Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem With New Folders


  • Please log in to reply
6 replies to this topic

#1 bentwings

bentwings

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 14 October 2005 - 11:36 PM

Hi,
I'm new to this forum so please bear with me. Before entering this I did a search to see if there was anything like this...didn't see anything. I also looked thru quite a number of posts and topics.

Here is the problem. It started about 2 weeks ago.

I really wanted to create a new folder in "My Documents" to store some new items in.

When I go to my desktop, click on "mydocuments", It opens fine with a list of folders and files. THEN about 20 seconds later a small gray window comes up. This looks like something is being installed. It has the open box with the disc and small computer icon. It says Window Installer... like it is running something. However it locks up the entire screen and computer. I do a CNT,ALT,DEL to get task manager. I check to see if anything strange is running. It says windows installer is running, my documents not responding as well as any other things I have running. usually a forum or SolidWorks remain responding. These usually appear to be runing ok. There doesn't seem to be excess cpu being used. I usually only have 20-21 processes running PF usage is around 140.

It actually creates a folder but I can't name it at this point. This greay window looks for the world like something that is supposed to be MS installer. But I suspect that it is either corrupted or some virus thing.

In order to stop it I must do multiple end tasks and either send or don't send from TM. It will finally end and I will see a folder 1 or folder 2 listed. If I am quick I can rename this folder and all seems ok at least so far. I'm not really sure what to look for.

I had a virus thing that was very similar to this last year that took a reload to get rid of. This turned out to be some porn site installer. It was real tough to deal with. Appeared to come from off shore.

I have Search and destroy, ad-ware, and microsoft antivirus. I try to keep them upto date and run all 3 of them every day. About the only thing I find are a persistant keylogger that ad-ware only picks up and an ocassional browser modifer. Microsoft gets about 1 hit every 8 hours from something trying to be installed. I never accept anything I haven't specifically requested. Search and destroy hasn't picked up anything for awhile.

I hope I have covered enough. I haven't filled out the sig yet but I have a 2.2 pent 4 with 512 ram and a reasonable yr old vid card. The comp works great other wise. I run Solidworks just as well as at work so I have enough power for me.

bentwings


ok I ran a full scan with my ad-ware,spybot and micro soft. now i did the Hijack this. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 2:38:31 AM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: downloa
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.oilburners.net
O15 - Trusted Zone: http://*.usbank.com
O16 - DPF: {0B729AFF-64F7-64D0-463F-761540DFBF24} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {13AC42E6-4044-1E5F-0B56-4C1F0AA7E69C} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {15B1D1F4-2C8A-7A01-51E0-17E879F8D187} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {16D3E07E-A3D3-0E73-DB60-06EF70FE469F} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D75CC7D-C517-22DC-2CFB-06A4632BC100} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {2799714C-EAA5-1D97-2E78-66F92DC86EED} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {2DA25C2C-8A6E-0219-995A-69A163B1723B} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {33EC1593-EBB7-29C9-EC71-00A16A532850} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {35C2FF55-CA29-6EED-F20E-38256746CF7C} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {36CE4FCB-4724-2353-43AD-54FE6A42BC0A} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {3FD0D289-170E-542E-1B73-46E92E0AC7F6} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {4D1C626E-CA54-54CD-80E5-056D05549FC0} - http://69.50.182.94/1/rdgUS1754.exe
O16 - DPF: {52EE8933-5CAF-4671-F0C9-44823F425CED} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {54BDC0CD-B4A3-4D16-0EF7-6E9E664167F9} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {5E2BDDB7-6FA5-12F6-5520-7CD24C225F4A} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200401...meInstaller.exe
O16 - DPF: {72A10A09-2A17-1CED-D803-3B823F0A8DA6} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {75AD6A42-7619-08C5-0BF1-436579244791} - http://69.50.182.94/1/rdgUS896.exe
O16 - DPF: {76F65B2E-59F4-646F-4685-0AA269CCC22C} - http://69.50.182.94/1/rdgUS896.exe
O20 - AppInit_DLLs: 1tkj9vll9315nb.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Edited by bentwings, 15 October 2005 - 02:43 AM.


BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:08:00 PM

Posted 14 October 2005 - 11:57 PM

About the only thing I find are a persistant keylogger that ad-ware only picks up and an ocassional browser modifer

Try posting a HijackThis log for examination, and see if it turns up anything.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:09:00 PM

Posted 15 October 2005 - 12:04 PM

Could you post a screenshot of the grey window/box?
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:08:00 PM

Posted 15 October 2005 - 12:12 PM

You need to post your HJT log at the link I provided.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 bentwings

bentwings
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 16 October 2005 - 03:07 PM

I just posted to the hjt log. I didn't realise it was a different area.

I have a screen shot of the grey box that I saved to a word doc but I don't know how to post it here. help me a bit

Thanks.

#6 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:08:00 PM

Posted 16 October 2005 - 04:45 PM

Inserting An Image Within A Post
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#7 bentwings

bentwings
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 16 October 2005 - 05:24 PM

Inserting An Image Within A Post



Ok I downloaded photobucket. I went back and checked the word doc and it is ok and saved in my documents listed on desk top so it is easy to get to.

Now I go to photobucket and browse then go to my documents and then the file I want is the very last one so I can get to it very quickly (time wise) but now that :thumbsup: windows installer comes up again...only faster and I'm locked up.

The bottom line is now I can't even post the :flowers: screen shot. Obviously from the smilies I'm getting pretty frustrated with this thing.

I don't mess with my computer especially when it is working well and I really need it. I haven't downloaded anything other than some cad files from work that I work on at home. Basically the computer has been pretty good for the last 9 months.

I frequent some truck forums, some hotrod and streetrod , some rc airplane forms, and some engineerignnforums but that's about it.

I appreciate the help. I'm not a comp expert but I'm interested in them and desperatedly want to get this :trumpet: thing fixed.

sorry I could't even give you the shot I have.

bentwings




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users