Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

explorer error

Started by hawaiianlei , Sep 04 2006 09:32 PM

Please log in to reply

#1
hawaiianlei

Posted 04 September 2006 - 09:32 PM

Member

Member
74 posts

i just scanned my computer, and i still have 2 lingering problems:
1. every time i start the computer, an error message appears: explorer.exe Application error . Instruction at "0x734305be" referenced memory "0x734305be". memory could not be "written ". click OK to terminate or cancel to debug." the debug function does not work. by clicking OK , explore shuts down , and automatically restarts. this happens once or twice with each startup, then it stops occuring until the next startup.
2. every time I start the computer after a couple hours of shutdown, windows reports low Internet connectivity. once I restart the computer everything is OK. if i leave the computer off for a couple of hours and start it up again, to same problem happens.
here is my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:21:25 PM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Backed Up Data\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Jonathan Lei\Desktop\pwsafe.exe
C:\Documents and Settings\Jonathan Lei\My Documents\- Antispyware -\HijackThis\HijackThis 1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Backed Up Data\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152904601156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152904662531
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

thanks!

#2
Metallica

Posted 12 September 2006 - 08:31 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Use HijackThis to fix this entry:
O18 - Protocol: Festoon - (no CLSID) - (no file)
by selecting it and then click Fix checked.

Then reboot. If the problem persists download and unzip:
http://www.diamondcs...onsoletools.zip

Save all the files in the zip to this path:
C:\console

This isn't absolutely necessary, but will make it a lot easier for me since I have them there as well.
Make sure you have exactly one explorer window open when you do this.

Then click Start > Run > cmd > OK

The command prompt will open.
Type these commands behind the prompts, each line followed by using ENTER

cd\
cd console
procs -l

This will result in a list of processes each followed by a number between brackets (the PID)
Find the PID for (the first instance of) explorer.exe
That should look something like this \??\C:\WINDOWS\explorer.exe [1844]
If your number is not 1844 you will have to replace it by your own in the command below.

Then use this command

procs -m:1844

This will result in a list of all the modules in use by explorer.exe
Copy and paste that list into your next post.

Regards,

#3
hawaiianlei

Posted 16 September 2006 - 11:03 AM

Member

Topic Starter
Member
74 posts

i dont know if this is supposed to happen. i deleted ( fix error) the file specified using hijackthis, but i checked again to make sure, and the file was still there. it seems that it cant be deleted.
i hope i did this right

01000000: C:\Program Files\Windows Defender\MSASCui.exe
7C900000: C:\WINDOWS\system32\ntdll.dll
7C800000: C:\WINDOWS\system32\kernel32.dll
78130000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.16
3_x-ww_681e29fb\MSVCR80.dll
77C10000: C:\WINDOWS\system32\msvcrt.dll
7C420000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.16
3_x-ww_681e29fb\MSVCP80.dll
77DD0000: C:\WINDOWS\system32\ADVAPI32.dll
77E70000: C:\WINDOWS\system32\RPCRT4.dll
77F10000: C:\WINDOWS\system32\GDI32.dll
77D40000: C:\WINDOWS\system32\USER32.dll
7C9C0000: C:\WINDOWS\system32\SHELL32.dll
77F60000: C:\WINDOWS\system32\SHLWAPI.dll
774E0000: C:\WINDOWS\system32\ole32.dll
77120000: C:\WINDOWS\system32\OLEAUT32.dll
5B800000: C:\Program Files\Windows Defender\MpClient.dll
769C0000: C:\WINDOWS\system32\USERENV.dll
4EC50000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2
600.2180_x-ww_522f9f82\gdiplus.dll
773D0000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1
df_6.0.2600.2649_x-ww_aac16c8b\COMCTL32.dll
74C80000: C:\WINDOWS\system32\OLEACC.dll
76080000: C:\WINDOWS\system32\MSVCP60.dll
61800000: C:\Program Files\Windows Defender\MsMpRes.dll
5D800000: C:\Program Files\Windows Defender\MpRtMon.DLL
4D4F0000: C:\WINDOWS\system32\WINHTTP.dll
77260000: C:\WINDOWS\system32\urlmon.dll
77C00000: C:\WINDOWS\system32\VERSION.dll
76390000: C:\WINDOWS\system32\IMM32.DLL
629C0000: C:\WINDOWS\system32\LPK.DLL
74D90000: C:\WINDOWS\system32\USP10.dll
5AD70000: C:\WINDOWS\system32\uxtheme.dll
74720000: C:\WINDOWS\system32\MSCTF.dll
4B400000: C:\WINDOWS\system32\MSFTEDIT.DLL
77B40000: C:\WINDOWS\system32\apphelp.dll
755C0000: C:\WINDOWS\system32\msctfime.ime
77FE0000: C:\WINDOWS\system32\Secur32.dll
76FD0000: C:\WINDOWS\system32\CLBCATQ.DLL
77050000: C:\WINDOWS\system32\COMRes.dll
605D0000: C:\WINDOWS\system32\mslbui.dll
0FFD0000: C:\WINDOWS\system32\rsaenh.dll

