If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Please, need help desperately!!!
I utilize my home system every day for work purposes. I
don't even know where to start but here I go. Last Wednesday my system started taking forever to load the desktop. Basically, after selecting cancel on the logon popup screen, my system hesitates for about 5 minutes then loads the desktop. During this hang up I press ctrl+alt+del and see only three items that have loaded which are Explorer, Avgserv9 and hidserv. Then when the desktop loads I review the list again and two more items appear acrotray and avgcc32. I have tried to run Ad-aware, spybot and AVG to ensure that I do not have any unexpected items on my system. Also, while I was in internet explorer I received a message that states "This program has performed an illegal operation and will be shut down" and then my desktop disappeared again. I tried to repair Internet Explorer through the system.ini file and ran a Repair through the add/remove programs menu. This did not help. Any suggestions as to what this could be? Oh and the day before this started happening I loaded Ulead software for my new pencam, I tried unistalling the software, as well as, a system restore hoping this would fix the problem and this did not work. I also loaded Snapfish's upload program, which could also be the culprit? Logfile of HijackThis v1.98.1 Scan saved at 6:22:13 PM, on 8/3/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\SYSTEM\HIDSERV.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE C:\WINDOWS\SYSTEM\MSCONFIG.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast F1 - win.ini: run=hpfsched O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544- FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - (no file) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908- 00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644- 206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333- CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1- 7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908- 00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18- 009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6 \avgcc32.exe /STARTUP O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1 \GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/scri...ons/review.htm O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE- 00C0F0318AFE} - (no file) O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908- 00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa- 0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE- C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880- 6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE- C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880- 6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3- B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO! \MESSENGER\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E- 7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO! \MESSENGER\YPAGER.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b- 00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Dell Home - {F02DFA00-625A-11D3-83D3- F0B246C10000} - http://www.dell.com/ (file missing) (HKCU) O9 - Extra button: (no name) - {51D0DC00-6A83-11D5-83D4- 0000C07BDFFB} - (no file) (HKCU) O9 - Extra button: ComcastHSI - {A9093180-E2BC-11D7-83D7- 0000C07BDFFB} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Help - {A9093181-E2BC-11D7-83D7- 0000C07BDFFB} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O9 - Extra button: Support - {A9093182-E2BC-11D7-83D7- 0000C07BDFFB} - http://www.comcastsupport.com (file missing) (HKCU) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1 \Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/packages/GSManager.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...qtinstall.info ..apple.com/samantha/us/win/QuickTimeInstaller.exe O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v40/sol/sol.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/Shar...t/sc/bin/cabsa. cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/Shar.../vc/bin/AvSnif f.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2.../housecall.ant ivirus.com/housecall/xscan53.cab O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB Thank you in advance for your help. |
#2
|
|||
|
|||
Please, need help desperately!!!
The best thing you can do is have a computer guru friend look it over, or
take it to a computer repair facility. Judging from your statements, it is probably not something you should tackle. |
#3
|
|||
|
|||
Please, need help desperately!!!
renee wrote:
I utilize my home system every day for work purposes. I don't even know where to start but here I go. Last Wednesday my system started taking forever to load the desktop. Basically, after selecting cancel on the logon popup screen, my system hesitates for about 5 minutes then loads the desktop. During this hang up I press ctrl+alt+del and see only three items that have loaded which are Explorer, Avgserv9 and hidserv. Then when the desktop loads I review the list again and two more items appear acrotray and avgcc32. I have tried to run Ad-aware, spybot and AVG to ensure that I do not have any unexpected items on my system. Also, while I was in internet explorer I received a message that states "This program has performed an illegal operation and will be shut down" and then my desktop disappeared again. I tried to repair Internet Explorer through the system.ini file and ran a Repair through the add/remove programs menu. This did not help. Any suggestions as to what this could be? Oh and the day before this started happening I loaded Ulead software for my new pencam, I tried unistalling the software, as well as, a system restore hoping this would fix the problem and this did not work. I also loaded Snapfish's upload program, which could also be the culprit? Logfile of HijackThis v1.98.1 Scan saved at 6:22:13 PM, on 8/3/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\SYSTEM\HIDSERV.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE C:\WINDOWS\SYSTEM\MSCONFIG.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast F1 - win.ini: run=hpfsched O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544- FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - (no file) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908- 00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644- 206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333- CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1- 7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E- 00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908- 00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18- 009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6 \avgcc32.exe /STARTUP O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1 \GRISOFT\AVG6\Avgserv9.exe O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/scri...ons/review.htm O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE- 00C0F0318AFE} - (no file) O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908- 00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa- 0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE- C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880- 6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE- C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880- 6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3- B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO! \MESSENGER\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E- 7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO! \MESSENGER\YPAGER.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b- 00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Dell Home - {F02DFA00-625A-11D3-83D3- F0B246C10000} - http://www.dell.com/ (file missing) (HKCU) O9 - Extra button: (no name) - {51D0DC00-6A83-11D5-83D4- 0000C07BDFFB} - (no file) (HKCU) O9 - Extra button: ComcastHSI - {A9093180-E2BC-11D7-83D7- 0000C07BDFFB} - http://www.comcast.net (file missing) (HKCU) O9 - Extra button: Help - {A9093181-E2BC-11D7-83D7- 0000C07BDFFB} - http://www.comcast.net/memberservices/ (file missing) (HKCU) O9 - Extra button: Support - {A9093182-E2BC-11D7-83D7- 0000C07BDFFB} - http://www.comcastsupport.com (file missing) (HKCU) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1 \Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/packages/GSManager.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...qtinstall.info .apple.com/samantha/us/win/QuickTimeInstaller.exe O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v40/sol/sol.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/Shar...t/sc/bin/cabsa. cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security2.norton.com/SSC/Shar.../vc/bin/AvSnif f.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2.../housecall.ant ivirus.com/housecall/xscan53.cab O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB Thank you in advance for your help. Hi, Post your HijackThis log in an anti-spyware forum such as Computer Cops- http://computercops.biz/forums.html You mentioned you uninstalled the software for your pencam-- did you also remove the device from device manager? You also seem to have 2 anti-virus applications- AVG and Norton. Probably best to use only one; if you choose to uninstall Norton, check their site as they have a program to remove many of the things that the uninstaller won't. If nothing else, you'll reclaim gobs of hard drive space by uninstalling System Works. You have some things that can be trimmed from your startup group also, but post your HijackThis log as mentioned before. Update and run Ad-Aware and then create a new log to post at an anti-spyware forum. MM |
Thread Tools | |
Display Modes | |
|
|