Member Avatar for doctorcoool

Help! Recently downloaded XP SP2 and am having serious problems with my computer. I am unable to use my 'search', 'help and support' or 'system restore' functions. Clicking on these just brings up an empty window. I've uninstalled SP2 but still have these problems. I also now get an "internal application error" message on a number of programs that deleting and reinstalling won't fix.

I have previously checked for viruses and am ok.

I took the advice posted on the below link and downloaded Spybot - Search & Destroy as well as Ad-Aware and removed everything that came up questionable and then rebooted. I have attached the subsequent HijackThis logfile, although I have no idea what it means. Again, I am unable to create or load system restore points because the window comes up blank.

http://www.daniweb.com/techtalkforums/thread10287.html


Logfile of HijackThis v1.98.2
Scan saved at 10:08:42 PM, on 9/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINNT\System32\ezSP_Px.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paula's Account\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {9F6A22E6-1682-4F82-9B72-6314794CB253} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - http://mars.installshield.com/is/x/1001/windows/premier/eval/oci/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16ed0f9b5283f6b71622/netzip/RdxIE601.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activex/LightSurfUploadControl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab

  • 5 Contributors
  • 13 Replies
  • 295 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by DuncanIdaho

Recommended Answers

All 13 Replies

Member Avatar for mikeandike22

these look like they could be viruses. i would set a system restore point and remove these.

C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe

here is a good post on how to detect viruses in spyware in hijackthis.It also tells you how to effectively remove viruses.

http://www.daniweb.com/techtalkforums/thread10063.html

commented: These are not viruses. +0
Member Avatar for doctorcoool

I've tried everything with no luck. I've removed those things listed below, as well as ran Symantic antivirus scans and Ad Aware and Spybot with no luck. Uninstalling XP SP2 does no good either. Any other thoughts? Anyway of loading an old restore point without going through the system restore program that currently doesn't work? I have went to the last restore point under the F8 function but nothing changed. I didn't see an option of going back to other restore points.

Member Avatar for crunchie

These entries are legitimate & are related to your modem:

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe

Go to your hijackthis folder & restore the back-up.

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop (in a folder on the desktop is fine) & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {9F6A22E6-1682-4F82-9B72-6314794CB253} - (no file)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16ed0f9b5283f6...ip/RdxIE601.cab
-Netster

This will not fix your problem, for which, I have no answer for you :(

Member Avatar for mikeandike22

Ok i made a mistake other people have made that same one in other posts you didnt have to bump my rep.

Member Avatar for dlh6213

Dr., check out the links in the posts to this thread, hopefully you will find something to help. Good luck!

Member Avatar for DuncanIdaho

Don't remove this:
C:\WINNT\System32\SK9910DM.EXE

It's IBM's keyboard driver, to set up the extra keys on their Media pro keyboards, (which come with many branded machines as well, i.e. Gateway).

Thought I should speak up.

Member Avatar for doctorcoool

Thanks for all the suggestions. I tried everything with no success so ended up backing up my files and reinstalling XP. I also reinstalled XP SP2. I have none of the problems from before. The only quirk now is with the mouse. When I right click on the desktop I get the hour glass icon for a minute+ and other applications really slow to a crawl. The normal box with various options never appears. There is nothing physcially wrong with the mouse itself. I am able to right click on everything but the blank desktop with no problems at all. Ideas?

Member Avatar for DuncanIdaho

You most likely have DiVX installed. The old version of DiVX doesn't like SP2. There is an updated version of DiVX available here:

http://www.divx.com/

Member Avatar for crunchie

Ok i made a mistake other people have made that same one in other posts you didnt have to bump my rep.

Hey, we all make mistakes :). Don't know who bumped your rep though.

Member Avatar for doctorcoool

I don't have DiVX. Any other thoughts?

Member Avatar for mikeandike22

Try reinstalling the mouse drivers if like most people you have an intellepoint optical mouse than you can find the drivers at microsoft.com. You could still have viruses on your system do another virus scan to make sure.

Member Avatar for DuncanIdaho

There is a fix that was listed in the DiVX website that involved disabling DEP, which cleared up lockups and crashes and other strange behavior when right clicking after installing SP2. It sounds very similar to your problem, so perhaps the fix would help you.

DiVX deleted the thread that had the fix in it, but the same fix applies for a few other issues, I found it on Microsoft's website here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;878474

It is the second solution on the page, which details how to disable DEP on Windows XP.

I hope this solves the issue for you as well. :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.