Solved AXWIN Frame Window: svchost.exe - Application Error

Are you getting the blue screen of death? I think that you should maybe post the error message in the Windows XP forum now as I do not think that this one is malware related.

 

:re

I'm not getting the blue screen of death.
Ideas?

 

Have you posted in the XP forum? I will look further, but your particular error has been hard to find.

 

can i to post my problem into the xp forum now?

bye

 

Yes please. I have been unable to find anything of help

 

i posted my error in the xp forum ( http://www.windowsbbs.com/windows-x...svchost-exe-application-error.html#post529250 ), broni told me:

 

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

:combofix log

ComboFix 10-09-02.01 - Vincenzo 03/09/2010 13.08.57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1609 [GMT 2:00]
Eseguito da: c:\documents and settings\Vincenzo\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents
c:\windows\system32\msconfig.exe
c:\windows\system32\syswinan.vbs

La copia infetta di c:\windows\system32\drivers\serial.sys è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VMMDriver
-------\Service_VMMDriver


((((((((((((((((((((((((( Files Creati Da 2010-08-03 al 2010-09-03 )))))))))))))))))))))))))))))))))))
.

2010-09-03 11:16 . 2010-09-03 11:16 -------- d-----w- c:\windows\system32\wbem\snmp
2010-09-03 11:16 . 2010-09-03 11:16 -------- d-----w- c:\windows\srchasst
2010-09-03 11:16 . 2010-09-03 11:16 -------- d-----w- c:\windows\system32\xircom
2010-09-03 11:16 . 2010-09-03 11:16 -------- d-----w- c:\programmi\microsoft frontpage
2010-09-02 17:26 . 2010-09-02 17:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-09-02 16:30 . 2010-09-02 16:33 -------- d-----w- c:\documents and settings\Vincenzo\.VirtualBox
2010-09-02 16:28 . 2010-02-12 18:34 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-09-02 16:28 . 2010-02-12 18:34 31824 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2010-09-02 16:28 . 2010-02-12 18:34 41680 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-09-02 16:28 . 2010-09-02 16:28 -------- d-----w- c:\programmi\Sun
2010-08-30 19:56 . 2010-08-30 19:56 -------- d--h--w- c:\windows\PIF
2010-08-28 16:46 . 2010-08-28 16:46 -------- d-----w- C:\_OTL
2010-08-28 14:50 . 2010-08-28 14:50 -------- d-----w- c:\documents and settings\Vincenzo\Dati applicazioni\Malwarebytes
2010-08-28 14:49 . 2010-08-28 14:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-08-28 14:49 . 2010-09-01 16:18 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-28 10:53 . 2010-08-28 10:53 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2010-08-28 10:53 . 2010-08-28 10:53 -------- d-----w- C:\Program Files
2010-08-25 14:55 . 2010-08-25 14:55 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2010-08-23 18:22 . 2010-08-23 18:22 -------- d-----w- c:\programmi\File comuni\Java
2010-08-18 11:00 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-18 09:50 . 2010-08-18 09:50 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-17 15:45 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-17 15:44 . 2010-08-17 15:44 -------- d-----w- c:\documents and settings\Vincenzo\Impostazioni locali\Dati applicazioni\Sunbelt Software
2010-08-17 15:39 . 2010-08-17 15:39 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-17 15:38 . 2010-08-17 15:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-08-17 15:38 . 2010-08-17 15:38 -------- d-----w- c:\programmi\Lavasoft
2010-08-13 15:12 . 2010-08-25 15:28 66 ---h--w- c:\windows\popcreg.dat
2010-08-13 15:00 . 2010-08-25 15:28 43 ----a-w- c:\windows\popcinfot.dat
2010-08-13 14:37 . 2010-08-13 14:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PopCap Games
2010-08-12 14:53 . 1996-07-18 11:06 297472 ----a-w- c:\windows\uninst.exe
2010-08-11 17:48 . 2010-08-11 17:48 -------- d-----w- c:\documents and settings\Vincenzo\Impostazioni locali\Dati applicazioni\Downloaded Installations
2010-08-07 15:05 . 2010-08-07 15:05 -------- d-----w- c:\documents and settings\Vincenzo\Portable HexenII
2010-08-07 10:31 . 2010-08-07 10:32 -------- d-----w- c:\documents and settings\Vincenzo\Impostazioni locali\Dati applicazioni\Hot_MP3
2010-08-07 10:01 . 2010-08-07 10:01 -------- d-----w- c:\programmi\TeaTimer (Spybot - Search & Destroy)
2010-08-07 10:01 . 2010-08-07 10:01 -------- d-----w- c:\programmi\File Scanner Library (Spybot - Search & Destroy)
2010-08-07 10:01 . 2010-08-07 10:01 -------- d-----w- c:\programmi\SDHelper (Spybot - Search & Destroy)
2010-08-07 10:01 . 2010-08-07 10:01 -------- d-----w- c:\programmi\Misc. Support Library (Spybot - Search & Destroy)
2010-08-07 06:52 . 2010-08-13 14:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-04 21:40 . 2010-08-04 21:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-04 19:14 . 2010-08-04 19:14 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 16:07 . 2001-08-31 15:00 79760 ----a-w- c:\windows\system32\perfc010.dat
2010-09-02 16:07 . 2001-08-31 15:00 481042 ----a-w- c:\windows\system32\perfh010.dat
2010-08-28 15:18 . 2010-01-25 18:26 -------- d-----w- c:\programmi\Agile AVI Video Joiner
2010-08-24 17:59 . 2009-10-17 18:45 -------- d-----w- c:\documents and settings\Vincenzo\Dati applicazioni\uTorrent
2010-08-24 17:54 . 2009-10-17 18:46 -------- d-----w- c:\programmi\uTorrent
2010-08-23 18:22 . 2009-10-17 19:30 -------- d-----w- c:\programmi\Java
2010-08-18 10:59 . 2009-10-18 08:16 -------- d-----w- c:\programmi\UlisesSoft
2010-08-17 15:04 . 2010-06-11 07:39 -------- d-----w- c:\programmi\TVlinks
2010-08-17 12:33 . 2009-10-17 18:01 -------- d-----w- c:\programmi\Opera
2010-08-12 05:14 . 2009-10-17 19:34 -------- d-----w- c:\documents and settings\Vincenzo\Dati applicazioni\Thinstall
2010-08-04 21:24 . 2009-11-12 14:11 -------- d-----w- c:\programmi\Save2pc pro 3.5.1
2010-08-04 19:14 . 2010-08-04 19:14 24 ----a-w- c:\windows\system32\config\systemprofile\Dati applicazioni\hmcnor.dat
2010-07-17 03:00 . 2010-04-23 16:33 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 08:56 . 2010-08-17 15:39 2979280 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-02 11:42 . 2009-10-23 14:37 16712 ----a-w- c:\documents and settings\Vincenzo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-07-02 11:14 . 2010-07-02 11:14 72744 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
.