Edited by hawaiianlei, 16 September 2006 - 11:05 AM.

#4
Metallica

Posted 16 September 2006 - 01:16 PM

Spyware Veteran

GeekU Moderator
33,101 posts

errrmmm. Are you sure you picked the PID number of explorer?
It looks as if you took the one for Windows Defender instead.

Can you try again?

Also click Start > Run > and copy this command into the window:
regedit.exe /e C:\protocols.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS"
Click OK to execute.

If done successfully this will create the file C:\protocols.txt
Find that file and post the content.

#5
hawaiianlei

Posted 16 September 2006 - 04:11 PM

Member

Topic Starter
Member
74 posts

i think i found it this time...but it didnt have the "\??\" in front of it.

01000000: C:\WINDOWS\explorer.exe
7C900000: C:\WINDOWS\system32\ntdll.dll
7C800000: C:\WINDOWS\system32\kernel32.dll
77DD0000: C:\WINDOWS\system32\ADVAPI32.dll
77E70000: C:\WINDOWS\system32\RPCRT4.dll
75F80000: C:\WINDOWS\system32\BROWSEUI.dll
77F10000: C:\WINDOWS\system32\GDI32.dll
77D40000: C:\WINDOWS\system32\USER32.dll
77C10000: C:\WINDOWS\system32\msvcrt.dll
774E0000: C:\WINDOWS\system32\ole32.dll
77F60000: C:\WINDOWS\system32\SHLWAPI.dll
77120000: C:\WINDOWS\system32\OLEAUT32.dll
77760000: C:\WINDOWS\system32\SHDOCVW.dll
77A80000: C:\WINDOWS\system32\CRYPT32.dll
77B20000: C:\WINDOWS\system32\MSASN1.dll
754D0000: C:\WINDOWS\system32\CRYPTUI.dll
76C30000: C:\WINDOWS\system32\WINTRUST.dll
76C90000: C:\WINDOWS\system32\IMAGEHLP.dll
5B860000: C:\WINDOWS\system32\NETAPI32.dll
771B0000: C:\WINDOWS\system32\WININET.dll
76F60000: C:\WINDOWS\system32\WLDAP32.dll
77C00000: C:\WINDOWS\system32\VERSION.dll
7C9C0000: C:\WINDOWS\system32\SHELL32.dll
5AD70000: C:\WINDOWS\system32\UxTheme.dll
5CB70000: C:\WINDOWS\system32\ShimEng.dll
6F880000: C:\WINDOWS\AppPatch\AcGenral.DLL
76B40000: C:\WINDOWS\system32\WINMM.dll
77BE0000: C:\WINDOWS\system32\MSACM32.dll
769C0000: C:\WINDOWS\system32\USERENV.dll
76390000: C:\WINDOWS\system32\IMM32.DLL
629C0000: C:\WINDOWS\system32\LPK.DLL
74D90000: C:\WINDOWS\system32\USP10.dll
773D0000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1
df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll
5D090000: C:\WINDOWS\system32\comctl32.dll
74720000: C:\WINDOWS\system32\MSCTF.dll
77B40000: C:\WINDOWS\system32\apphelp.dll
755C0000: C:\WINDOWS\system32\msctfime.ime
77FE0000: C:\WINDOWS\system32\Secur32.dll
76FD0000: C:\WINDOWS\system32\CLBCATQ.DLL
77050000: C:\WINDOWS\system32\COMRes.dll
605D0000: C:\WINDOWS\system32\mslbui.dll
77A20000: C:\WINDOWS\System32\cscui.dll
76600000: C:\WINDOWS\System32\CSCDLL.dll
5BA60000: C:\WINDOWS\system32\themeui.dll
76380000: C:\WINDOWS\system32\MSIMG32.dll
20000000: C:\WINDOWS\system32\xpsp2res.dll
71D40000: C:\WINDOWS\system32\actxprxy.dll
5FC10000: C:\WINDOWS\system32\msutb.dll
71BF0000: C:\WINDOWS\system32\SAMLIB.dll
76980000: C:\WINDOWS\system32\LINKINFO.dll
76990000: C:\WINDOWS\system32\ntshrui.dll
76B20000: C:\WINDOWS\system32\ATL.DLL
5C2C0000: C:\WINDOWS\ime\sptip.dll
74C80000: C:\WINDOWS\system32\OLEACC.dll
76080000: C:\WINDOWS\system32\MSVCP60.dll
00D20000: C:\WINDOWS\IME\SPGRMR.DLL
5C430000: C:\WINDOWS\ime\softkbd.dll
10000000: C:\Program Files\CursorXP\CurXP0.dll
01610000: C:\WINDOWS\system32\msi.dll
77920000: C:\WINDOWS\system32\SETUPAPI.dll
76400000: C:\WINDOWS\system32\NETSHELL.dll
76E80000: C:\WINDOWS\system32\rtutils.dll
76C00000: C:\WINDOWS\system32\credui.dll
71AB0000: C:\WINDOWS\system32\WS2_32.dll
71AA0000: C:\WINDOWS\system32\WS2HELP.dll
76D60000: C:\WINDOWS\system32\iphlpapi.dll
76360000: C:\WINDOWS\system32\WINSTA.dll
74B30000: C:\WINDOWS\system32\webcheck.dll
71AD0000: C:\WINDOWS\system32\WSOCK32.dll
76280000: C:\WINDOWS\system32\stobject.dll
74AF0000: C:\WINDOWS\system32\BatMeter.dll
74AD0000: C:\WINDOWS\system32\POWRPROF.dll
76F50000: C:\WINDOWS\system32\WTSAPI32.dll
014B0000: C:\WINDOWS\system32\WPDShServiceObj.dll
72410000: C:\WINDOWS\system32\mydocs.dll
012F0000: C:\WINDOWS\system32\PortableDeviceTypes.dll
01E40000: C:\WINDOWS\system32\PortableDeviceApi.dll
4D4F0000: C:\WINDOWS\system32\WINHTTP.dll
72D20000: C:\WINDOWS\system32\wdmaud.drv
72D10000: C:\WINDOWS\system32\msacm32.drv
77BD0000: C:\WINDOWS\system32\midimap.dll
22200000: C:\Program Files\SpywareGuard\spywareguard.dll
73420000: C:\WINDOWS\system32\MSVBVM60.DLL
5F800000: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
78130000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.16
3_x-ww_681e29fb\MSVCR80.dll
7C420000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.16
3_x-ww_681e29fb\MSVCP80.dll
0FFD0000: C:\WINDOWS\system32\rsaenh.dll
77260000: C:\WINDOWS\system32\urlmon.dll
01140000: C:\WINDOWS\system32\browselc.dll
75E90000: C:\WINDOWS\system32\SXS.DLL
74980000: C:\WINDOWS\system32\msxml3.dll
76EE0000: C:\WINDOWS\system32\RASAPI32.DLL
76E90000: C:\WINDOWS\system32\rasman.dll
76EB0000: C:\WINDOWS\system32\TAPI32.dll
77C70000: C:\WINDOWS\system32\msv1_0.dll
722B0000: C:\WINDOWS\system32\sensapi.dll
71A50000: C:\WINDOWS\System32\mswsock.dll
76FC0000: C:\WINDOWS\system32\rasadhlp.dll
76F20000: C:\WINDOWS\system32\DNSAPI.dll
662B0000: C:\WINDOWS\system32\hnetcfg.dll
71A90000: C:\WINDOWS\System32\wshtcpip.dll
65AF0000: C:\WINDOWS\system32\jsproxy.dll
75C50000: C:\WINDOWS\system32\jscript.dll
77690000: C:\WINDOWS\system32\NTMARTA.DLL
6C1B0000: C:\WINDOWS\system32\DUSER.dll
75CF0000: C:\WINDOWS\system32\MLANG.dll
71B20000: C:\WINDOWS\system32\MPR.dll
75F60000: C:\WINDOWS\System32\drprov.dll
71C10000: C:\WINDOWS\System32\ntlanman.dll
71CD0000: C:\WINDOWS\System32\NETUI0.dll
71C90000: C:\WINDOWS\System32\NETUI1.dll
71C80000: C:\WINDOWS\System32\NETRAP.dll
75F70000: C:\WINDOWS\System32\davclnt.dll
75970000: C:\WINDOWS\system32\MSGINA.dll
74320000: C:\WINDOWS\system32\ODBC32.dll
763B0000: C:\WINDOWS\system32\comdlg32.dll
04120000: C:\WINDOWS\system32\odbcint.dll
73BA0000: C:\WINDOWS\system32\sti.dll
74AE0000: C:\WINDOWS\system32\CFGMGR32.dll
044E0000: C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIFileMn.dll
04800000: C:\PROGRA~1\COMMON~1\TISHAR~1\TalkTI\TIVar.dll
60510000: C:\WINDOWS\system32\dfshim.dll
79000000: C:\WINDOWS\system32\mscoree.dll
641F0000: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll
60610000: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll
60340000: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll
64220000: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
75830000: C:\WINDOWS\system32\mstask.dll
767A0000: C:\WINDOWS\system32\NTDSAPI.dll
038E0000: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
506A0000: C:\WINDOWS\system32\wuapi.dll
76C60000: C:\WINDOWS\system32\sfc_os.dll
03D30000: C:\PROGRA~1\WIFD1F~1\MpOAv.dll
76BF0000: C:\WINDOWS\system32\PSAPI.DLL
01130000: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
7C340000: C:\WINDOWS\system32\MSVCR71.dll
11000000: C:\Program Files\SpywareGuard\dlprotect.dll
4EC50000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2
600.2180_x-ww_522f9f82\gdiplus.dll
325C0000: C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
593F0000: C:\WINDOWS\system32\wiashext.dll

C:\protocols.txt contains:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml]
"CLSID"="{807553E5-5146-11D5-A672-00B0D022E945}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about]
"CLSID"="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cdl]
@="CDL: Asychronous Pluggable Protocol Handler"
"CLSID"="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dvd]
@="DVD: Pluggable Protocol"
"CLSID"="{12D51199-0DB5-46FE-A120-47A3D7D937CC}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\Festoon]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\file]
@="file:, local: Asychronous Pluggable Protocol Handler"
"CLSID"="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ftp]
@="ftp: Asychronous Pluggable Protocol Handler"
"CLSID"="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher]
@="gopher: Asychronous Pluggable Protocol Handler"
"CLSID"="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http]
@="http: Asychronous Pluggable Protocol Handler"
"CLSID"="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001]
@="Microsoft OLE DB Moniker Binder for Internet Publishing"
"CLSID"="{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb]
"CLSID"="{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}"
@="Microsoft OLE DB Provider for Internet Publishing"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https]
@="https: Asychronous Pluggable Protocol Handler"
"CLSID"="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001]
@="Microsoft OLE DB Moniker Binder for Internet Publishing"
"CLSID"="{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb]
@="Microsoft OLE DB Provider for Internet Publishing"
"CLSID"="{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001]
@="Microsoft OLE DB Moniker Binder for Internet Publishing"
"CLSID"="{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\its]
@="its: Asychronous Pluggable Protocol Handler"
"CLSID"="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\javascript]
"CLSID"="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall]
"CLSID"="{828030A1-22C1-4009-854F-8E305202313F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\local]
@="file:, local: Asychronous Pluggable Protocol Handler"
"CLSID"="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mailto]
"CLSID"="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mhtml]
@="MHTML Asychronous Pluggable Protocol Handler"
"CLSID"="{05300401-BCBC-11d0-85E3-00C04FD85AB4}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mk]
@="mk: Asychronous Pluggable Protocol Handler"
"CLSID"="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-its]
@="ms-its: Asychronous Pluggable Protocol Handler"
"CLSID"="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss]
@="ms-itss: Asynchronous Pluggable Storage Protocol Handler"
"CLSID"="{0A9007C0-4076-11D3-8789-0000F8105754}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001]
@="Microsoft OLE DB Moniker Binder for Internet Publishing"
"CLSID"="{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb]
@="Microsoft OLE DB Provider for Internet Publishing"
"CLSID"="{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim]
"CLSID"="{828030A1-22C1-4009-854F-8E305202313F}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap]
"CLSID"="{3D9F03FA-7A94-11D3-BE81-0050048385D1}"
@="Data Page Pluggable Protocol"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11]
@="Data Page Pluggable Protocol"
"CLSID"="{32505114-5902-49B2-880A-1F7738E5A384}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\res]
"CLSID"="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sysimage]
"CLSID"="{76E67A63-06E9-11D2-A840-006008059382}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tv]
@="TV: Pluggable Protocol"
"CLSID"="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vbscript]
"CLSID"="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wia]
@="wia: Asychronous Pluggable Protocol Handler for WIA devices"
"CLSID"="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\mk]
@="NameSpace Filter for MK:@MSITStore:..."

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\mk\*]
"CLSID"="{9D148291-B9C8-11D0-A4CC-0000F80149F6}"

Edited by hawaiianlei, 16 September 2006 - 04:13 PM.

#6
Metallica

Posted 17 September 2006 - 03:13 AM

Spyware Veteran

GeekU Moderator
33,101 posts

Yup. That's the one.

This Festoon is supposedly some software to be used with Skype.
Did you install it knowingly?
And can you remember if something went wrong when you uninstalled it?

Anyway.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Then copy the part in bold below into notepad and save it as Appid.reg
Set Filetype to "all files"

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\Festoon]

Doubleclick that file and confirm you want to merge it with the registry.

Let me know if that solves the problem.

If it doesn't, can you try and make another one of those lists, but then immediately after the error (that is before you click OK on the debug option window)

Regards,

#7
hawaiianlei

Posted 23 September 2006 - 04:14 PM

Member

Topic Starter
Member
74 posts

Yes. i did knowingly install Festoon. I dont think i need it though. Is it a malicious software?
the second part does not work. do you want me to make the list by leaving the error window open and then executing the list of commands (the console tools)? should i look for the PID of explorer.exe again?
or do you want the C:\protocols.txt list?

Edited by hawaiianlei, 23 September 2006 - 04:25 PM.

#8
Metallica

Posted 24 September 2006 - 02:48 AM

Spyware Veteran

GeekU Moderator
33,101 posts

I would like the list made with consoletools for explorer.exe

Festoon is not malware, but it was either not installed completely or not uninstalled properly, so I think it may contribute to or even be the cause of your problem.

#9
hawaiianlei

Posted 24 September 2006 - 10:26 AM

Member

Topic Starter
Member
74 posts

i think ill uninstall it. i doubt i need it.
doesnt work~
and i cant seem to find the explorer.exe under this whole process. I didnt click OK or Cancel, i just left it on the screen and typed the commands. i cant find explorer.exe.

Edited by hawaiianlei, 24 September 2006 - 11:29 AM.

#10
Metallica

Posted 24 September 2006 - 12:51 PM

Spyware Veteran

GeekU Moderator
33,101 posts

It should be there.
Doubleclick "My Computer" to open one extra if you really can't find it.

#11
hawaiianlei

Posted 24 September 2006 - 01:10 PM

Member

Topic Starter
Member
74 posts

actually, i just fixed the problem. a google search of the error at "0x734305be" turned out to be an error from Spyware Guard, although the reason is unknown. i uninstalled it, and everything is fine. Thank You very much for your time spent on this subject! sorry i didnt think of this earlier....thx neways!

Edited by hawaiianlei, 24 September 2006 - 01:12 PM.