Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer Error


  • This topic is locked This topic is locked
9 replies to this topic

#1 JCDarkstar

JCDarkstar

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 23 February 2008 - 11:23 AM

Computer:
Operating System Microsoft Windows XP Home Edition
OS Service Pack Service Pack 2
DirectX 4.09.00.0904 (DirectX 9.0c)

Operating System Microsoft Windows XP Home Edition 5.1.2600 (WinXP Retail)

Motherboard:
CPU Type Intel Pentium 4, 3400 MHz (17 x 200)
Motherboard Name Asus P4SD-LA (3 PCI, 1 AGP, 4 DDR DIMM, Audio, Video, LAN)
Motherboard Chipset Intel Breeds Hill i848P
System Memory 1024 MB (PC3200 DDR SDRAM)
BIOS Type AMI (08/27/04)

Problem: Windows explorer.exe error

AppName: explorer.exe
AppVer: 6.0.2900.3156
ModName: Unknown
ModVer: 0.0.0.0
offset: many and varied

What it does: So far it briefly makes all the Icons on the desktop disappear/reappear then gives the above every time you shut down a file or folder, whether it be, pictures, video or music. I have not tried to see if this affected any windows files or folders as yet, but I am assuming that I will get the same error message. On 2 or 3 occasion I have received a Dr Watson error and then the whole system froze except I could get into the task manager to restart my system. This all started just recently, but the error are showing up on the msinfo32/software Environment/Windows Error Reporting page as far back as 31/01/2008, which read like this, (31/01/2008 17:35 Application Error Faulting Application, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.


Any help with this matter would be appreciated as I have come across this problem on a friends computer and it is at the early stages, i.e. the desktop Icons briefly disappear/reappear, but no error message.

Here is my HighJack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:27, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\WinTV\EPGSER~1\System\EPGCLI~1.EXE
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Belkin\Bluetooth Software\BTStackServer.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [EPGServiceTool] "C:\PROGRA~1\WinTV\EPGSER~1\System\EPGCLI~1.EXE" /Minimize
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10785 bytes

I have ran all the usual Spyware, Virus, Rootkit software, both in normal windows and safe startup to no avail.

Please help as this is driving me up the wall and I am close to formatting the hard drive and installing Linux!!!

BC AdBot (Login to Remove)

 


m

#2 JCDarkstar

JCDarkstar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 25 February 2008 - 12:58 PM

Computer:
Operating System Microsoft Windows XP Home Edition
OS Service Pack Service Pack 2
DirectX 4.09.00.0904 (DirectX 9.0c)

Operating System Microsoft Windows XP Home Edition 5.1.2600 (WinXP Retail)

Motherboard:
CPU Type Intel Pentium 4, 3400 MHz (17 x 200)
Motherboard Name Asus P4SD-LA (3 PCI, 1 AGP, 4 DDR DIMM, Audio, Video, LAN)
Motherboard Chipset Intel Breeds Hill i848P
System Memory 1024 MB (PC3200 DDR SDRAM)
BIOS Type AMI (08/27/04)

Problem: Windows explorer.exe error

AppName: explorer.exe
AppVer: 6.0.2900.3156
ModName: Unknown
ModVer: 0.0.0.0
offset: many and varied

What it does: So far it briefly makes all the Icons on the desktop disappear/reappear then gives the above every time you shut down a file or folder, whether it be, pictures, video or music. I have not tried to see if this affected any windows files or folders as yet, but I am assuming that I will get the same error message. On 2 or 3 occasion I have received a Dr Watson error and then the whole system froze except I could get into the task manager to restart my system. This all started just recently, but the error are showing up on the msinfo32/software Environment/Windows Error Reporting page as far back as 31/01/2008, which read like this, (31/01/2008 17:35 Application Error Faulting Application, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.


Any help with this matter would be appreciated as I have come across this problem on a friends computer and it is at the early stages, i.e. the desktop Icons briefly disappear/reappear, but no error message.

Here is my HighJack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:33, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\WinTV\EPGSER~1\System\EPGCLI~1.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin\Bluetooth Software\BTStackServer.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [EPGServiceTool] "C:\PROGRA~1\WinTV\EPGSER~1\System\EPGCLI~1.EXE" /Minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10530 bytes


I have ran all the usual Spyware, Virus, Rootkit software, both in normal windows and safe startup to no avail.

