TechSpot

taskbar issues

By gtgp97
Mar 3, 2004
  1. Well im trying to help a friend out with her computer because she isnt too good with them so i get rid of her 6 viruses, run spybot search and destroy and clear all her cache's and temporary folders but her taskbar will not respond at first click but responds minutes later. I have run Hijackthis and the log is


    "Logfile of HijackThis v1.97.5
    Scan saved at 8:29:38 PM, on 3/1/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
    C:\WINDOWS\System32\pctspk.exe
    C:\Program Files\Philips\External Drive\Blue Button\bbSysTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\Keyhost.exe
    C:\WINDOWS\svchost.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Kelly\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
    C:\Documents and Settings\Kelly\Local Settings\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.searchant.com/sp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.searchant.com/sp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pop.popuptoast.com/9901/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.searchant.com/r=6&s=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
    O3 - Toolbar: IE Addon - {92F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Internet Explorer\Toolbar\toolbar.dll
    O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\WINDOWS\2020Search2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [bbSysTray] C:\Program Files\Philips\External Drive\Blue Button\bbSysTray.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [YahooStock] C:\WINDOWS\k5mhyprd.exe
    O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\version.exe
    O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\System32\Keyhost.exe
    O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
    O4 - HKLM\..\Run: [bokembj] "C:\WINDOWS\System32\bokembj.exe"
    O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\internetfeatures.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [iefeatures] C:\WINDOWS\System32\iefeatures.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and Settings\Kelly\dp-b23011805.exe
    O4 - HKLM\..\Run: [Windows Service] WINSVC.EXE
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Windows Service] WINSVC.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &IE Toolbar search - res://C:\Program Files\Internet Explorer\Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: IE Addon (HKLM)
    O9 - Extra 'Tools' menuitem: IE Addon (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38047.5370949074
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/L2M.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ECC3EDD9-E15F-4259-BCDA-2DB696E02984}: NameServer = 204.60.203.179 66.73.20.40"

    Can someone help me out and see if they see anything abnormal?
     
  2. ---agissi---

    ---agissi--- TechSpot Paladin Posts: 1,977   +15

    Try doing:

    CTRL+ALT+DEL
    Processes Tab > EXPLORER.EXE [not iexplorer! thats internet explorer :p] > End Task
    Applications Tab > New Task > "Explorer" [without quotes]

    That will close the taskbar and reopen it. Im not sure if it'll fix your problem entirely, but when its frozen it may fix the prob =\ Lets hope so....
     
  3. gtgp97

    gtgp97 TS Rookie Topic Starter

    worked for about 10 seconds then it froze again...thats a good trick for when my explorer closes sometimes...thanks

    anything else i can try?
     
  4. StormBringer

    StormBringer TS Rookie Posts: 2,244

    yea, instead of me going through your HJT log, why don't ya grab Spybot and Adaware, update them, then run them, one at the time, allow them to remove what they find, then run HJT again and post your log.

    In other words, you have some Spyware that needs taking care of.
     
  5. ---agissi---

    ---agissi--- TechSpot Paladin Posts: 1,977   +15

     
  6. gtgp97

    gtgp97 TS Rookie Topic Starter

    yeah i have read some posts on this and it always has to do with adaware of some kind so i ran spybot but did not run adaware because shes still on dial up and i dont have much patience...do you think i should try that?
     
  7. StormBringer

    StormBringer TS Rookie Posts: 2,244

    I stand behind my previous statement
     
  8. gtgp97

    gtgp97 TS Rookie Topic Starter

    yeah thanks for no help then...anybody else do you know what O4 - HKLM\..\Run: [bokembj] "C:\WINDOWS\System32\bokembj.exe" is?? i have a feeling this is part of the problem
     
  9. StormBringer

    StormBringer TS Rookie Posts: 2,244

    First off, you need to run Adaware if you haven't already, if you have already run both, then you need to update them andf run them again. I am pretty sure that the Varisign entry in your hosts file would be removed by spybot(I remember it doing so for me once) Some of those other things look a bit suspicious as well. This is what I meant by my previous reply. It was directed to agissi, not at you, as you had not yet replied when I made my reply.

    BTW, I have no idea what that bokembj.exe is, and neither does Google. I too would be suspicious of it. Try disabling it from running at startup.
     
  10. gtgp97

    gtgp97 TS Rookie Topic Starter

    sorry about the misunderstanding its just ive tried to fix this for over a combined like 5 hours and its starting to get to me...i tried google too and it didnt find anything ill try adaware i thought spybot would be good enough and spybot was up to date when i did the scan ... when i ran i virus scan with her pc cillin it found bokembj.exe as a virus i remember but could not fix the problem so i went in and tried to delete it but it was in memory so it couldnt be deleted...so i brought over norton and ran it and it did not find this as a virus so i wasnt sure if cillin is just not a good prog
     
  11. StormBringer

    StormBringer TS Rookie Posts: 2,244

    cillin likely had Heuristic scanning options enabled and NAV did not, this would explain why it identified it as a virus, even though it is not documented as one. PCcillin is kept updated as much so as any of the others, so I wouldn't say its not a good app.
    The Spybot vs. Adaware issue has been discussed on the forums quite a bit and most of us have determined that at any given time, running them both is the best, since running one after the other will usually pick up a few things the other missed.

    As for what to do about the alleged virus, I'd keep looking around for what it might be, and if possible, submit a copy of it to one or more of the AV companies like Symantec. I'd also try to remove it in safe mode in the meantime.
     
  12. gtgp97

    gtgp97 TS Rookie Topic Starter

    StormBringer you were dead on with running the adaware also...it found 237 reg keys and 1 process and some other stuff on her comp...everything is working better than when she got it now she said thanks for all the help man!!
     
  13. StormBringer

    StormBringer TS Rookie Posts: 2,244

    Glad to know you got it fixed.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...