Prog minimises without intervention

Talim

Fledgling Freddie
Joined
Jan 29, 2004
Messages
139
Running WinXP SP1 the game auto minimises to the task bar periodically - maybe every 5 mins on average. All spyware/adware has just been cleaned, Dxdiag shows no problem. Has been working fine for months. No changes to machine that I am aware of.
Any thoughts appreciated.
 

Talim

Fledgling Freddie
Joined
Jan 29, 2004
Messages
139
Additional Info

I have timed it - its every 3 mins if that helps ?.
 

eugeneg

Fledgling Freddie
Joined
Mar 25, 2005
Messages
6
This problem did not happen for the initial 5 hours after 1.73 was installed....until a reboot. Now it happens every 3 minutes regular as clockwork. Irrispective of what's happening - even when nothing is happening with the game. The PC was heavily infected with malware, but Spyware Doctor, Ad-Aware, Spybot and Bazooka got rid of all I know of. What is it that can cause the screen to shrink to an icon on the taskbar every 3 minutes ? Must be machine related as the same account on another PC does not have this problem. Here's a log of what's running:

Logfile of HijackThis v1.98.2
Scan saved at 20:43:09, on 25/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\userinit32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svh0st.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\ToA\game.dll
J:\TOOLS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.supanet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW_ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [svh0st] svh0st.exe
O4 - HKLM\..\RunServices: [svh0st] svh0st.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c267.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/templates/btwebcontrol012.cab
O16 - DPF: {F0FCC76D-767E-4759-A447-62289CA775AA} (Coreport SSO Client) - http://client.dbm.com/v51/ie/controls/CoreportSsoClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96A1F242-F179-4634-832D-267772AF8F44}: NameServer = 194.74.65.68 194.72.9.39
 

Ctuchik

FH is my second home
Joined
Dec 23, 2003
Messages
10,459
sorry, i cant help u much. but i noticed this program running "C:\WINDOWS\System32\svh0st.exe" now i'm almost willing to bet my right arm that theres NO "legal" programs that will EVER put a number insted of a letter in their executable..and isnt there supposed to be svChost to? :)

id kill that program if i were u and see what happends.

and shut down (preferably uninstall) DaemonTools. its got some wierd way of fucking about with stuff it shouldent be doing.

"oh, and C:\WINDOWS\system32\lsass.exe" is a worm :) heres a link on how to get rid of it. http://ask-leo.com/what_are_lsass_l...know_if_im_infected_what_do_i_do_if_i_am.html


oh and kill those yahoo crap programs.. they just waist system resourses :)

well, not much help there but thats all i could find that i knew something about :p

/edit: well there goes my so called "know it" out the drain. lsass isnt the worm, it just abuses a whole in that program...
 

Users who are viewing this thread

Top Bottom