0

Hello everyone,
My main computer is a windows XP.I don't know much, if anything other than a few basic things,I do Interior Designer/Decorating work,not anything computer related.
When I am running this computer, the start menu will pop up out of the blue and windows related to start and shut down the windows Im working in.I've run every type of virus and spyware I have.How can I fix this?

I did install highjack and thisis what it came up with:

Thanks for your time and help,I appreciate it.
Trish

StartupList report, 8/10/2008, 3:44:55 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16674)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\PROGRA~1\SPYWAR~3\SpywareTerminatorShield.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Loki Network\Loki Network Client\NetLoki.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
EM_EXEC = C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
NWEReboot = 
BellSouthAlertManager.exe = C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
HelpCenter4.1 = C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
flockbox = C:\Program Files\My Lockbox\flockbox.exe /a
SnoopFreeUI = SnoopFreeUI.exe
SpywareTerminator = "C:\PROGRA~1\SPYWAR~3\SpywareTerminatorShield.exe"
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Sonic RecordNow! = 
updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
NetLoki.exe = C:\Program Files\Loki Network\Loki Network Client\NetLoki.exe
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=avgrsstx.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG8\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E}
(no name) - C:\Program Files\Juno\qsacc\X1IEBHO.dll (file missing) - {52706EF7-D7A2-49AD-A615-E903858CF284}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL - {A057A204-BACC-4D26-9990-79A187E2698E}
ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}

--------------------------------------------------

Enumerating Download Program Files:

[{01118A01-3E00-11D2-8470-0060089874ED}]
CODEBASE = [url]https://password.bellsouth.net/sdccommon/download/tgctlsr.cab[/url]

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = [url]http://office.microsoft.com/templates/ieawsdc.cab[/url]

[Shockwave ActiveX Control]
CODEBASE = [url]http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[/url]

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]

[Microsoft PID Sniffer]
InProcServer32 = C:\WINDOWS\System32\odc.dll
CODEBASE = [url]https://support.microsoft.com/OAS/ActiveX/odc.cab[/url]

[{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}]
CODEBASE = [url]https://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab[/url]

[EPUImageControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
CODEBASE = [url]http://tools.ebayimg.com/pm/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab[/url]

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\muweb.dll
CODEBASE = [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128129205312[/url]

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = [url]http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[/url]

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = [url]http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab[/url]

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
CODEBASE = [url]http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]

[Persits Software XUpload]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\XUpload.ocx
CODEBASE = [url]http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx[/url]

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 9,230 bytes
Report generated in 0.438 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only

Edited by mike_2000_17: Fixed formatting

2
Contributors
1
Reply
2
Views
9 Years
Discussion Span
Last Post by Cyber Punk
0

Hi Trish, welcome to DaniWeb.
Please read this thread.
It requests you to create a thread in this section.
Please start a new thread and post the HijackThis log in that.

  1. Please download the latest copy of HijackThis from Trend Micro and save it to your desktop.
  2. Double click on HJTInstall.exe to install it. Click on Install. By default, it will install to C:\Program Files\Trend Micro\HijackThis.
  3. Read through the License Agreement presented to you on the next screen and click on I Accept.
  4. Once installed, HijackThis will start automatically. If it doesn't, please go to your desktop and double click on the HijackThis shortcut created there.
  5. Select Do a system scan and save a logfile.
  6. Close HijackThis.

Note: Do not click on the AnalyzeThis button.

Do not fix any lines you see in HijackThis as most entries are harmless and needed for the normal functioning of Windows.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.