taskbar issues

[gtgp97]

Well im trying to help a friend out with her computer because she isnt too good with them so i get rid of her 6 viruses, run spybot search and destroy and clear all her cache's and temporary folders but her taskbar will not respond at first click but responds minutes later. I have run Hijackthis and the log is


"Logfile of HijackThis v1.97.5
Scan saved at 8:29:38 PM, on 3/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Philips\External Drive\Blue Button\bbSysTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\Keyhost.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kelly\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\Documents and Settings\Kelly\Local Settings\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.searchant.com/sp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.searchant.com/sp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pop.popuptoast.com/9901/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.searchant.com/r=6&s=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: IE Addon - {92F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Internet Explorer\Toolbar\toolbar.dll
O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\WINDOWS\2020Search2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [bbSysTray] C:\Program Files\Philips\External Drive\Blue Button\bbSysTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [YahooStock] C:\WINDOWS\k5mhyprd.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\version.exe
O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\System32\Keyhost.exe
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [bokembj] "C:\WINDOWS\System32\bokembj.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\System32\internetfeatures.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iefeatures] C:\WINDOWS\System32\iefeatures.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PGStub.exe] C:\Documents and Settings\Kelly\dp-b23011805.exe
O4 - HKLM\..\Run: [Windows Service] WINSVC.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Service] WINSVC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &IE Toolbar search - res://C:\Program Files\Internet Explorer\Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: IE Addon (HKLM)
O9 - Extra 'Tools' menuitem: IE Addon (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38047.5370949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/L2M.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECC3EDD9-E15F-4259-BCDA-2DB696E02984}: NameServer = 204.60.203.179 66.73.20.40"

Can someone help me out and see if they see anything abnormal?

 

[agissi]

Try doing:

CTRL+ALT+DEL
Processes Tab > EXPLORER.EXE [not iexplorer! thats internet explorer ] > End Task
Applications Tab > New Task > "Explorer" [without quotes]

That will close the taskbar and reopen it. Im not sure if it'll fix your problem entirely, but when its frozen it may fix the prob =\ Lets hope so....

 

[gtgp97]

worked for about 10 seconds then it froze again...thats a good trick for when my explorer closes sometimes...thanks

anything else i can try?

 

[StormBringer]

yea, instead of me going through your HJT log, why don't ya grab Spybot and Adaware, update them, then run them, one at the time, allow them to remove what they find, then run HJT again and post your log.

In other words, you have some Spyware that needs taking care of.

 

[agissi]

Originally posted by StormBringer
yea, instead of me going through your HJT log, why don't ya grab Spybot and Adaware, update them, then run them, one at the time, allow them to remove what they find, then run HJT again and post your log.

In other words, you have some Spyware that needs taking care of.

Orgionally Posted by gtgp97
so i get rid of her 6 viruses, run spybot search and destroy

 

[gtgp97]

yeah i have read some posts on this and it always has to do with adaware of some kind so i ran spybot but did not run adaware because shes still on dial up and i dont have much patience...do you think i should try that?

 

[StormBringer]

I stand behind my previous statement

 

[gtgp97]

yeah thanks for no help then...anybody else do you know what O4 - HKLM\..\Run: [bokembj] "C:\WINDOWS\System32\bokembj.exe" is?? i have a feeling this is part of the problem

 

[StormBringer]

First off, you need to run Adaware if you haven't already, if you have already run both, then you need to update them andf run them again. I am pretty sure that the Varisign entry in your hosts file would be removed by spybot(I remember it doing so for me once) Some of those other things look a bit suspicious as well. This is what I meant by my previous reply. It was directed to agissi, not at you, as you had not yet replied when I made my reply.

BTW, I have no idea what that bokembj.exe is, and neither does Google. I too would be suspicious of it. Try disabling it from running at startup.

 

[gtgp97]

sorry about the misunderstanding its just ive tried to fix this for over a combined like 5 hours and its starting to get to me...i tried google too and it didnt find anything ill try adaware i thought spybot would be good enough and spybot was up to date when i did the scan ... when i ran i virus scan with her pc cillin it found bokembj.exe as a virus i remember but could not fix the problem so i went in and tried to delete it but it was in memory so it couldnt be deleted...so i brought over norton and ran it and it did not find this as a virus so i wasnt sure if cillin is just not a good prog

 

[StormBringer]

cillin likely had Heuristic scanning options enabled and NAV did not, this would explain why it identified it as a virus, even though it is not documented as one. PCcillin is kept updated as much so as any of the others, so I wouldn't say its not a good app.
The Spybot vs. Adaware issue has been discussed on the forums quite a bit and most of us have determined that at any given time, running them both is the best, since running one after the other will usually pick up a few things the other missed.

As for what to do about the alleged virus, I'd keep looking around for what it might be, and if possible, submit a copy of it to one or more of the AV companies like Symantec. I'd also try to remove it in safe mode in the meantime.

 

[gtgp97]

StormBringer you were dead on with running the adaware also...it found 237 reg keys and 1 process and some other stuff on her comp...everything is working better than when she got it now she said thanks for all the help man!!

 

[StormBringer]

Glad to know you got it fixed.