F82-9B72-6314794CB253} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - http://mars.installshield.com/is/x/1001/windows/premier/eval/oci/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16ed0f9b5283f6b71622/netzip/RdxIE601.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/LightSurfUploadControl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
I've tried everything with no luck. I've removed those things listed below, as well as ran Symantic antivirus scans and Ad Aware and Spybot with no luck. Uninstalling XP SP2 does no good either. Any other thoughts? Anyway of loading an old restore point without going through the system restore program that currently doesn't work? I have went to the last restore point under the F8 function but nothing changed. I didn't see an option of going back to other restore points.
These entries are legitimate & are related to your modem:
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
Go to your hijackthis folder & restore the back-up.
Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop (in a folder on the desktop is fine) & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {9F6A22E6-1682-4F82-9B72-6314794CB253} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16ed0f9b5283f6...ip/RdxIE601.cab
-Netster
This will not fix your problem, for which, I have no answer for you :(
crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
Ok i made a mistake other people have made that same one in other posts you didnt have to bump my rep.
mikeandike22
Nearly a Posting Virtuoso
1,496 posts since May 2004
Reputation Points: 33
Solved Threads: 19
Dr., check out the links in the posts to this thread, hopefully you will find something to help. Good luck!
dlh6213
Posting Maven
Team Colleague
3,117 posts since Jul 2004
Reputation Points: 63
Solved Threads: 214
Dr., check out the links in the posts to this thread, hopefully you will find something to help. Good luck!
Oops, forgot to include the thread :o
Here it is: http://www.daniweb.com/techtalkforums/thread10031.html
dlh6213
Posting Maven
Team Colleague
3,117 posts since Jul 2004
Reputation Points: 63
Solved Threads: 214
Don't remove this:
C:\WINNT\System32\SK9910DM.EXE
It's IBM's keyboard driver, to set up the extra keys on their Media pro keyboards, (which come with many branded machines as well, i.e. Gateway).
Thought I should speak up.
DuncanIdaho
Posting Whiz in Training
277 posts since Aug 2004
Reputation Points: 15
Solved Threads: 6
Thanks for all the suggestions. I tried everything with no success so ended up backing up my files and reinstalling XP. I also reinstalled XP SP2. I have none of the problems from before. The only quirk now is with the mouse. When I right click on the desktop I get the hour glass icon for a minute+ and other applications really slow to a crawl. The normal box with various options never appears. There is nothing physcially wrong with the mouse itself. I am able to right click on everything but the blank desktop with no problems at all. Ideas?
You most likely have DiVX installed. The old version of DiVX doesn't like SP2. There is an updated version of DiVX available here:
DuncanIdaho
Posting Whiz in Training
277 posts since Aug 2004
Reputation Points: 15
Solved Threads: 6
Ok i made a mistake other people have made that same one in other posts you didnt have to bump my rep.
Hey, we all make mistakes :). Don't know who bumped your rep though.
crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
Try reinstalling the mouse drivers if like most people you have an intellepoint optical mouse than you can find the drivers at microsoft.com. You could still have viruses on your system do another virus scan to make sure.
mikeandike22
Nearly a Posting Virtuoso
1,496 posts since May 2004
Reputation Points: 33
Solved Threads: 19
There is a fix that was listed in the DiVX website that involved disabling DEP, which cleared up lockups and crashes and other strange behavior when right clicking after installing SP2. It sounds very similar to your problem, so perhaps the fix would help you.
DiVX deleted the thread that had the fix in it, but the same fix applies for a few other issues, I found it on Microsoft's website here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;878474
It is the second solution on the page, which details how to disable DEP on Windows XP.
I hope this solves the issue for you as well. :)
DuncanIdaho
Posting Whiz in Training
277 posts since Aug 2004
Reputation Points: 15
Solved Threads: 6
This article has been dead for over three months
You
© 2012 DaniWeb® LLC
