What going on with my computer?

[Daniellla]

For once, I can not open a couple of programs...(FileViewerUtility, a sofwear from Cannon Rebel, and the NETGEAR MA101 USB sofwear..that opens, but in what I can call a soft version....It use to open with serveral options, now is just the info about the conection, but I can not access any option)
I create another account on Windows XP and if I switch users on the computer, I can open the Canon soft (the other does not want to open on the new user!)

For second, I get this everytime I log in:
Retrieval of Thotkey failed
Error code 0x00031402, 0x000000002

for 3erd, I found Ltmoh.exe on the Starup list of sistem configuration utility...that was when I uncheched pmproxy (not sure what it is) because it was giving a error message at log in too.


Norton Antivius us update and running well...
I have a Toshiba Satellite 302s
Xp update
Ad-aware 6.0


THANKS!
Daniellle

(I open msconfig and enable EVERYTHING on the start up tab before run HijackThis. Usually I have Drag and drop, ltmoth, pm proxy, real player, syntepenh, syntplpr, american on line, bluetooth and micatek scanner unable)


Logfile of HijackThis v1.98.2
Scan saved at 11:52:28 AM, on 9/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\gearsec.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\system32\SMC2635WMonitor.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Daniela\My Documents\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.harrymania.harrypotter.cz/index2.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe /Type 28
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MA101 Configuration Utility .lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: SMC2635W 11Mbps WLAN Monitor.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\tecno-kazemule\local.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mid: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3122ccba03034d785805/netzip/RdxIE601_es.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.amazon.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

 

[Rollin' Rog]

Retrieval of Thotkey failed

Is a Toshiba driver issue, reportedly resolved by reinstalling the "common module driver/file" that should be supplied somewhere on the original software that came with the machine.

Similarly for other programs that are malfuntioning the first resort should be to completely remove and reinstall them.

While I don't think it is an issue with any of the problems you are describing, I see you have Messenger Plus 3. Unless you paid for this, it is usually associated with a "lop.com" hijack.

 

[Daniellla]

Not more Thotkey problem! THANKS!!!

But...I still have this message everytime I start the computer :-(

'PmProxy.exe

This aplication has failed to star because PMCPL.cpl was not found'

So, I just desable PmProxy using the msconfig....but..what is PmProxy? Why do I need it? why I don't?

About the other program, the canon and the NETGEAR MA101 USB
I have remove them and re-instal MANY MANY TIMES! And still they dont open...or..let me be more specific: They open for a second and with a 'plim' they close again. The Canon one I can use if I log in in the PC as another user. But the problem is I have all my program and documents on my old user name! Any idea why this happens? I spend 2 hs with canon suport and they couldn't fix the problem, and honestly, the softwear open and run on the other user, is not a softwear problem...

And...what is a "lop.com" hijack? How does that affect my computer?

THANKS!

 

[Rollin' Rog]

about pmproxy:

Program Name: PmProxy
Executable Name: PmProxy.exe
Required: Unknown at this time
Comments: Associated with Analog Devices "SoundMAX" audio chipset - often built-in to motherboards. What does it do and is it required?

ref: http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM

I guess you could leave it disabled if there is no loss of sound card functionality that you can detect. You could also reinstall the sound drivers. Probably just removing them from the Device Manager and rebooting would accomplish that, but it might be wise to check up on Toshiba's support pages for any issues regarding them.


I'm not sure what to make of the other problems, except that you might have something starting in your current profile that is causing a conflict.

You could use "msconfig" to do some "clean boot" troubleshooting to test.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;310353

I wouldn't disable "non microsoft" services, at least not at first, since some of them may be associated with the applications you are trying to run and be required for that.

 

[Daniellla]

Well, I have try that before, and it didn't solve the problem, but I thought I will try again....and guest what? THE Thotkey problem is back!!!
But now I know how to fix that, I just insert the toshiba backup disk and uninstaled.
But I still can not run the Canon program, that open for a second and close, or the Netgar one, (I think is because that program is nor running, that I loose my internet conection very frecuently)
I have spend close to a week trying to fix this...At this point, I think it would have been easy to just reintal the complete computer and instal all my programs again...but now is to late for that!

 

[Rollin' Rog]

Not sure what you tried. If the "clean boot", you just need to ensure that when you re-enable the msconfig startups, any entries that you previously had unchecked, you uncheck again.

If you haven't tried the clean boot, it's a worthwhile troubleshooting exercise.

In any case, being as you are in the "Security" forum, I think I can tell you that it does not appear to be a security issue.

If these problems do not occur when using another profile, you might compare just what is running in both profiles, or rather what is not running in the one that works.

I notice you have both "Epson" and "Lexmark" drivers in this one. Perhaps a conflict there?

 

[Daniellla]

I have try the clean boot, more than once, and there is not diference. And even when, after doing it, I unchecked averything that has the word Thotkey on it, I was still having the error message, I needed to uninstal it form the Toshiba CD.
I have the printers drivers for several month and I just have this problem now...The Netgar program was working last week. But I can try removing some, I dont have all that printers now.
I can also check what run in one profile and what in the other...Any sugestions how to do it with out writting one by one on a piece of paper?
Can you suggest a more suitable forum?

THANKS!

 

[Rollin' Rog]

I suppose it could go to either Hardware, since you are dealing with peripheral devices, or possible All Other Software.

It would be best to start a fresh topic. Let me know if you do that and I will close this one.

You could run a HijackThis Scanlog for the alternate profile to compare with.

Do the two profiles have the same administrative priveleges?

If you don't have the other printers you should uninstall the software for them and ensure those startups in the Scanlog do not remain.

lop.com is a "search page" hijack. I don't actually see evidence of it in this Scanlog. I believe there is a purchased and a free version of Messenger Plus 3 and the adware is only installed with the more recent free version.

http://www.google.com/search?q=lop.com+messenger+plus+3&sourceid=opera&num=0&ie=utf-8&oe=utf-8

 

[Daniellla]

ok, you can delete this one...I have posted on the softwear forum (not answers so far) and THANKS!

 

[Rollin' Rog]

I won't delete it, you can come back to it if you have any reason to think a "security" problem has re-emerged. It's just that there doesn't seem to be one involved at the momemt.

 

[Daniellla]

Well, it may not be a security reason, but it not been able to open the sofwear from Canon in my main identity is driving me crazy...I did a HijackThis Scanlog for the alternate profile and compare it..and there are identical! Did I did it right?
You can see them at
http://forums.techguy.org/showthread.php?t=271931

I belive the two profiles have the same administrative priveleges. But...how can I be sure? In Control Panel, user account, both say computer administrator...

 

[Rollin' Rog]

You're right I don't see any differences in the profiles either. I would have thought maybe the lexmark or epson entries might be conflicting, but both are present in both profiles. What strikes me is they are TOO identical, including the same start pages, kontiki, and google add-ons ??

I don't think the administrator rights is an issue if the software installed originally. But in addition to the control panel, you can open a command prompt in a given profile and enter:

net user

to see the administrative priveleges for the computer.

It's just possible the "Daniella" profile is damaged in some way.