Please help!!!

#3 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:07:43 AM

Posted 14 March 2008 - 05:22 PM

Hello JCDarkstar

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Next
Please do an online scan with Kaspersky WebScanner

Click on Accept Button

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#4 JCDarkstar

JCDarkstar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 17 March 2008 - 06:53 PM

Hi Don77

Thank you for you help and yes I still have the same problem, although now I just close down any open programs or files from the bottom of the screen by right clicking and clicking on close. That way I don't get the error window. Please find the text file you requested, although I am unable to give you a Kaspersky WebScanner report as I use Mozilla Firefox as my Internet Browser and cannot install ActiveX controls. Would a report from Dr Web's "Cureit" not suffice. Please let me know in your next reply...

Thank you in advance for any help with this matter...

Main Text:

Deckard's System Scanner v20071014.68
Run by John Coverley on 2008-03-17 23:43:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as John Coverley.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:19, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\Program Files\Belkin\Bluetooth Software\BTStackServer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\John Coverley\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\John Coverley.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10351 bytes

-- Files created between 2008-02-17 and 2008-03-17 -----------------------------

2008-03-17 22:08:04 0 dr-h----- C:\Documents and Settings\John Coverley\Recent
2008-03-09 16:58:45 5120 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-03-07 14:30:41 0 d-------- C:\Program Files\Activision
2008-03-05 08:56:57 0 d-------- C:\Program Files\HDSCRUB
2008-03-04 22:46:44 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-04 22:46:42 0 d-------- C:\Program Files\Windows Live Favorites
2008-03-04 22:40:35 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-04 22:40:18 0 d-------- C:\Program Files\Windows Live
2008-03-04 22:40:02 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 10:26:06 0 d-------- C:\Program Files\Crawler
2008-02-28 10:25:48 138752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-28 10:25:47 0 d-------- C:\Documents and Settings\John Coverley\Application Data\Spyware Terminator
2008-02-28 10:25:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-28 10:25:44 0 d-------- C:\Program Files\Spyware Terminator
2008-02-26 12:32:54 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2008-02-26 12:26:39 0 d-------- C:\Documents and Settings\Default User\Application Data\Google
2008-02-26 11:47:36 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-26 11:46:47 0 d-------- C:\Program Files\Common Files\iS3
2008-02-26 11:46:47 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-24 16:20:54 0 d-------- C:\Program Files\Trend Micro
2008-02-22 23:28:52 0 d-------- C:\Documents and Settings\John Coverley\Application Data\Uniblue
2008-02-22 08:11:31 0 d-------- C:\Program Files\Security Task Manager
2008-02-21 22:40:17 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-21 21:33:58 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-21 10:17:19 0 d-------- C:\Documents and Settings\John Coverley\DoctorWeb
2008-02-18 23:16:35 0 d-------- C:\Program Files\AV Music Morpher Gold


