Active Windows Keep getting sent to Background!???

[msteg]

Alright, I've posted on this site before to get help with spyware removal, and I was very pleased with everyone's help not only in cleaning up my computer but in your fast response times.

Anyway, now that that's been said... I need help with another problem.

Lately I've been having a problem with my current active window getting sent to the background without actually clicking on or doing anything else to send it there. For example, I'll be typing in MS Word, and suddenly I'll notice that my typing isn't registering and to my dismay I realize that once again the window was sent to the background. I'm not saying that the window gets minimized, but it acts like I've clicked on another window which would send my current window to the background. This happens with just about every program I run (Firefox, Internet Explorer, Games, etc...)

Does anyone know what could be doing this??

From my experience with your spyware forums, I took a HJT log and attached it below.

Let me know if anyone has any advice.

Thanks,
msteg

Logfile of HijackThis v1.99.1
Scan saved at 11:44:56 AM, on 9/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Spyware\Ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07. exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINNT\system32\ctfmon.exe
D:\hal life 2\valve\steam\steam.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPMAIN.EXE
C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
D:\Mozilla - Firefox\firefox.exe
C:\Documents and Settings\Matt\Desktop\utorrent-1.5.1-beta-build-463.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Winamp\winamp.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINNT\system32\s1940.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINNT\system32\s1940.dll
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07. exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InstantAccess] "C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\mobile PhoneTools\WatchDog.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] "C:\Program Files\USBToolbox\Res.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\hal life 2\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\CONNEC~1\SsAAD.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPMAIN.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124660956154
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?325
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{658AD5D1-CBE9-4088-889A-0A2B54A187D6}: NameServer = 68.87.68.162,68.87.68.162
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Spyware\Ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RadClock - Unknown owner - C:\Program Files\RadLinker\RadClock.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[Pancake]

I dont see any malware in you log.Sounds more like a keyboard problem...maybe someone else might be able to throw som light on it.

[msteg]

Anyone else have any insight on this?

Thanks again,
msteg

[Mobo]

It could be the additional internet explorer toolbars you have installed. I have seen similar instances and that was the case. we can try something.

Run hijackthis and put a check next to each of these :

O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINNT\system32\s1940.dll

O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINNT\system32\s1940.dll

Then have hijack fix both.

Now reboot and try it out.


It could also be a conflict with so many ucurity programs running:
McAfee, webroot, Microsoft antispyware, and ewido

[msteg]

Before I remove these toolbars I want you to know that I have had these toolbars (Stumble Upon, etc.) installed for several months/years without incident. It has only been the past few weeks that this issue has arisen. Also, windows have been sent to the background even without an internet browser window being open. For example, the problem still occurs when I'm typing in MS Word with that being the ONLY window open.

Do you still feel that these toolbars are the problem? If so, I have no issues with removing them, but I am not totally convinced that they are the issue.

I will uninstall ewido now to see if that is causing any problems. But, I would like to keep webroot, mcafee, windows defender installed to prevent as much future spyware/malware as possible.

Let me know what you think.

Thanks,
msteg

[Mobo]

For your sanities sake we can try disabling a couple of programs and see what happens. They are easy to re-enable anyway so lets try.

Start / run / msconfig

Uncheck anything webroot and ewido. Then tick apply and reboot when prompted.


After the restart try things out and see if it still occurs.

[msteg]

ok. I tried disabling all the security programs (Mcafee, windows defender, ewido, and webroot) using msconfig, but to no avail. The problem is still occuring even with these programs disabled.

I'm going to try to remove the toolbars using HJT and see if that works.

Any other suggestions though?

Thanks

[msteg]

The problem is still occuring. At the advice of a friend of mine I downloaded "process explorer" to try to see what was taking over when my current window got sent to the background, but I'm not exactly sure that is providing any useful information.

Any ideas?

[goosemaster]

I am having the same problem. It would be great to have this figured out "its quite annoying "