[Travylad]

Hello guys and girls,

In the past hour or so, i've been unable to access the "My Documents" icon on my desktop. Firstly let me tell you the problem as best as I can:

When clicking on the My Documents icon the usual windows error message appears with the main message being "Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." Upon clicking "Don't Send" a second message appears this time with the message "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience" - again I click "Don't Send" and now pretty much everything has locked up.

I can't click on any icons to bring them up or bring anything up from my taskbar. To be able to start anything I have to go to task manager and shut down the drwtsn32.exe process, (actually i've just noticed that there are 2 drwtsn32.exe processes on there for me to close down, but when I close one both of them disappear and everything is ok.)


Now I have had a look round here for some of the same problems with other users that have previously been resolved (i got rid of the K-Lite codecs program) but I can't seem to solve it.

As a sidenote the My Documents icon acceses my (D:) drive partition, my windows folder is infact on the (C:) drive. Not sure if it makes any difference just thought i'd pass that bit of info on for you.

Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:25, on 08/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\aawservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRA~1\AVG\avgcc.exe
C:\WINDOWS\VM_STI.EXE
D:\Program Files\RFA\rfagent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\avgamsvr.exe
D:\PROGRA~1\AVG\avgupsvc.exe
D:\PROGRA~1\AVG\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera
O4 - HKLM\..\Run: [rfagent] "D:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\AVG\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CA6D45E-576B-4918-93F3-75E49F73FD85}: NameServer = 192.168.0.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\AVG\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

------------------------------------------------

Any help at all would be gratefully appreciated. I think it's brilliant what alot of you dedicated members do for us computer minions!

Thanks in advance,

Travis

[greyknight17]

Welcome to GTG.

This is most likely not malware related. The below should fix the problem:

Go to My Computer->Tools->Folder Option->View and check 'Show hidden files and folders' and uncheck 'Hide protected operating system files'. Go to your c: drive. Right click on the boot.ini file and go to Properties. Uncheck the box that says Read-only and click OK. Then double click on the boot.ini file to open it. Change the line that says /NoExecute=OptIn and change it to /NoExecute=AlwaysOff. Now save the file and close it.

[Travylad]

Hi Greyknight,

thank you for the warm welcome.

I've just done this now and rebooted, and sadly, the problem still persists.

I changed everything you told me to, apart from unchecking the "read-only" option in the boot.ini file. That's because it was already unchecked.

Regards,

Travis

[greyknight17]

Try the following also to see if they help:

Right click My Computer and select Properties. Go to Advanced tab->Startup and Recovery and click Settings. Click the drop-down box next to 'Write debugging information' and select none.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Go back to the Registry Editor and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\AeDebug. Double click on 'Auto' (in the right pane) and modify the value to 0.

[Travylad]

Hi Greyknight,

Just done that and rebooted, now I still can't get into the "My Documents" folder. However it doesn't lock my PC up as it used too. What happens now is the "windows has encountered and error screen" pops up, I click don't send and then I can carry on as normal - whereas before the "Dr Watson has encountered an error" screen popped up and locked my machine.

So it seems as though we are getting there.

Travis.

[greyknight17]

This is a workaround that should alleviate those error message box. Right click on My Computer and go to Properties. Then go to the Advanced tab and click on the Error Reporting button. Click on Disable Error Reporting and click OK twice. That should do it.

Let's see if the following can pick up anything:

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

[Travylad]

Hi Greyknight,

Once again thank you for the reply. Ok so i've ran those two programs and here are the logs.

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.30
Database version: 1380
Windows 5.1.2600 Service Pack 2

10/11/2008 20:34:13
mbam-log-2008-11-10 (20-34-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 73232
Time elapsed: 12 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------------------------------------------

Combo Fix Log:

ComboFix 08-11-09.04 - Travis 2008-11-10 20:38:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1414 [GMT 0:00]
Running from: c:\documents and settings\Travis\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-10 20:20 . 2008-11-10 20:20 <DIR> d-------- c:\documents and settings\Travis\Application Data\Malwarebytes
2008-11-10 20:20 . 2008-11-10 20:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-10 20:20 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-10 20:20 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-08 16:23 . 2008-11-08 16:39 <DIR> d-------- c:\program files\Yahoo!
2008-11-08 16:16 . 2008-11-09 01:47 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 16:01 . 2008-11-09 01:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\RFA_Backups
2008-11-08 15:37 . 2008-11-08 15:37 <DIR> d-------- c:\documents and settings\Travis\Application Data\Nokia N95
2008-10-21 18:22 . 2008-10-21 18:22 <DIR> d-------- c:\windows\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 08:00 --------- d-----w c:\documents and settings\Travis\Application Data\AVG7
2008-11-08 16:23 --------- d-----w c:\documents and settings\Travis\Application Data\uTorrent
2008-11-03 00:40 --------- d-----w c:\documents and settings\Travis\Application Data\LimeWire
2008-11-02 18:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-08 17:50 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-10-08 17:50 --------- d-----w c:\documents and settings\Travis\Application Data\Atari
2008-10-08 17:47 --------- d-----w c:\documents and settings\Travis\Application Data\Leadertech
2008-10-08 17:42 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-08 17:42 --------- d-----w c:\documents and settings\Travis\Application Data\DAEMON Tools
2008-10-02 20:38 --------- d-----w c:\program files\DivX
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-08-20 05:38 659,456 ----a-w c:\windows\system32\wininet.dll
2008-08-14 09:58 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:22 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"AVG7_CC"="d:\progra~1\AVG\avgcc.exe" [2008-10-17 590848]
"rfagent"="d:\program files\RFA\rfagent.exe" [2007-11-19 916800]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"AVG7_Run"="d:\progra~1\AVG\avgw.exe" [2008-02-17 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 14:37 40960 c:\windows\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 d:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 14:18 267048 d:\program files\Itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2006-11-28 00:12 2658304 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 15:21 1449984 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-06-16 09:52 167936 d:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 02:42 144784 c:\program files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-03-26 15:14 16859136 c:\windows\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\AVG\\avginet.exe"=
"d:\\Program Files\\AVG\\avgamsvr.exe"=
"d:\\Program Files\\AVG\\avgcc.exe"=
"d:\\Program Files\\AVG\\avgemc.exe"=
"d:\\Program Files\\Itunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\U-ABIT\\FlashMenu\\flashmenu.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"d:\\Program Files\\SopCast\\SopCast.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"990:TCP"= 990:TCP:990in
"999:TCP"= 999:TCP:999in
"5678:TCP"= 5678:TCP:5678in
"5679:UDP"= 5679:UDP:5679out
"5721:TCP"= 5721:TCP:5721in
"6881:TCP"= 6881:TCP:BTtorrent

R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2008-06-11 2368]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]
S3 Memctl;Memctl;c:\program files\U-ABIT\FlashMenu\Memctl.sys [2006-04-18 4047]

*Newly Created Service* - MBAMSWISSARMY
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Travis\Application Data\Mozilla\Firefox\Profiles\dol4hpu3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.co.uk
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - d:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF -: plugin - d:\program files\Itunes\Mozilla Plugins\npitunes.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npdivx32.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF -: plugin - d:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\NPSWF32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 20:39:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-10 20:39:23
ComboFix-quarantined-files.txt 2008-11-10 20:39:20

Pre-Run: 31,216,361,472 bytes free
Post-Run: 31,275,761,664 bytes free

157 --- E O F --- 2008-10-25 02:00:29


----------------------------------------------------------------------------------------------------------------

Thank you once again

Travis.

[greyknight17]

Yep, didn't expect to see much. It's clean here.

You can try the workaround to see how well it works. Otherwise, post this in the Windows forum. The staff over there has probably seen this error before and hopefully has a better fix. The ones I provided usually fixes this issue, but I guess it's not 100% in all cases.

[Travylad]

Hi again GreyKnight,

Yeah I mean I have snooped around here and seen some posts on decent freeware to install against infections (i've got 4 or 5 programs overall that you recommend) - so I guess it's good to know it works.

That workaround just ends up giving me an "explorer.exe - Application error" then the usual 0x7432e0 referenced memory at 0x000000000 memory could not be read - not exactly those numbers and letters but you get the jist.

I have ok to terminate - click and the screen closes
cancel to debug - comes up with a drwtsn32.exe application error, close that and the screen refreshes.


Ok i'll pass it over to that side,

Cheers for all the help

Travis.

[greyknight17]

Go to Start->Run, copy/paste in combofix /u and hit OK to remove it.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Sorry I couldn't help out more in this case.

[greyknight17]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.