Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows explorer errors

Started by Scorpion , Jun 12 2005 10:21 PM

  • Please log in to reply

#1
Scorpion
Posted 12 June 2005 - 10:21 PM

Scorpion

    New Member

  • Member
  • Pip
  • 1 posts
Hey guys. I'm having a serious problem and after some searching I've come here for help. I'll try to be as precise as possible, but I hope I don't confuse anyone. I'm kind of desperate.

I was using my computer last night for the first time in a month. While I was browsing my DESKTOP was hijacked and changed into some sort of an add for a virus scanner, and the scanner was automatically installed into my computer. I deleted the scanner and restarted.

Since I restarted I am CONSTANTLY getting this Windows Explorer error. As soon as I close it (I'm tired of sending error reports) it pops up again after a few seconds when the task bar reappears. It never stops!

When I search error details it ends up being in my C:\Documents and Settings\Local Settings\Temp\b577_appcompat.txt. The b577 changes for each error but it's always appcompat.txt. Here is what this file looks like:

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
<MATCHING_FILE NAME="advapi32.dll" SIZE="616960" CHECKSUM="0x8E9BCF02" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Advanced Windows 32 Base API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA0DE4" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:23" UPTO_LINK_DATE="08/04/2004 07:56:23" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="gdi32.dll" SIZE="278016" CHECKSUM="0xA35EEC2E" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4B007" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:07" UPTO_LINK_DATE="08/04/2004 07:56:07" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="kernel32.dll" SIZE="983552" CHECKSUM="0x4CE79457" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFF848" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ntdll.dll" SIZE="708096" CHECKSUM="0x9D20568" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xAF2F7" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ole32.dll" SIZE="1285120" CHECKSUM="0xA29DCAB3" BIN_FILE_VERSION="5.1.2600.2595" BIN_PRODUCT_VERSION="5.1.2600.2595" PRODUCT_VERSION="5.1.2600.2595" FILE_DESCRIPTION="Microsoft OLE for Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2595 (xpsp_sp2_gdr.041130-1729)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1432C6" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2595" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2595" LINK_DATE="01/14/2005 08:55:50" UPTO_LINK_DATE="01/14/2005 08:55:50" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="oleaut32.dll" SIZE="553472" CHECKSUM="0x4155D7D" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" COMPANY_NAME="Microsoft Corporation" FILE_VERSION="5.1.2600.2180" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-2001." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x96957" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:57:39" UPTO_LINK_DATE="08/04/2004 07:57:39" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="shell32.dll" SIZE="8450048" CHECKSUM="0x14032CBF" BIN_FILE_VERSION="6.0.2900.2620" BIN_PRODUCT_VERSION="6.0.2900.2620" PRODUCT_VERSION="6.00.2900.2620" FILE_DESCRIPTION="Windows Shell Common Dll" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x818971" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2620" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2620" LINK_DATE="02/28/2005 23:11:17" UPTO_LINK_DATE="02/28/2005 23:11:17" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="user32.dll" SIZE="577024" CHECKSUM="0xE2FA2429" BIN_FILE_VERSION="5.1.2600.2622" BIN_PRODUCT_VERSION="5.1.2600.2622" PRODUCT_VERSION="5.1.2600.2622" FILE_DESCRIPTION="Windows XP USER API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9505C" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2622" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2622" LINK_DATE="03/02/2005 18:09:29" UPTO_LINK_DATE="03/02/2005 18:09:29" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="wininet.dll" SIZE="656896" CHECKSUM="0x9483A592" BIN_FILE_VERSION="6.0.2900.2627" BIN_PRODUCT_VERSION="6.0.2900.2627" PRODUCT_VERSION="6.00.2900.2627" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA0F6A" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2627" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2627" LINK_DATE="03/10/2005 08:02:35" UPTO_LINK_DATE="03/10/2005 08:02:35" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows™ Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>

Sometimes but not always when I close this error, I get another error from Dr. Watson Post Mortem Debugger. But I only get that sometimes.

I've ran tons of programs. Ad-Aware found only a couple tracking cookies. CWS Shredder finds nothing. CleanUp! constantly tries to delete the same files in my Temporary Internet Files folder although it can't. AboutBuster constantly tries to delete plustab.dll in my system32 folder but fails each time. Trendmicro housecall found a couple trojans but the problem still persists after reboot. Pandasoftware scan freezes while scanning index.dat in my Temporary Internet Files folder.

And finally, my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 12:16:00 AM, on 6/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Michael Panzarella\Desktop\HijackThis.exe
C:\WINDOWS\system32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: Yahoo SBC.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096695340181
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D797F8F-B362-4729-B5F0-14C82ABC3741}: NameServer = 66.73.20.40 206.141.193.55
O20 - Winlogon Notify: style2 - C:\WINDOWS\q7299195_disk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

Please help, I'm running out of options...and hair!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP