Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

%SystemDrive% on desktop after fix & scans; win media player probs


  • This topic is locked This topic is locked

#1
Lopf

Lopf

    Member

  • Member
  • PipPip
  • 26 posts
hello geeks-to-go,

i have two seemingly related problems:

a couple weeks ago i had some malware on my computer, and you guys did an excellent job helping me get rid of them. thank you very much. here's that thread, just for reference: http://www.geekstogo...s...=123546&hl=

1. today i decided to run some of the software you recommended at the end of the above thread. i ran ad-aware, spybot, and spyware blaster. shortly thereafter, i noticed a folder named "%SystemDrive%" had appeared on my desktop. i don't know where it came from, or how to get it back to where it belongs.

the details:

the folder contains "documents and settings," which contains a folder with my login name (Mike), which contains a folder called "application data," which contains "microsoft," which contains "CryptnetUrlCache" and "SystemCertificates."

"CryptnetUrlCache" contains two folders, which contain a couple of what seem to be .dll files.

"SystemCertificates" contains folders, which contains a folder, which contain empty folders.

2. the second part of the puzzle also started happening immediately after i used the anti-adware software: when i restart my computer i get an error pop-up regarding my windows media player. furthermore, any time i try to click on any type of media file, i get an error pop-up and windows explorer closes. the only way i can play video or audio files is to open windows media player or another player such as winamp, and then open the audio or video files from within the player. however, i can't cut-and-paste media files, or rename them, or manipulate them in any way, because the folder crashes any time i click on them.

forgive me if i have posted this problem in the wrong forum. it's just that it seems to be related to the software i ran which you guys recommended when you helped me remove the malware. i am not griping at you or blaming you; quite the contrary, you helped me out big time. i just figure you may know what's going on & how to fix it.

to sum up, i've got two problems: first, "%SystemDrive%" folder has appeared on my desktop, seemingly as the result of running anti-adware software. secondly, when i use windows explorer or when i go into my hard drive through "my computer," every time i click on a media file an error pops up and the folder closes itself.

:whistling: at least for now, i can work around these problems, but it's kind of a pain in the behind. and, i can't rename or manipulate media files in any way, like moving them or cutting-and-pasting them, because the folder crashes when i try to do so. i would very much appreciate any help you can give me to get it all straightened out. :blink:

if any of this has been less than clear, i will be happy to go into more details or try to restate the problem more clearly.

thank you in advance,

mike

edit the next day: also, my firefox keeps giving me an error pop-up and shutting down, usually just after i've written somebody a long, heartfelt email and hit send, whereupon i get "an error has been generated and firefox is shutting down," and my long heartfelt email is suddenly consigned to oblivion.

all these problems began after i ran the three anti-adware programs mentioned above.

Edited by Lopf, 15 August 2006 - 11:35 AM.

  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi Mike,

My name is Sam. I'm going to help you work through these issues that you've described.

First let's take a look at this folder - %SystemDrive%
Please right click on it and select Properties.

Under the General tab, you should see something that says either Type or Type of file
Can you tell which one and then what it says next to that?


The other issue may be caused by a bad media codec.
Do you recall installing anything like that recently?


I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

  • 0

#3
Lopf

Lopf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
hello,

when i right click on %SystemDrive%, in Properties it says "Type:" and then next to it, "File Folder".

i have not intentionally downloaded any codecs lately; however, in the past i have encountered occasional media files which caused the folder they were in to crash (as i've described), it just seems now it's doing it every time i click on any media file at all.

thank you for your reply.

oh, here's that save list:

µTorrent
AAApeg
ABC (remove only)
AC3Filter (remove only)
AceMoney Lite
Actiontec Gateway
Active Worlds
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Reader 7.0.8
Adobe Shockwave Player
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead NeroMediaPlayer
America Online (Choose which version to remove)
Angband 3.0.6
AngelPotion Video Codec V1
AOL Coach Version 1.0(Build:20030807.3)
AOL Spyware Protection
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Auto Gordian Knot 0.8
AviSynth 2.5
Bin 2 ISO Converter v2.0
BitTornado 0.3.7
Blogger For Word
CA eTrust PestPatrol
CC_ccProxyMSI
CC_ccStart
ccCommon
Chess Mentor 2.0
Civilization III - Play the World v1.27F
Civilization III v1.29f
CleanUp!
Data Lifeguard Tools
DivX 5.0.3 Bundle
DreamStation DXi2
Elecard MPEG2 Player
EPoX Magic BIOS
Fraunhofer MP3 Codec Pro 1.263
Fritz7
GameSpy Arcade
Google Earth
Google Toolbar for Internet Explorer
Guitar Pro 5.0
HijackThis 1.99.1
Hotfix for MDAC 2.80 (KB911562)
HP DeskJet 720C Series (Remove only)
Image Transfer
ImageMixer for Sony
Internet Explorer Q903235
Invision 2.0 Build 3515
Ipswitch WS_FTP Pro
J2SE Runtime Environment 5.0 Update 8
Kaspersky On-line Scanner
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Gaming Software
Macromedia Flash Player 8
Medieval - Total War ™
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseball 2001
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Money 2005
Microsoft Picture It! Premium 10
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MicroStaff WINASPI
mIRC
Mjuice Components
Mozilla Firefox (1.5.0.6)
MSN
MSN Messenger 7.0
MSRedist
Music Creator 2
Nero - Burning Rom
NewsBin Pro 3.3
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
n-Track Studio
NVIDIA nForce Drivers
Oak Systems Sudoku
OhmForce Ohmygod VST2
OverDrive Media Console
PANDA-EGG
PANDA-IGS
QuickTime
RealPlayer
Realtek AC'97 Audio
rgcAudio Triangle II DXi2
Sandlot Games Client Services
Sandlot Games Client Services 1.2.2
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Windows 2000 (KB904706)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
setup (Remove only)
Sid Meier's Civilization 4
Sony ACID Pro 5.0
Sony USB Driver
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Symantec Script Blocking Installer
Synth1
TablEdit 2.64
TEFView 2.64
Ulead DVD PictureShow
Uninstall DSI V.90 MODEM
Uninstaller
Update Rollup 1 for Windows 2000 SP4
Viewpoint Media Player
Virtual Sound Canvas DXi
VobSub v2.23 (Remove Only)
Winamp (remove only)
WinBoard
Windows 2000 Hotfix - KB834707
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB889293
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB896727
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899588
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB905915
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908523
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB911567
Windows 2000 Hotfix - KB912812
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB916281
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917159
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917537
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918439
Windows 2000 Hotfix - KB918899
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921883
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix (SP5) Q818043
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinRAR archiver
WinShogi
Xfire (remove only)
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Engine
Yahoo! Toolbar


mike
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
On a note that is unrelated to what we working on now, this program should be uninstalled.

Viewpoint Media Player


Our best course of action, and one that should resolve both issues, seems to be to create a new profile for you. Are you the only user on this computer?


I would also like to review a current hijackthis log from you just in case something new has popped up since we last cleaned you up.
  • 0

#5
Lopf

Lopf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
hello,

i deleted viewpoint media player. i have no idea how that got on my computer. my brother-in-law house sat for us a couple months ago, and he installed a few things on my computer, it may have been him.

by profile, do you mean the name and password i have to enter when i restart my computer? yes, i'm the only user. well, my wife and me, but we both use the same profile.

when i create a new profile, will i still have access to all the stuff on my computer? or will i need to first backup some stuff?

here's that hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:16:25 AM, on 8/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\Ati2evxx.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\regsvc.exe
F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
F:\WINNT\system32\MSTask.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINNT\wanmpsvc.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINNT\system32\Ati2evxx.exe
F:\WINNT\SOUNDMAN.EXE
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\Program Files\QuickTime\qttask.exe
F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
F:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
F:\Program Files\Logitech\Profiler\lwemon.exe
F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
F:\Program Files\microsoft money 2005\MNYCoreFiles\mnybbsvc.exe
F:\WINNT\system32\svchost.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINNT\explorer.exe
F:\Documents and Settings\Mike\Desktop\virus stuff\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - F:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] F:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "F:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ymetray] "F:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "F:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = F:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Image Transfer.lnk = F:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Dump Linked Images (VistaPerfect) - F:\WINNT\web\vp_listimg.htm
O8 - Extra context menu item: Open Linked Image (VistaPerfect) - F:\WINNT\web\vp_openresize.htm
O8 - Extra context menu item: Preload Linked Images (VistaPerfect) - F:\WINNT\web\vp_scrape.htm
O8 - Extra context menu item: Resize This Image (VistaPerfect) - F:\WINNT\web\vp_resize.htm
O8 - Extra context menu item: Save Linked Images (VistaPerfect) - F:\WINNT\web\vp_listimgsave.htm
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Slideshow all Linked Images (VistaPerfect) - F:\WINNT\web\vp_links.htm
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.game...nx.1.0.0.55.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {8C6A9DCC-6603-11D1-9236-00C04FBFD1C2} (VistaPerfect) - file://F:\Documents and Settings\Mike\Local Settings\Temp\VP.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...r/goldfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O18 - Protocol: vp - {712ADA35-75B1-11D1-9248-00C04FBFD1C2} - F:\WINNT\DOWNLO~1\VPCntl.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - F:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINNT\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINNT\wanmpsvc.exe

Edited by Lopf, 20 August 2006 - 08:13 AM.

