Unidentifiable (source of the) problem

  • Thread starter Thread starter Lysiane Ney
  • Start date Start date
L

Lysiane Ney

Hello,

I've been having this serious browser problem these past months. Multiple
reformattings, proper (adaware 6, panda anti-virus) protection couldn't help
it from coming back to bug me again, time after time: on opening a new
explorer, the page automatically scrolls down to the end, and often refuses
to go back up using the arrow keys (these symptoms are usually later
accompanied by the inability to click links or control anything using the
touchpad, unless I press "Esc" or re-start the system).

If anyone feels like they know about such a virus/trojan/worm/or anything,
please, I'd like to know more (what its is, its name, how to combat).

Just in case, I ran HijackThis, and here's the log:
[Thanks in advance for analyzing this for me and locating anything that
could be related to my problem and/or anything I should delete at all!]

Logfile of HijackThis v1.97.7
Scan saved at 17:56:06, on 24.09.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ESB.exe
C:\WINDOWS\System32\FNF22k.exe
C:\WINDOWS\System32\S3hotkey.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\soundman.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\NoAdware\NoAdware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Lysiane\Local Settings\Temporary Internet
Files\Content.IE5\03DV2IB5\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://silentwonder.com/start.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Liens
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [ESB] C:\WINDOWS\System32\ESB.exe
O4 - HKLM\..\Run: [FNF22k] C:\WINDOWS\System32\FNF22k.exe
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda
titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda
titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda
titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda
titanium antivirus 2004\pavlsp.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38198.4362847222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
 
Lysiane Ney said:
Hello,

I've been having this serious browser problem these past months. Multiple
reformattings, proper (adaware 6, panda anti-virus) protection couldn't help
it from coming back to bug me again, time after time: on opening a new
explorer, the page automatically scrolls down to the end, and often refuses
to go back up using the arrow keys (these symptoms are usually later
accompanied by the inability to click links or control anything using the
touchpad, unless I press "Esc" or re-start the system).

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Click to expand...

You have a laptop. You need your keyboard (thumbstick) and palm rest
(touchpad) replaced. We use Dell, and this is a common problem with the
C610.

If you do not have a warranty to cover the replacement, you could just turn
off gliding and scrolling features in the touchpad driver.

Rick
 
Richard S. Westmoreland said:
You have a laptop. You need your keyboard (thumbstick) and palm rest
(touchpad) replaced. We use Dell, and this is a common problem with the
C610.

If you do not have a warranty to cover the replacement, you could just turn
off gliding and scrolling features in the touchpad driver.

Rick
Click to expand...

Thank you.

I had the touchpad (only!) replaced by Packard Bell a couple of months ago.
The problem reappeared after some time though. Do you think the entire
keyboard/palm rest area should be replaced alltogether still ? I'll have a
hard time convincing the technical desk this is a hardware issue and they
ought to make a replacement again, bigger this time. They keep saying this
is a virus and I'm the one at fault ! But I'll try!

Will explore the glide/scroll turn off option immediately though.

:-)
 
If you do not have a warranty to cover the replacement, you could just turn
off gliding and scrolling features in the touchpad driver.


Rick
Click to expand...

After battling with this scrolling issue for months, having had my pc sent
to the repairshop twice, dealing with a very recalcitrant tech desk, you
just accomplished what I feel is a miracle just by passing this gem of
wisdom onto me. You're a godsend !
Still, I'll try to have Packard Bell replace the whole shebang for me, I
think, so I can be at peace.

Thanks again !

Lysiane
 
Lysiane Ney said:
After battling with this scrolling issue for months, having had my pc sent
to the repairshop twice, dealing with a very recalcitrant tech desk, you
just accomplished what I feel is a miracle just by passing this gem of
wisdom onto me. You're a godsend !
Still, I'll try to have Packard Bell replace the whole shebang for me, I
think, so I can be at peace.
Click to expand...

So this means it works now?

Rick
 
I've been having this serious browser problem these past months. Multiple
reformattings, proper (adaware 6, panda anti-virus) protection couldn't help
C:\Program Files\NoAdware\NoAdware.exe
Click to expand...

I see you've found a workaround for the hardware problem.

I'm no expert at hijackthis logs, but you may want to check out
http://www.adwarereport.com/mt/archives/000023.html
regarding the NoAdware product.

Regards, Dave Hodgins
 
David W. Hodgins said:
I see you've found a workaround for the hardware problem.

I'm no expert at hijackthis logs, but you may want to check out
http://www.adwarereport.com/mt/archives/000023.html
regarding the NoAdware product.
Click to expand...

Dave, you might want to check out
http://spywarewarrior.com/viewtopic.php?t=1154&start=30
http://www.spywarewarrior.com/viewtopic.php?t=1154
for starters. Watch in amazement as the author of adwarereport.com rubbishes
Spybot S&D and Ad-aware for being freeware while hyping *betrayware* apps
that happen to pay him for advertising! Gasp at the gall of the mercenary
little shitbag! Then pass it on.


Shane
Click to expand...
 
Dave, you might want to check out
http://spywarewarrior.com/viewtopic.php?t=1154&start=30
http://www.spywarewarrior.com/viewtopic.php?t=1154
for starters. Watch in amazement as the author of adwarereport.com rubbishes
Spybot S&D and Ad-aware for being freeware while hyping *betrayware* apps
that happen to pay him for advertising! Gasp at the gall of the mercenary
little shitbag! Then pass it on.
Click to expand...

LOL! Thanks for the link. I just ran a google search on "noadware rouge", and
skimmed the article to make sure it wasn't a false report by the authors of noadware.

While I agree with the actual article I linked to, I'll try to remember to exclude
adwarereport.com from any future links I post.

Thanks, Dave Hodgins
 
Richard S. Westmoreland said:
So this means it works now?

Rick
Click to expand...

Yup !

Well, it's all been behaving fine ever since I turned the gliding off
yesterday. I'm keeping my fingers crossed hoping my problem has been solved
forever. In the meanwhile, I'll still try to make the warrantee work for me.

Have a nice week-end (in Berlin?), Rick ! :-)

Lysiane
 
David W. Hodgins said:
LOL! Thanks for the link. I just ran a google search on "noadware rouge", and
skimmed the article to make sure it wasn't a false report by the authors of noadware.

While I agree with the actual article I linked to, I'll try to remember to exclude
adwarereport.com from any future links I post.

Thanks, Dave Hodgins
Click to expand...

There's some pretty funny - or desperately sad, depending on your
viewpoint - stuff on that spywarewarrior forum. Last week I was reading a
thread involving the vendor of *Privacy Tools 2004*
http://spywarewarrior.com/viewtopic.php?t=4112 in much the same vein.


Shane
Click to expand...
 
Lysiane Ney said:
Have a nice week-end (in Berlin?), Rick ! :-)

Lysiane
Click to expand...

No actually I'm in the U.S., I'm just using an account from a Berlin server.
:P

Rick
 
Back
Top