Results 1 to 3 of 3

Thread: Unknown bug

  1. #1
    Junior Member
    Join Date
    Sep 2006

    Unknown bug

    Hello all,

    I have some kind of malware I can't find. Norton, Ad-Aware, Spybot, and TrendMicro's Housecall all come up clean. I have run CCleaner. Still something is there.

    I'm running XP Home, and the symptoms involve one user account. When logged in to that account, no change I make, e.g. IE6 home page, is permanent. IE6 doesn't run correctly, e.g. can't access, multiple messages appear in the lower left too fast to read. There are entries in Event Viewer Security log about twice per minute, event id 529 and 680, CCleaner can't run under that account. Here is the tiny HijackThis! log:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [No! Flash] C:\Program Files\NoFlash\NoFlash.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

    That's it.

    Any suggestions?


    p.s. Symptoms are the same in Safe Mode.

  2. #2
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    What does the task manager have going in the system processes?

    Could it be a rootkit?

    YOur highjackthis looks clean to me...

    Did you try disabling system restore, run the virus scan, spybot, then adaware, and then running the highjackthis?

    Could be that whatever it is is stuck in the system restore so everytime you reboot it comes back no matter how many times you run the AVs and stuff...

    One other thing, are you sure the accounts are not damaged? They could be corrupted and you might need to back up your settings and files and create a new account and delete the old ones.

    Also do the accounts have the proper privileges? That could be it as well.

  3. #3
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    As your problem only occurs in one profile it is likely a HKCU or a start up folder entry. Rather than arsing about I would delete the profile and make a new one with a similar/same name afterwards. You can even import the old data to the new profile. No reason to beat yourself up trying to track down something which may turn out to be a 'feature' rather than a problem.
    I'm using Windows 7 - you got a problem with that?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts