Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Abnormal Program Termination

Started by rgoff , Aug 30 2006 06:41 PM

Please log in to reply

#1
rgoff

Posted 30 August 2006 - 06:41 PM

New Member

Member
9 posts

Error: Attempting to open any explorer window from an explorer window (e.g. double-click on a folder icon in an explorer window, or type in a new folder name in the address line) results in "Microsoft Visual C++ Runtime Library, Runtime Error! Program: C:\WINNT\explorer.exe, Abnormal Program Termination" After acknowledging the dialog, explorer restarts.

Problem started after downloading some files from BitTorrent sites. (My wife wonders if I'll ever learn.) Problem persists after running the programs below. HijackThis log at the bottom. Many thanks for your time in helping solve this.

Norton AV 2005 Installed and updated - nothing caught
AdawareSE Personal - Nothing
Spybot - Nothing
Kaspersky Online - nothing caught
Rootkit Revealer -
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060829-2215.txt 8/29/2006 10:15 PM 1.05 KB Hidden from Windows API.
C:\Documents and Settings\beast\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-08-29 22-47-22.txt 8/29/2006 10:47 PM 33.19 KB Hidden from Windows API.
C:\Documents and Settings\beast\Application Data\Mozilla\Firefox\Profiles\smunzw69.default\FlashGot.exe 8/29/2006 8:27 PM 96.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\beast\Application Data\Mozilla\Firefox\Profiles\smunzw69.default\parent.lock 8/29/2006 8:27 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\beast\Local Settings\Temp\AAWTMP\C6033781 8/29/2006 10:05 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\beast\Local Settings\Temp\RuntimeError.tx0 8/29/2006 10:04 PM 672 bytes Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106746.bin 7/21/2001 8:26 PM 29.51 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106747.bin 7/21/2001 8:26 PM 27.33 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106748.bin 7/21/2001 8:26 PM 30.63 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106749.ppd 7/21/2001 7:42 PM 11.96 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106750.bin 7/21/2001 8:26 PM 30.32 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106751.sys 8/3/2004 11:07 PM 43.63 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106752.sys 8/17/2001 1:52 PM 35.88 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106753.dll 8/17/2001 10:36 PM 211.00 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106754.dll 8/17/2001 10:36 PM 207.00 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106755.dll 8/17/2001 10:36 PM 46.50 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106756.dll 8/17/2001 10:36 PM 49.00 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106757.sys 8/17/2001 1:58 PM 22.38 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106758.dll 8/17/2001 10:36 PM 49.50 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106759.dll 8/17/2001 10:36 PM 68.00 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106760.dll 8/17/2001 10:36 PM 26.00 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106761.dll 8/17/2001 10:36 PM 27.50 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106762.dll 8/17/2001 10:36 PM 92.50 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106763.gpd 7/21/2001 7:31 PM 23.59 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106764.ppd 7/21/2001 7:42 PM 15.01 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106765.ppd 7/21/2001 7:42 PM 16.32 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106766.dll 8/4/2004 12:56 AM 258.50 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106767.hlp 7/21/2001 6:39 PM 20.73 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106768.dll 8/4/2004 12:56 AM 192.50 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106769.dll 8/4/2004 12:56 AM 605.00 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106770.sys 8/3/2004 10:31 PM 31.63 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106771.sys 8/3/2004 11:04 PM 12.38 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106772.sys 8/3/2004 11:07 PM 57.88 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106773.sys 8/17/2001 2:03 PM 23.25 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106774.sys 8/17/2001 2:03 PM 23.38 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106775.sys 8/3/2004 11:08 PM 30.88 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106776.sys 8/17/2001 2:03 PM 4.63 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106777.hex 7/21/2001 6:38 PM 19.20 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106778.sys 8/3/2004 11:08 PM 26.00 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106779.sys 8/3/2004 11:08 PM 56.25 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106780.sys 8/3/2004 11:08 PM 15.63 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106781.sys 8/3/2004 11:08 PM 16.63 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106782.sys 8/3/2004 11:08 PM 139.63 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106783.sys 8/3/2004 11:01 PM 25.25 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106784.sys 8/3/2004 10:58 PM 14.75 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106785.sys 8/3/2004 11:08 PM 25.00 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106786.sys 8/3/2004 11:08 PM 25.88 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106787.sys 8/3/2004 11:08 PM 20.00 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106788.dll 8/4/2004 12:56 AM 72.50 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106789.sys 8/3/2004 11:10 PM 76.63 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05106790.sys 8/17/2001 1:28 PM 776.03 KB Visible in Windows API, but not in MFT or directory index.
C:\RECYCLER\NPROTECT\05109802 8/29/2006 10:16 PM 13.10 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109804.SAV 8/29/2006 10:15 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109805.SAV 8/29/2006 10:15 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109814.SAV 8/29/2006 10:17 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109815.SAV 8/29/2006 10:17 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109823.SAV 8/29/2006 10:20 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109824.SAV 8/29/2006 10:20 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109833.SAV 8/29/2006 10:23 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109834.SAV 8/29/2006 10:23 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109842.SAV 8/29/2006 10:26 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109843.SAV 8/29/2006 10:26 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109853.SAV 8/29/2006 10:29 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109854.SAV 8/29/2006 10:29 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109862.SAV 8/29/2006 10:32 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109863.SAV 8/29/2006 10:32 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109872.SAV 8/29/2006 10:35 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109873.SAV 8/29/2006 10:35 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109881.SAV 8/29/2006 10:38 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109882.SAV 8/29/2006 10:38 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109892.SAV 8/29/2006 10:41 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109893.SAV 8/29/2006 10:41 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109901.SAV 8/29/2006 10:44 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109902.SAV 8/29/2006 10:44 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109911.SAV 8/29/2006 10:47 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109912.SAV 8/29/2006 10:47 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109920.SAV 8/29/2006 10:50 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109921.SAV 8/29/2006 10:50 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109930.SAV 8/29/2006 10:53 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109931.SAV 8/29/2006 10:53 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109939.SAV 8/29/2006 10:56 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109940.SAV 8/29/2006 10:56 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109949.SAV 8/29/2006 10:59 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109950.SAV 8/29/2006 10:59 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109958.SAV 8/29/2006 11:02 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109959.SAV 8/29/2006 11:02 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109968.SAV 8/29/2006 11:05 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109969.SAV 8/29/2006 11:05 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109977.SAV 8/29/2006 11:08 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109978.SAV 8/29/2006 11:08 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109987.SAV 8/29/2006 11:11 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109988.SAV 8/29/2006 11:11 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109996.SAV 8/29/2006 11:17 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05109997.SAV 8/29/2006 11:17 PM 10.57 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05110006.SAV 8/29/2006 11:20 PM 196.87 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\05110007.SAV 8/29/2006 11:20 PM 10.57 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078707.ppd 7/21/2001 7:42 PM 11.96 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078708.sys 8/3/2004 11:07 PM 43.63 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078709.sys 8/17/2001 1:52 PM 35.88 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078710.dll 8/17/2001 10:36 PM 211.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078711.dll 8/17/2001 10:36 PM 207.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078712.dll 8/17/2001 10:36 PM 46.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078713.dll 8/17/2001 10:36 PM 49.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078714.sys 8/17/2001 1:58 PM 22.38 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078715.dll 8/17/2001 10:36 PM 49.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078716.dll 8/17/2001 10:36 PM 68.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078717.dll 8/17/2001 10:36 PM 26.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078718.dll 8/17/2001 10:36 PM 27.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078719.dll 8/17/2001 10:36 PM 92.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078720.gpd 7/21/2001 7:31 PM 23.59 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078721.ppd 7/21/2001 7:42 PM 15.01 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078722.ppd 7/21/2001 7:42 PM 16.32 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078723.dll 8/4/2004 12:56 AM 258.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078724.hlp 7/21/2001 6:39 PM 20.73 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078725.dll 8/4/2004 12:56 AM 192.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078726.dll 8/4/2004 12:56 AM 605.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078727.sys 8/3/2004 10:31 PM 31.63 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078728.sys 8/3/2004 11:04 PM 12.38 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078729.sys 8/3/2004 11:07 PM 57.88 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078730.sys 8/17/2001 2:03 PM 23.25 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078731.sys 8/17/2001 2:03 PM 23.38 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078732.sys 8/3/2004 11:08 PM 30.88 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078733.sys 8/17/2001 2:03 PM 4.63 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078734.sys 8/3/2004 11:08 PM 26.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078735.sys 8/3/2004 11:08 PM 56.25 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078736.sys 8/3/2004 11:08 PM 15.63 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078737.sys 8/3/2004 11:08 PM 16.63 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078738.sys 8/3/2004 11:08 PM 139.63 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078739.sys 8/3/2004 11:01 PM 25.25 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078740.sys 8/3/2004 10:58 PM 14.75 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078741.sys 8/3/2004 11:08 PM 25.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078742.sys 8/3/2004 11:08 PM 25.88 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078743.sys 8/29/2006 11:17 PM 20.00 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078744.dll 8/29/2006 11:17 PM 72.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078745.sys 8/29/2006 11:20 PM 76.63 KB Hidden from Windows API.
C:\System Volume Information\_restore{1858730E-005E-4B72-8565-DA65E535E076}\RP339\A0078746.sys 8/29/2006 11:20 PM 776.03 KB Hidden from Windows API.

Ewido:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
e w i d o a n t i - s p y w a r e - S c a n R e p o r t
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ C r e a t e d a t : 6 : 2 2 : 1 9 P M 8 / 3 0 / 2 0 0 6
+ S c a n r e s u l t :
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ L o c a l S e t t i n g s \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ A V 8 R 2 D 4 7 \ A p p W r a p [ 2 ] . e x e - > A d w a r e . A d U R L : C l e a n e d .
C : \ W I N N T \ a a a a n . b a k - > A d w a r e . A d U R L : C l e a n e d .
H K L M \ S O F T W A R E \ W i n d o w s S e r v e A d - > A d w a r e . B l a z e F i n d : C l e a n e d .
C : \ W I N N T \ s y s t e m 3 2 \ g t d o w n l s _ 9 5 . o c x - > A d w a r e . G d o w n : C l e a n e d .
H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ A p p M a n a g e m e n t \ A R P C a c h e \ I S T b a r I S T b a r - > A d w a r e . H o t B a r : C l e a n e d .
H K L M \ S O F T W A R E \ I S T s v c - > A d w a r e . I S T B a r : E r r o r d u r i n g c l e a n i n g .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ L o c a l S e t t i n g s \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ K X Q R O H U 3 \ d r i n [ 1 ] . c a b / q l s e t u p . e x e - > A d w a r e . M D H : C l e a n e d .
C : \ W I N N T \ N D N u n i n s t a l l 4 _ 8 8 . e x e - > A d w a r e . N e w D o t N e t : C l e a n e d .
H K L M \ S O F T W A R E \ M i c r o s o f t \ I n t e r n e t E x p l o r e r \ M a i n \ i n s - > A d w a r e . W e b R e b a t e s : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ L o c a l S e t t i n g s \ A p p l i c a t i o n D a t a \ M o z i l l a \ F i r e f o x \ P r o f i l e s \ s m u n z w 6 9 . d e f a u l t \ C a c h e \ 8 E 6 5 9 4 F B d 0 1 - > D o w n l o a d e r . I s t B a r . p c : C l e a n e d .
C : \ d o w n l o a d s \ i s t _ r e m o v e . e x e - > D o w n l o a d e r . I s t B a r . p c : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ l o a d e r a d v 5 1 9 . j a r - 4 d 7 e 0 6 c 5 - 5 1 9 2 3 8 5 3 . z i p / M a t r i x . c l a s s - > D o w n l o a d e r . O p e n S t r e a m . c : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ L o c a l S e t t i n g s \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ C T A B G H I V \ d r i n [ 1 ] . e x e - > D o w n l o a d e r . S m a l l . b k e : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 1 2 c 9 5 f e 7 - 1 e 4 f 3 9 e e . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 1 d 3 6 1 a 1 d - 7 5 2 1 c c 5 3 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 1 f b 8 b 4 f 6 - 4 9 7 f e a 1 6 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 2 3 4 5 b c 3 6 - 4 a 8 a b b e 2 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 2 7 a e a 0 6 0 - 2 9 3 2 d 8 e 5 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 4 6 d f 8 3 3 - 6 d 2 3 0 1 9 4 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 5 1 a 2 3 1 5 2 - 4 7 2 6 5 e 1 f . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 5 9 5 d 0 4 a - 3 e d b d 0 1 6 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 6 3 a d c 0 c 6 - 2 6 7 d 8 9 5 b . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 6 b c b e 1 6 e - 4 a 0 d 8 d a 6 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 6 d 1 2 0 3 9 1 - 2 e b 5 9 5 2 0 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 6 e 4 0 6 3 f 3 - 1 3 9 e 7 2 a 1 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 7 1 b e 1 3 f 3 - 6 2 3 4 3 f e b . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ a r c h i v e . j a r - 7 a c 9 8 1 c e - 4 d f b b 1 3 2 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ l o a d e r a d v 3 1 4 . j a r - 5 e d 3 b 9 7 5 - 4 6 9 6 3 8 d f . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ l o a d e r a d v 3 4 3 . j a r - 6 3 e 4 2 b d 1 - 2 d e 9 4 9 1 9 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ l o a d e r a d v 5 1 9 . j a r - 4 d 7 e 0 6 c 5 - 5 1 9 2 3 8 5 3 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
C : \ D o c u m e n t s a n d S e t t i n g s \ b e a s t \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ j a r \ m e n u . j r - c a a d b c 2 - 3 1 f 9 f 7 1 6 . z i p / D u m m y . c l a s s - > N o t - A - V i r u s . E x p l o i t . B y t e V e r i f y : C l e a n e d .
: : R e p o r t e n d

HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 6:32:26 PM, on 8/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\cisvc.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\Program Files\ewidoanti-spyware\guard.exe
C:\WINNT\System32\GEARSec.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\tlntsvr.exe
C:\Program Files\YATS32\yats32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ewidoanti-spyware\ewido.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Ziepod\Ziepod.exe
C:\Program Files\tgtsoft\StyleXP\StyleXP.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\UltraEdit\uedit32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\downloads\HijackThis.exe
C:\WINNT\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton Systemworks",
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ziepod One-Click Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINNT\system32\ZiepodOneClicker.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewidoanti-spyware\ewido.exe" /minimized
O4 - HKCU\..\Run: [Hot Corners] :"C:\Program Files\Hot Corners\HotC.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [RoboForm] :"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Skype] :"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ziepod Start-Up] C:\Program Files\Ziepod\Ziepod.exe /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\tgtsoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BitTorrent] :"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.galicia
O16 - DPF: symsupportutil - https://www-secure.s...supportutil.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.micro...media/Swdir.cab
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://palmvidserver...hecker_6110.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.filesanyw...ereUploader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) -
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://palmvidserver...adFile_7000.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.micro...ate/sdkinst.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://E:\GAMES\WebDriverFullInstall.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F6CA8D7-47C0-4288-8C28-CEBA39B884E9}: NameServer = 192.168.0.1
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewidoanti-spyware\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YATS32 - Dillobits Software, Inc. - C:\Program Files\YATS32\yats32.exe

#2
Metallica

Posted 05 September 2006 - 07:15 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Hi rgoff,

Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
It will say "Java Plug-in" under the icon.
Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
If you are unable to update you can manually update by going here:
- http://www.java.com/en/download/manual.jsp
After the reboot, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
Downloaded Applications
Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

Then run Internet Explorer and go to the following: Tools->>Internet Options->>Programs Tab->>Reset Web Settings Command Button

Let me know if that helps and post a new HijackThis log.

#3
rgoff

Posted 05 September 2006 - 10:06 AM

New Member

Topic Starter
Member
9 posts

Thanks very much for responding. I followed your instructions and the problem persists.

Logfile of HijackThis v1.99.1
Scan saved at 10:01:39 AM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\cisvc.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ewidoanti-spyware\guard.exe
C:\WINNT\System32\GEARSec.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\tlntsvr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\YATS32\yats32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ewidoanti-spyware\ewido.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Ziepod\Ziepod.exe
C:\Program Files\tgtsoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\downloads\HijackThis.exe
C:\WINNT\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton Systemworks",
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ziepod One-Click Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINNT\system32\ZiepodOneClicker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewidoanti-spyware\ewido.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Hot Corners] :"C:\Program Files\Hot Corners\HotC.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [RoboForm] :"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Skype] :"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ziepod Start-Up] C:\Program Files\Ziepod\Ziepod.exe /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\tgtsoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BitTorrent] :"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.galicia
O16 - DPF: symsupportutil - https://www-secure.s...supportutil.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.micro...media/Swdir.cab
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://palmvidserver...hecker_6110.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.filesanyw...ereUploader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://palmvidserver...adFile_7000.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.micro...ate/sdkinst.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://E:\GAMES\WebDriverFullInstall.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F6CA8D7-47C0-4288-8C28-CEBA39B884E9}: NameServer = 192.168.0.1
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewidoanti-spyware\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YATS32 - Dillobits Software, Inc. - C:\Program Files\YATS32\yats32.exe

#4
Metallica

Posted 05 September 2006 - 12:12 PM

Spyware Veteran

GeekU Moderator
33,101 posts

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKCU\..\Run: [BitTorrent] :"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://E:\GAMES\WebDriverFullInstall.exe

Then reboot and download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Regards,

#5
rgoff

Posted 05 September 2006 - 02:14 PM

New Member

Topic Starter
Member
9 posts

The problem remains.

Logfile of HijackThis v1.99.1
Scan saved at 2:12:30 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\cisvc.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\ewidoanti-spyware\guard.exe
C:\WINNT\System32\GEARSec.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\tlntsvr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\YATS32\yats32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ewidoanti-spyware\ewido.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Ziepod\Ziepod.exe
C:\Program Files\tgtsoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINNT\explorer.exe
C:\downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton Systemworks",
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ziepod One-Click Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINNT\system32\ZiepodOneClicker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewidoanti-spyware\ewido.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Hot Corners] :"C:\Program Files\Hot Corners\HotC.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [RoboForm] :"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Skype] :"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ziepod Start-Up] C:\Program Files\Ziepod\Ziepod.exe /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\tgtsoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.galicia
O16 - DPF: symsupportutil - https://www-secure.s...supportutil.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://activex.micro...media/Swdir.cab
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://palmvidserver...hecker_6110.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.filesanyw...ereUploader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://palmvidserver...adFile_7000.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.micro...ate/sdkinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F6CA8D7-47C0-4288-8C28-CEBA39B884E9}: NameServer = 192.168.0.1
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewidoanti-spyware\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YATS32 - Dillobits Software, Inc. - C:\Program Files\YATS32\yats32.exe

#6
Metallica

Posted 06 September 2006 - 12:28 AM

Spyware Veteran

GeekU Moderator
33,101 posts

OK. Since your log looks clean now, I will need some more information.

- When explorer crashes does it take the taskbar and desktop out as well?
- Is your computer set to open a doubleclicked folder in a new explorer window?
To find out, open an explorer window and click > Folder Options > File Types.

In the list of registered file types, scroll down to Folder, click the
Advanced button, which will give you a list of actions that are registered
for Folders, with the selected one being the default for when you
double-click a Folder.

Also try changing it to the other one and test if that will work.

Regards,

#7
rgoff

Posted 06 September 2006 - 06:42 AM

New Member

Topic Starter
Member
9 posts

Yes, taskbar and desktop icons disappear and reappear in a few seconds.

When select Tools > File Options... and go to the File Types tab, select the Folder (not File Folder) file type, and click Advanced, I get the Edit File Type dialog. In that, the choices are, in order, "Browse with Paint Shop Pro 9", "explore", "open", and "Zip Explorer Catalog". The top entry, "Browse..." was selected, but nothing was bold. The default action on a folder when I right click to view the context menu is "Open", so I selected open in the list and clicked "Make Default". Didn't change the problem, but now "open" is bold.

Browse Folders under the General tab is set to "open each folder in the same window", which is what I expected. When I change it to "open each folder in its own window", double-clicking a folder opens a new window normally without crashing explorer. Thanks, this is a good thing to know. :whistling:

I should mention that I also ran a Windows repair from the installation disk before posting.

Thanks for your time.

#8
Metallica

Posted 06 September 2006 - 07:26 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Hi rgoff,

Go to Start > Run
Type:regedit
Click OK.

On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
- Make sure in that window there is a tick next to "All" under Export Branch.
  Leave the "Save As Type" as "Registration Files".
  Under "Filename" put backup
Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
Click save and then go to File > Exit.

This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Then copy the part in the CODE-box below into notepad and save it as folderrep.reg
Set Filetype to "All files"

REGEDIT4

[HKEY_CLASSES_ROOT\Folder\shell\explore]
"BrowserFlags"=dword:00000022
"ExplorerFlags"=dword:00000021

[HKEY_CLASSES_ROOT\Folder\shell\explore\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
  65,00,20,00,2f,00,65,00,2c,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,\
  00,25,00,49,00,2c,00,25,00,4c,00,00,00

[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec]
@="[ExploreFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\application]
@="Folders"

[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\topic]
@="AppProperties"

[HKEY_CLASSES_ROOT\Folder\shell\open]
"BrowserFlags"=dword:00000010
"ExplorerFlags"=dword:00000012

[HKEY_CLASSES_ROOT\Folder\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
  65,00,20,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,00,25,00,49,00,2c,\
  00,25,00,4c,00,00,00

[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec]
@="[ViewFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\application]
@="Folders"

[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\topic]
@="AppProperties"

[HKEY_CLASSES_ROOT\Folder\shell]
@="explore"

Doubleclick the file you made and at the prompt confirm you want to merge it with the registry.
After confirmatuion that it was merged successfully, reboot your computer and try again.

Let me know if that did the trick.

Regards,

#9
rgoff

Posted 06 September 2006 - 08:46 PM

New Member

Topic Starter
Member
9 posts

Strange behavior. I backed up the registry and applied the patch in your message. Before I did that, I compared the values of each item in the patch with the existing data, and found no difference. Applied the patch anyway and rebooted.

After rebooting, I attempted to reproduce the problem and found that all of my folders now open with the treeview on the left side now. Also, when the treeview is visible, double-clicking on a folder either in the list area or the treeview causes explorer to crash. And now when explorer crashes, I have to use Task Manager to close the active explorer window - it no longer closes when explorer crashes.

If the treeview is not visible (I de-select the "Folders" button in the toolbar), it doesn't matter whether the folder options are set to "open each folder in the same window" or "open each folder in its own window", I get a new window when double-clicking a folder in the explorer window, and explorer does not crash when I do.

(When the problem started, I was not using the treeview and explorer crashed with the treeview hidden.)

If I go to Folder Options, View tab and check "launch folder windows in a separate process", the desktop and task bar remain when the window crashes, which is a good thing right now. In that case, the active explorer window does close when it crashes.

I'm mystified.

Edited by rgoff, 06 September 2006 - 08:49 PM.

#10
Metallica

Posted 07 September 2006 - 12:01 PM

Spyware Veteran

GeekU Moderator
33,101 posts

Hey. Who stole my answer to this post?
It was real smart and would have solved the problem for sure.
And now I can't remember it anymore.

Just kidding, but I really did answer this one hours ago. :whistling:

Hi rgoff,

Is your computer networked?
I thought that maybe the treeview might crash explorer because it goes looking for network locations.

Let me know,

#11
rgoff

Posted 07 September 2006 - 06:38 PM

New Member

Topic Starter
Member
9 posts

Yes, it is networked. The treeview doesn't crash when the first window comes up, only when trying to open a new directory list in the same window. How would I go about testing for this issue? Should I disconnect from the network and see if it reoccurs? I can access folders on the local network, and they display the same crash behavior as local folders.

If someone really did steal the answer to this problem, let me know who. I'll beat them senseless. :whistling:

#12
Metallica

Posted 08 September 2006 - 01:59 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Although the problem is not the same this solution looks like it might work:

http://support.micro...om/?kbid=816375

Can you give it a go and let me know?

Regards,

#13
rgoff

Posted 08 September 2006 - 07:59 PM

New Member

Topic Starter
Member
9 posts

Actually, I don't think I want to do that. After finally tracking down the KB article, it says "A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows XP service pack that contains this hotfix." It doesn't even provide a link to download the hotfix; I would have to call MS support to get it.

I wonder if you would help me determine whether the problem is a DLL conflict? Sysinternals' Process Explorer shows me the subprocesses of explorer.exe, and the DLLs loaded. Running the Dependancy Walker on explorer.exe produces a warning: "At least one module has an unresolved import due to a missing export function in a delay-load dependent module." mpr.dll is loaded by both shlwapi.dll and setupapi.dll as delayed load, but setupapi only imports 3 methods. shlwapi imports 7, and WNetRestoreConnectionA is listed as imported by shlwapi but not exported by mpr. Maybe I have a bad mpr.dll? Maybe not. dependancywalker.com http://www.dependenc...er.com/faq.html says:

"Some versions of SHLWAPI.DLL (like the one on Windows XP) have a
delay-load dependency on the function WNetRestoreConnectionA in MPR.DLL.
Missing delay-load functions are not a problem as long as the calling DLL is
prepared to handle the situation. Dependency Walker flags all potential
problems as it cannot detect if an application intends to handle the issue.
In the case of SHLWAPI.DLL, this is not an problem as it does not require
WNetRestoreConnectionA to exist and handles the missing function at runtime.
This warning can be ignored. See the "How to Interpret Warnings and Errors
in Dependency Walker" section in help for more details."

My mpr.dll file has the correct version number (5.1.2600.2180) but the file size is different than the MPR.DL_ file on the installation disk. Are DL_ files compressed?

No other dependancies are flagged in the Dependancy Walker. Do you think I'm off on the wrong path?

#14
Metallica

Posted 09 September 2006 - 06:25 AM

Spyware Veteran

GeekU Moderator
33,101 posts

MPR.dll is almost always listed like that in Dependency Walker.
Please don't ask me why. It's something I have learned to ignore

I actually wanted you to add the registry keys described in that article.
Let me help you with that.
Copy the part in bold below into notepad and save it as networkexpl.reg
Set Filetype to "all files"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRemoteRecursiveEvents"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MrxSmb\Parameters]
"InfoCacheLevel"=dword:00000010

Doubleclick that file and confirm you want to merge it with the registry.

Reboot and try the explorer window again.
Let me know if it helped.

Regards,