  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
You won't lose anything. We'll create the new profile and then move everything from your old profile to the newly created one.

Go to Start > Control Panel

Double-Click User Accounts
Choose Create a new Account
Type any name for the account then click Next
Choose Computer Administrator then click Create Account

Log off your current account.

Reboot your computer, then log-in to the new account you just created.


Please follow all instructions exactly - I would advise printing them out:

1.) I need you to create a third Administrator account.

2.) Log-off your account and log-in to the third account.

3.) Go into Windows Explorer. You can get to Windows Explorer by going to Start > Run and typing: explorer
Once in Windows Explorer, go up to View > Explorer Bar and put a check next to "Folders".

4.) Then go up to Tools > Folder Options. Click the "View" tab and click "Show Hidden Files and Folders". UNcheck "Hide File Extensions for known file types" and UNcheck "Hide protected operating system files"

5.) Navigate to this folder:

C:\Documents and Settings\Old Username

Old Username is not the actual name of that folder. The name of this folder is whatever name you have for the account with problems.

Once inside that folder, PRESS and HOLD the Ctrl key. Then use your mouse and LEFT-click ALL files and folders to highlight them EXCEPT the following:

Ntuser.dat
Ntuser.dat.log
Ntuser.ini

Do NOT highlight those 3 files.

Once all files and folders are highlighted (except the above three!) go up to "Edit > Copy"

Now, navigate to this folder:

C:\Documents and Settings\New Username

New Username is whatever the name of your second account (make sure it's NOT the 3rd account!)

Once inside that folder, go up to "Edit > Paste"

Now, log-off the third account and log-in into the second account and your data will be there now. :whistling:

If you use Outlook Express for your e-mails, please follow the instructions in this topic to move the e-mails/address book to your new profile:

http://support.micro....com/kb/313055/


Let me know how it goes.
  • 0

#7
Lopf

Lopf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
okay. that weird folder is no longer on my desktop. when i was copying/pasting into my new administrator account, i specifically chose not to include that one when i copied the stuff from the orginial admin account desktop to the new admin account desktop.

however, i'm still having the problem with the audio and video files. every time i try to click on them, i get the following error: "explorer.exe has generated errors and will be closed by windows. you will need to restart the program."

i haven't messed around with firefox long enough to see if it's still crashing. when it was crashing, it wouldn't do it right away; usually it only did it after i'd been on the web for a few minutes.

thanks!

mike

Edited by Lopf, 20 August 2006 - 09:37 PM.

  • 0

#8
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's see if we can get a clue to what's causing this.
Recreate the error by clicking on a media file.

Click Start -> Run -> eventvwr.msc

Look in SYSTEM and APPLICATIONS for anything around the time that the last error occured.
Double click on anything you see with a red X, press the Copy button, and then paste it here in your next reply.
  • 0

#9
Lopf

Lopf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
i recreated the error, then ran the Event Viewer as you directed. i could find no red x "error" listed at the time of the error, but in the Application Log there was an "information", which did occur at the time of the error. i double-clicked on it, and here's stuff it contained which may be relevant:

* * *
Event
Source: Winlogon
Category: None
Type: Information
Event ID: 1002

Description: The shell stopped unexpectedly and Explorer.exe was restarted.
* * *

note: once, while i was scrolling through the event log, i got an error that said something like "mmc.exe has generated errors and will be restarted," and then the event viewer shut down. i restarted it, and after that there was no recurrence.

just in case this makes any difference, i'd like to point out that i wasn't having this problem with media files until right after i ran ad-aware, spybot, and spyware blaster. i realize this doesn't necessarily mean there is a cause-and-effect relationship, but the coincidence is at least compelling.

thanks!

mike

Edited by Lopf, 21 August 2006 - 11:07 PM.

  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
With what you are describing, a bad media codec is nearly always the culprit. I can't see that there would be any connection to Spybot or Adaware. However, I learn new stuff everyday, so let's take a look at that. :whistling:

Did either of those programs remove anything on the scan prior to your problems beginning?

To get to a log in Adaware, click on the icon at the top that looks like a lock. You should be presented with a list of auto quarantined logs. Select the one that would just prior to these problems and then click Item log at the bottom. You'll get a log that you can post here.

In Spybot, click Mode and select Advanced Mode(if you're not already there).
Then along the left side, select Tools -> View Report
Click View previous report. The reports should be listed Fixes. followed by the date.
Copy the text that appears and post it here.


===========


Now let's see if we can get some more information on the media codecs that you have installed.
Download Sherlock - The Codec Detective from here.

http://www.updatexp.com/sherlock

Run the program and click Save. You'll get a log that will open up.
Please post that log here also.


Note that you may need to post these logs in separate posts if they are very long.

  • 0

Advertisements


#11
Lopf

Lopf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
cool.

here's those logs. i'm posting the anti-spyware logs in this post, and the codecs log in the next post:

AD-AWARE:

ArchiveData(auto-quarantine- 2006-08-14 14-27-37.bckp)
Referencefile : SE1R118 07.08.2006
======================================================

WHENU.WEATHERCAST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : wusn.1

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[1]=IECache Entry : Cookie:[email protected]/
obj[2]=IECache Entry : Cookie:[email protected]/
obj[3]=IECache Entry : Cookie:[email protected]/
obj[4]=IECache Entry : Cookie:[email protected]/
obj[5]=IECache Entry : Cookie:[email protected]/
obj[6]=IECache Entry : Cookie:[email protected]/
obj[7]=IECache Entry : Cookie:[email protected]/
obj[8]=IECache Entry : Cookie:[email protected]/
obj[9]=IECache Entry : Cookie:[email protected]/
obj[10]=IECache Entry : Cookie:[email protected]/
obj[11]=IECache Entry : Cookie:[email protected]/


SPYBOT:


--- Report generated: 2006-08-14 14:54 ---

Smitfraud-C.: Settings (Registry value, fixed)


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ishost.ex

e

WhenU.SaveNow: Program directory (Directory, fixed)
F:\Program Files\Save\

WhenU.SaveNow: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\ACM.ACMFactory

WhenU.SaveNow: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\ACM.ACMFactory.1

WhenU.SaveNow: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}

WhenU.SaveNow: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}

WhenU.SaveNow: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\ACM.DLL

WhenU.SaveNow: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}

WhenU.SaveNow: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}

WhenU.SaveNow: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}

WhenU.SaveNow: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}

WhenU.SaveNow: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}

WhenU.SaveNow: Autorun settings (Registry value, fixed)


HKEY_USERS\S-1-5-21-1757981266-448539723-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVe

rsion\Run\WhenUSave

WhenU.SaveNow: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow

WhenU.SaveNow: Global settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\WhenUSave

WhenU.SaveNow: Executable (File, fixed)
F:\Program Files\Save\Save.exe

WhenU.SaveNow: Web page (File, fixed)
F:\Program Files\Save\save.htm

WhenU.SaveNow: Uninstaller (File, fixed)
F:\Program Files\Save\SaveUninst.exe

WhenU.SaveNow: Data (File, fixed)
F:\Program Files\Save\save.db

WildTangent: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java

VM\ClassPath=...;F:\WINNT\wt\webdriver\wtdmmpi.jar...

AstaKiller: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MezziaCodec.Chl

AstaKiller: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}

AstaKiller: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Cowabanga

AstaKiller: Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cowabanga

AstaKiller: Application data folder (Directory, fixed)
F:\Program Files\Cowabanga\

Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)


HitsLink: Tracking cookie (Firefox: default) (Cookie, fixed)


HitsLink: Tracking cookie (Firefox: default) (Cookie, fixed)


HitsLink: Tracking cookie (Firefox: default) (Cookie, fixed)


HitsLink: Tracking cookie (Firefox: default) (Cookie, fixed)


CoreMetrics: Tracking cookie (Firefox: default) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-07-26 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-08-11 Includes\Cookies.sbi (*)
2006-08-11 Includes\Dialer.sbi (*)
2006-08-11 Includes\Hijackers.sbi (*)
2006-08-11 Includes\Keyloggers.sbi (*)
2006-08-11 Includes\Malware.sbi (*)
2006-08-11 Includes\PUPS.sbi (*)
2006-08-11 Includes\Revision.sbi (*)
2006-08-11 Includes\Security.sbi (*)
2006-08-11 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-08-11 Includes\Trojans.sbi (*)
  • 0

#12
Lopf

Lopf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
now here's the sherlock codec log:

CompanyName = MainConcept AG
FileDescription = MPEG Video and Audio Decoder
InternalName = MCDSMPEG.DLL
LegalCopyright = Copyright © 2001-2003 MainConcept AG
OriginalFileName = MCDSMPEG.DLL
ProductName = MPEG Decoder
ProductVersion = 1, 0, 0, 56
Microsoft ADPCM
FileVersion = 5.00.2134.1
CompanyName = Microsoft Corporation
FileDescription = Microsoft ADPCM CODEC for MSACM
InternalName = Microsoft ADPCM CODEC for MSACM
LegalCopyright = Copyright © Microsoft Corp. 1981-1999
OriginalFileName = msadp32.acm
ProductName = Microsoft® Windows ® 2000 Operating System
ProductVersion = 5.00.2134.1
Microsoft G.723.1
FileVersion = 4.4.3385
CompanyName = Microsoft Corporation
FileDescription = Microsoft G.723.1 CODEC for MSACM
InternalName = msg723
LegalCopyright = Copyright © Intel Corp. and Microsoft Corporation 1995-1999
OriginalFileName = msg723.acm
ProductName = Windows® NetMeeting®
ProductVersion = 3.01
Modem #0 Line Record
FileVersion = 6.05.01.0900
CompanyName = Microsoft Corporation
FileDescription = DirectShow Runtime.
InternalName = QCap.dll
LegalCopyright = Copyright © 1992-2001 Microsoft Corp.
OriginalFileName = QCap.dll
ProductName =
ProductVersion = 6.05.01.0900
MPEG Audio Decoder
FileVersion = 6.05.1.907
CompanyName = Microsoft Corporation
FileDescription = DirectShow Runtime.
InternalName = Quartz.dll
LegalCopyright = Copyright © 1992-2001 Microsoft Corp.
OriginalFileName = Quartz.dll
ProductName =
ProductVersion = 6.05.1.907
MPEG Layer-3
FileVersion = 1, 2, 0, 63
CompanyName = Fraunhofer Institut Integrierte Schaltungen IIS
FileDescription = MPEG Layer-3 Audio Codec for MSACM
InternalName = l3codec.acm
LegalCopyright = Copyright © 1996,1997 Fraunhofer Institut Integrierte Schaltungen IIS
OriginalFileName = l3codec.acm
ProductName = MPEG Layer-3 Producer
ProductVersion = 1, 2, 0, 0
MPEG Layer-3 Decoder
FileVersion = 1, 5, 0, 50
CompanyName = Fraunhofer Institut Integrierte Schaltungen IIS
FileDescription = MPEG Layer-3 Audio Decoder
InternalName = L3CODECX.AX
LegalCopyright = Copyright © 1997 Fraunhofer IIS
OriginalFileName = L3CODECX.AX
ProductName = MPEG Layer-3 Audio Codec for Microsoft DirectShow
ProductVersion = 1, 5, 0, 50
PCM
FileVersion = 2.05.53
CompanyName = Intel Corporation
FileDescription = Indeo® audio software
InternalName = iac25_32.ax
LegalCopyright = Copyright © Intel Corp. 1997
OriginalFileName = iac25_32.ax
ProductName = Indeo® audio software
ProductVersion = 2.05.53
Realtek AC97 Audio
FileVersion = 6.05.01.0900
CompanyName = Microsoft Corporation
FileDescription = DirectShow Runtime.
InternalName = QCap.dll
LegalCopyright = Copyright © 1992-2001 Microsoft Corp.
OriginalFileName = QCap.dll
ProductName =
ProductVersion = 6.05.01.0900
Windows Media Audio Decoder
FileVersion = 7.00.00.1954
CompanyName = Microsoft Corporation
FileDescription = Windows Media Audio Decoder
InternalName = msadds32.ax
LegalCopyright = Copyright © Microsoft Corp. 1999
OriginalFileName = msadds32.ax
ProductName = Windows Media Audio Decoder
ProductVersion = 7.00.00.1954
Windows Media Audio V1
FileVersion = 7.01.00.3055
CompanyName = Microsoft Corporation
FileDescription = Windows Media Audio
InternalName = msaud32
LegalCopyright = Copyright © Microsoft Corp. 1999
OriginalFileName = msaud32
ProductName = Windows Media Audio
ProductVersion = 7.01.00.3055
Windows Media Audio V2
FileVersion = 7.01.00.3055
CompanyName = Microsoft Corporation
FileDescription = Windows Media Audio
InternalName = msaud32
LegalCopyright = Copyright © Microsoft Corp. 1999
OriginalFileName = msaud32
ProductName = Windows Media Audio
ProductVersion = 7.01.00.3055
WM Speech Encoder DMO
FileVersion = 9.00.00.2980
CompanyName = Microsoft Corporation
FileDescription = Windows Media Speech Encoder
InternalName = wmspdmoe.dll
LegalCopyright = © Microsoft Corporation. All rights reserved.
OriginalFileName = wmspdmoe.dll
ProductName = Microsoft® Windows Media Services
ProductVersion = 9.00.00.2980
WMAudio Decoder DMO
FileVersion = 9.00.00.2980
CompanyName = Microsoft Corporation
FileDescription = Corona Windows Media Audio Decoder
InternalName = wmadmod.dll
LegalCopyright = © Microsoft Corporation. All rights reserved.
OriginalFileName = wmadmod.dll
ProductName = Microsoft® Windows Media Services
ProductVersion = 9.00.00.2980
WMAudio Encoder DMO
FileVersion = 9.00.00.2980
CompanyName = Microsoft Corporation
FileDescription = Corona Windows Media Audio 9 Encoder/Transcoder
InternalName = wmadmoe2.dll
LegalCopyright = © Microsoft Corporation. All rights reserved.
OriginalFileName = wmadmoe2.dll
ProductName = Microsoft® Windows Media Services
ProductVersion = 9.00.00.2980
WMSpeech Decoder DMO
FileVersion = 9.00.00.2980
CompanyName = Microsoft Corporation
FileDescription = Windows Media Speech Decoder
InternalName = wmspdmod.dll
LegalCopyright = © Microsoft Corporation. All rights reserved.
OriginalFileName = wmspdmod.dll
ProductName = Microsoft® Windows Media Services
ProductVersion = 9.00.00.2980


Broken Codecs
-------------
CyberLink Video/SP Decoder
FileName = C:\old setup files\yet even more codecs\ggg\mpeg2.filter.for.wmp\mpeg2 filter [.m2v codec] for wmp\clvsd.ax
InterVideo Audio Decoder
FileName = C:\old setup files\yet even more codecs\ggg\mpeg2.filter.for.wmp\mpeg2 filter [.m2v codec] for wmp\iviaudio.ax
WMplug
FileName = F:\WINNT\wt\webdriver\4.1.1\wtwmplug.ax
  • 0

#13
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's run through a couple steps and see where it gets us. :whistling:

Please click Start -> Control Panel -> Add/Remove Programs and uninstall this program:

Fraunhofer MP3 Codec Pro 1.263


Reboot your computer and check to see if you still get the error.
If so, proceed with the next step.


Right click on My Computer and select Properties.
Go to the Hardware tab and click on Device Manager.
Expand Sound, video, and game controllers
Double click on Video codecs.
Select the Properties tab and you will be presented with a list of installed codecs.
Remove any of these that are listed.

CyberLink Video/SP Decoder
clvsd.ax
InterVideo Audio Decoder
iviaudio.ax
WMplug
wtwmplug.ax


Click Ok to exit from Video codecs.

Double click on Audio codecs and perform the same steps.


Reboot your computer and check to see if you still get the error.

Let me know how it goes.
  • 0

#14
Lopf

Lopf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
well, i got rid of fraunhofer and rebooted, but it didn't solve anything.

then i followed your directions regarding the device manager, but i couldn't find any of those codecs in the video codecs or the audio codecs. :whistling:

a couple of the broken codecs sherlock found were in a folder i created to keep old setup files, so i went and deleted them in that folder. but one was in my winnt folder, and i didn't mess with it yet. do you think that's the culprit?

thanks!

mike
  • 0

#15
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Unfortunately I don't think that's the culprit, but it is part of Wild Tangent, which we don't want.

Delete this folder.

F:\WINNT\wt


On a hunch, let's try something.
Open Spybot and select Recovery.
Select this item and recover it.

AstaKiller: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MezziaCodec.Chl



Reboot and check for the error.

Can you run Sherlock again and post a new log from it please?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP