Sign in with
Sign up | Sign in
Your question

Wierd "My Computer" problem

Last response: in Windows XP
Share
July 12, 2005 1:00:30 PM

I have a wierd problem that I don't think many people have encountered. This problem only occurs when I leave my computer for a long period of time, so usually when I'm asleep. I wake up, and find about 30 "My Computer" windows open on the desktop. They're just opening up by themselves overnight! Drives me nuts. We can definately rule out the possibility that it may be a virus of spyware. My computer never has spyware (except the occasional tracking cookie, which you can't avoid). Been going on for the past couple months. The programs I have running in the background are:
VNC, Lexmark, Mouse, Spybot, Automate, Minimizer-XP, Roboform, Download Accelerator Plus, DynAdvance Notifier, Roxio Drag-to-Disk, ZoneAlarm, Internet connection, ATI, Avant Browser.
Any ideas?

More about : wierd computer problem

July 12, 2005 3:07:09 PM

<A HREF="http://forumz.tomshardware.com/software/modules.php?nam..." target="_new">This</A> is a list of free software but at the top there are a lot of applications that you should run. That you haven't detected spyware in the past doesn't mean that you don't have it now.
Some spyware is not detected by a certain program but a different one will detect it.
I would run at least AdAware, and Spybot search and destroy.


<font color=red>It's impossible to make anything foolproof because fools are so ingenious<font color=red>
July 12, 2005 3:19:19 PM

Believe me, I know everything there is to know about spyware. My job is partly fixing spyware problems on computers (tech support for Verizon). I have multiple spyware scanners (among them are are Ad-Aware and Spybot), and I constantly have them running. I use TeaTimer, which will tell me everything that's about to be changed in the system registry and asks for my approval. I scan the system for spyware on a regular bases (every 3 days or so) and it never ever finds spyware, because I'm VERY careful about what sites I go to, what programs I download and what terms of agreements I'm agreeing to. I don't even get a single popup (caused by spyware, of course), except the ones that a certain website has implemented in their HTML code, which is not caused by spyware.
I use ZoneAlarm suite, which includes a virus scanner as well, which has on-access scan enabled and I scan the system every 3 days overnight, and in safe mode if it can't delete certain viruses. I keep my Windows always up to date via Windows Updates.
Thanks for the list of programs though, I'll review it and see if there's anything I like that I don't have :) 
Related resources
July 12, 2005 5:00:56 PM

Run HiJackThis ..

Quick search on google pulls up a few similiar problems after running AV and other spyware removing tools - finding nothing.

If you need help, post the hijackthis file and we'll look through it.
July 12, 2005 5:28:05 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:24:41 PM, on 12/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\AutoMate 5\AutoMate5Svc.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
c:\Program Files\ArGo Software Design\FTP Server\ftpsrvnt.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AutoMate 5\AM5HkWnd.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LMPC\lockpc.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Minimizer-XP\Mini-XP.exe
C:\Program Files\DynAdvance\DynAdvance Notifier\MailNotifier.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Virtual PC\Virtual PC.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Malek\Desktop\HijackThis.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\dapiebar.dll
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AutoMate5] C:\Program Files\AutoMate 5\AM5HkWnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MailNotifier] C:\Program Files\DynAdvance\MailNotifier\MailNotifier.Exe
O4 - HKCU\..\Run: [Lock My PC] C:\Program Files\LMPC\lockpc.exe /s
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Mini-XP] C:\Program Files\Minimizer-XP\Mini-XP.exe
O4 - HKCU\..\Run: [DynAdvance Notifier] C:\Program Files\DynAdvance\DynAdvance Notifier\MailNotifier.Exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Sympatico.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O17 - HKLM\System\CCS\Services\Tcpip\..\{24DFC1AE-8B17-45D4-9801-5FCDF67D243D}: NameServer = 206.47.244.110 207.236.176.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{24DFC1AE-8B17-45D4-9801-5FCDF67D243D}: NameServer = 206.47.244.110 207.236.176.13
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoMate 5 (AutoMate5) - Network Automation, Inc. - C:\Program Files\AutoMate 5\AutoMate5Svc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ArGoSoft FTP Server (msFTPServerForm) - ArGo Software Design - c:\Program Files\ArGo Software Design\FTP Server\ftpsrvnt.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
!