-- Find3M Report ---------------------------------------------------------------

2008-03-17 16:46:17 0 d-------- C:\Documents and Settings\John Coverley\Application Data\AVG7
2008-03-17 11:14:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-16 20:27:06 0 d-------- C:\Documents and Settings\John Coverley\Application Data\iolo
2008-03-14 03:53:21 0 d-------- C:\Program Files\Lx_cats
2008-03-14 01:31:48 0 d-------- C:\Program Files\Paint.NET
2008-03-13 20:09:20 1024 -r-h---c- C:\WINDOWS\system32\NTIBUN4.dll
2008-03-13 20:08:15 100 --a------ C:\AUTOEXEC.BAT
2008-03-13 20:07:31 1024 -r-h---c- C:\WINDOWS\system32\NTIMP3.dll
2008-03-13 20:07:31 1024 -r-h---c- C:\WINDOWS\system32\NTIFCD3.dll
2008-03-13 20:07:30 1024 -r-h---c- C:\WINDOWS\system32\NTIMPEG2.dll
2008-03-13 20:07:30 1024 -r-h---c- C:\WINDOWS\system32\NTICDMK7.dll
2008-03-12 12:18:53 0 d-------- C:\Documents and Settings\John Coverley\Application Data\gtk-2.0
2008-03-10 19:09:01 0 d-------- C:\Program Files\Google
2008-03-10 14:21:04 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-03-10 14:20:03 0 d-------- C:\Program Files\WinTV
2008-03-10 14:17:35 0 d-------- C:\Documents and Settings\John Coverley\Application Data\SUPERAntiSpyware.com
2008-03-10 14:17:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-07 20:32:28 23 --a------ C:\WINDOWS\popcinfot.dat
2008-03-07 20:15:39 0 d-------- C:\Program Files\Steam
2008-03-04 22:40:35 0 d-------- C:\Program Files\Common Files
2008-02-28 19:23:33 0 d-------- C:\Documents and Settings\John Coverley\Application Data\Real
2008-02-28 06:45:06 0 d-------- C:\Documents and Settings\John Coverley\Application Data\Adobe
2008-02-25 20:06:20 0 d-------- C:\Program Files\DAZ
2008-02-25 19:55:54 0 d-------- C:\Program Files\Common Files\DAZ
2008-02-24 16:45:20 0 d-------- C:\Documents and Settings\John Coverley\Application Data\Smart PC Solutions
2008-02-23 08:55:59 0 d-------- C:\Documents and Settings\John Coverley\Application Data\Google
2008-02-13 22:35:56 0 d-------- C:\Program Files\THQ
2008-02-07 11:52:13 0 d-------- C:\Program Files\IVCsoft
2008-02-05 17:18:38 24064 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-02-05 17:18:38 32768 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-01-31 00:04:57 0 d-------- C:\Program Files\CCleaner
2008-01-29 19:20:06 0 d-------- C:\Program Files\Zoom
2008-01-28 22:15:03 0 d-------- C:\Program Files\Common Files\IviSDK
2008-01-28 22:15:00 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-26 17:51:26 0 d-------- C:\Program Files\QuickTime
2008-01-24 18:37:26 0 d-------- C:\Documents and Settings\John Coverley\Application Data\SystemRequirementsLab
2008-01-24 09:36:12 0 d-------- C:\Program Files\TopOCR
2008-01-23 23:08:48 0 d-------- C:\Program Files\SigmaTel
2008-01-23 22:56:47 0 d-------- C:\Program Files\MP3 Player Utilities
2008-01-23 16:31:33 0 d-------- C:\Program Files\Transparent Windows
2008-01-23 03:15:21 0 d-------- C:\Program Files\SimpleOCR
2008-01-21 22:45:27 0 d-------- C:\Documents and Settings\John Coverley\Application Data\vlc
2008-01-18 16:04:07 0 d-------- C:\Program Files\3GP Player
2008-01-10 15:50:36 180224 --a------ C:\WINDOWS\system32\dzwrapper.dll
2008-01-10 15:50:34 32256 --a------ C:\WINDOWS\system32\dzbryce6.dll
2008-01-10 15:46:32 65536 --a------ C:\WINDOWS\system32\dzcarrara.dll
2008-01-10 15:46:22 8720384 --a------ C:\WINDOWS\system32\dzcore.dll
2008-01-10 13:00:44 6131712 --a------ C:\WINDOWS\system32\daz-qt-mt.dll
2008-01-10 13:00:44 1785856 --a------ C:\WINDOWS\system32\daz-qsa.dll
2008-01-10 12:56:20 2076672 --a------ C:\WINDOWS\system32\dz3delight.dll
2008-01-05 15:17:50 0 --a------ C:\Documents and Settings\John Coverley\Application Data\wklnhst.dat
2007-12-21 10:42:16 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-12-21 10:42:16 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [05/03/2008 11:22]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"Motive SmartBridge"="C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe" [09/12/2004 11:02]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [20/12/2007 21:41]
"VX3000"="C:\WINDOWS\vVX3000.exe" [13/10/2006 16:04]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [04/06/2004 09:58]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [13/12/2007 10:40]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41]
"WService"="WService.EXE" [04/03/2002 04:00 C:\WINDOWS\system32\WService.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/08/2007 15:43]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [28/02/2008 10:25]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [17/03/2004 16:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 23:56]

C:\Documents and Settings\John Coverley\Start Menu\Programs\Startup\
Transparent Windows.lnk - C:\Documents and Settings\John Coverley\Application Data\Microsoft\Installer\{26E30F32-01C0-47EF-930B-D36B676B86A9}\_294823.exe [23/01/2008 16:31:33]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [08/08/2002 09:36:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXSHOW95.EXE]
EXSHOW95.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WService]
WService.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48b47606-e16e-11db-86fb-806d6172696f}]
AutoRun\command- H:\Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2008-03-17 23:43:40 ------------

Extra Text:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.40GHz
CPU 1: Intel® Pentium® 4 CPU 3.40GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1023.29 MiB / 514.95 MiB
Pagefile Memory (total/avail): 2463.22 MiB / 1963.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.25 MiB

C: is Fixed (NTFS) - 229.98 GiB total, 184.1 GiB free.
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Fixed (FAT32) - 3.76 GiB total, 3.6 GiB free.
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 7Y250M0 - 233.76 GiB - 2 partitions
\PARTITION0 - Unknown - 3.77 GiB - H:
\PARTITION1 (bootable) - Installable File System - 229.98 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: COMODO Firewall Pro v2.3.035 (COMODO)
AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\John Coverley\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-NA5J551N7A
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\John Coverley
LOGONSERVER=\\HOME-NA5J551N7A
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JOHNCO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JOHNCO~1\LOCALS~1\Temp
USERDOMAIN=HOME-NA5J551N7A
USERNAME=John Coverley
USERPROFILE=C:\Documents and Settings\John Coverley
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

John Coverley (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\BTTOTA~1\Help\Uninstall.exe btbb
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AV Music Morpher Gold --> C:\Program Files\AV Music Morpher Gold\uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Belkin Bluetooth Software 1.2.2.16 --> MsiExec.exe /X{0F51A262-1ADF-4914-B448-78AC58C4178A}
BT Broadband Help --> C:\WINDOWS\Motive\btbb\MCCUninst.exe
BT Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.2 Patch --> C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.3 Patch --> C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Crawler Toolbar with Web Security Guard --> C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
DAZ|Studio1.8.2.1 --> C:\WINDOWS\unvise32.exe C:\Program Files\DAZ\Studio\DAZ Studio Uninstall.log
Dedicated Server --> "C:\Program Files\Steam\steam.exe" steam://uninstall/5
Driver Genius Professional Edition 2006 6.2.1525 --> "C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
File Shredder 2.0 --> "C:\Program Files\File Shredder\unins000.exe"
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
GIMP 2.4.2 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Episode One --> "C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast --> "C:\Program Files\Steam\steam.exe" steam://uninstall/340
Hard Disk Scrubber v2.1 --> "C:\Program Files\HDSCRUB\unins000.exe"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 1.99.1 --> C:\Documents and Settings\John Coverley\Desktop\Hijack This\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
InterVideo FilterSDK for Hauppauge --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
iolo technologies' System Mechanic 7 --> "C:\Program Files\iolo\System Mechanic 7\unins000.exe"
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark 5200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBTUNST.EXE -NOLICENSE
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX Transform optional components --> RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft LifeCam --> MsiExec.exe /X{8CFC7570-DD90-486E-A239-E31D455BDE93}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
Microsoft Works 2004 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP I:\
Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} BUN4
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} CDM7
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Paint.NET v3.30 --> MsiExec.exe /X{FF09A6A1-4DE5-467D-AA26-EF18C0EA4DAB}
PCI Audio Applications --> C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe
PCI Audio Driver --> cmuninst.exe
Peggle Extreme --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3483
Pixia --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}\setup.exe" -l0x9 UNINSTALL
Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
Portal --> "C:\Program Files\Steam\steam.exe" steam://uninstall/400
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0003] --> "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
SigmaTel MSCN Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9B59DAD-86AC-456C-80A7-B665E77AA325}\Setup.exe" -l0x9
SigmaTel MSCN Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}\setup.exe" -l0x9
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Source Dedicated Server --> "C:\Program Files\Steam\steam.exe" steam://uninstall/205
Source SDK --> "C:\Program Files\Steam\steam.exe" steam://uninstall/211
Source SDK Base --> "C:\Program Files\Steam\steam.exe" steam://uninstall/215
Source SDK Base - Orange Box --> "C:\Program Files\Steam\steam.exe" steam://uninstall/218
SpeedBit Video Accelerator --> C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
Team Fortress 2 Dedicated Server --> "C:\Program Files\Steam\steam.exe" steam://uninstall/310
TopOCR 2.5 --> C:\Program Files\TopOCR\uninst.exe
Transparent Windows --> MsiExec.exe /I{26E30F32-01C0-47EF-930B-D36B676B86A9}
Ulead PhotoImpact 3.02 --> C:\WINDOWS\ULEAD.DAT\uninst.exe /f:PI32.INF
Video mp3 Extractor --> "C:\Program Files\Video mp3 Extractor\unins000.exe"
VideoEgg Publisher --> C:\Documents and Settings\John Coverley\Application Data\VideoEgg\Uninstall.exe
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Zoom ADSL Modem --> C:\Program Files\Zoom\Adsl\uninstall.exe
Zoom ADSL Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52C8CFE4-7C7C-11D7-A021-0060979CE4D3}\Setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type12288 / Success
Event Submitted/Written: 03/17/2008 07:57:27 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12247 / Success
Event Submitted/Written: 03/16/2008 10:35:28 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12233 / Error
Event Submitted/Written: 03/16/2008 08:30:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Event Record #/Type12232 / Error
Event Submitted/Written: 03/16/2008 08:16:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module piclens.dll, version 0.0.0.0, fault address 0x000da6e2.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type12213 / Success
Event Submitted/Written: 03/16/2008 06:18:29 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type34043 / Error
Event Submitted/Written: 03/17/2008 04:46:09 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Event Record #/Type34042 / Error
Event Submitted/Written: 03/17/2008 04:46:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The nVidia WDM A/V Crossbar service failed to start due to the following error:
%%2

Event Record #/Type34041 / Error
Event Submitted/Written: 03/17/2008 04:46:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The nVidia WDM Video Capture (universal) service failed to start due to the following error:
%%2

Event Record #/Type34040 / Error
Event Submitted/Written: 03/17/2008 04:46:07 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HID Input Service service terminated with the following error:
%%2

Event Record #/Type34024 / Error
Event Submitted/Written: 03/17/2008 11:57:35 AM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk5\D.



-- End of Deckard's System Scanner: finished at 2008-03-17 22:18:26 ------------

Thanks again.

#5 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:07:43 AM

Posted 17 March 2008 - 08:45 PM

Would a report from Dr Web's "Cureit" not suffice.


That would be helpful please do,, I need to have someone have a look at the error codes to see if we can come up with anything there, I m not seeing any visible signs of malware at the moment

#6 JCDarkstar

JCDarkstar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 18 March 2008 - 10:05 AM

The Dr Web "Cureit" file is to big to put in here, but this is the last bit:

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 241252
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 637 Kb/s
Scan time: 01:15:23
-----------------------------------------------------------------------------

Is there any other way that I could get the whole file to you or don't you need it.

#7 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:07:43 AM

Posted 18 March 2008 - 09:42 PM

Infected objects found: 0

That right there is all we really need to see

Could you give me an update to exactly what the status of the machine is and what problems your still having if any please

#8 JCDarkstar

JCDarkstar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 21 March 2008 - 04:28 AM

As requested, I am still getting this error message when closing down folders using the "X" in the top right corner of the folder, but I don't get it if I close down by right clicking the folder on the task bar at the bottom of the screen and clicking close:

Problem: Windows explorer.exe error

AppName: explorer.exe
AppVer: 6.0.2900.3156
ModName: Unknown
ModVer: 0.0.0.0
offset: many and varied

#9 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:07:43 AM

Posted 21 March 2008 - 12:34 PM

I would advise you to start a new topic in the XP Forum post the error message your receiving and let them know you have run through the malware forum and were directed to start a new topic as there are no signs of malware causing this problem.


Best of luck

Don.

Also some reading for you as well :thumbsup:

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
I recommend you regularly visit the Windows Update Site , you where lagging behind on a few of them!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Another recommend, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

#10 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:07:43 AM

Posted 22 March 2008 - 11:24 AM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users