------- Sigcheck -------



[-] 2008-05-04 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

c:\windows\System32\drivers\beep.sys ... è mancante !!
c:\windows\System32\wscntfy.exe ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{de7f8f69-d11f-4b97-9a00-b0e42dfdcc93} "= "c:\programmi\TVlinks\tbTVl1.dll" [2010-08-17 2734688]

[HKEY_CLASSES_ROOT\clsid\{de7f8f69-d11f-4b97-9a00-b0e42dfdcc93}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{de7f8f69-d11f-4b97-9a00-b0e42dfdcc93}]
2010-08-17 15:05 2734688 ----a-w- c:\programmi\TVlinks\tbTVl1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{de7f8f69-d11f-4b97-9a00-b0e42dfdcc93} "= "c:\programmi\TVlinks\tbTVl1.dll" [2010-08-17 2734688]

[HKEY_CLASSES_ROOT\clsid\{de7f8f69-d11f-4b97-9a00-b0e42dfdcc93}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DE7F8F69-D11F-4B97-9A00-B0E42DFDCC93} "= "c:\programmi\TVlinks\tbTVl1.dll" [2010-08-17 2734688]

[HKEY_CLASSES_ROOT\clsid\{de7f8f69-d11f-4b97-9a00-b0e42dfdcc93}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG "= "c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA "= "atiptaxx.exe" [2006-02-22 344064]
"SoundMan "= "SOUNDMAN.EXE" [2006-11-17 577536]
"egui "= "c:\programmi\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched "= "c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2 "= "shell32" [X]
"nltide_3 "= "advpack.dll" [2009-03-08 128512]

c:\documents and settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\
EventManager.lnk - c:\documents and settings\Vincenzo\Documenti\apps\EventManager\EventManager.exe [2009-10-19 599040]
LClock.lnk - c:\documents and settings\Vincenzo\Documenti\apps\Trasformare Xp\Lclock\LC162b\LClock.exe [2009-12-6 65536]
UberIcon Manager.lnk - c:\programmi\UberIcon\UberIcon Manager.exe [2009-11-27 159744]
YzShadow.exe.lnk - c:\documents and settings\Vincenzo\Documenti\apps\Trasformare Xp\yzshdw22\YzShadow.exe [2009-11-27 180224]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Desktop Media.lnk - c:\programmi\Desktop Media\mediadetect.exe [2009-10-18 163840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp "= 1 (0x1)
"ForceClassicControlPanel "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-13 15:14 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 16:04 278016 ----a-w- c:\programmi\IVT Corporation\BlueSoleil\BtTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Programmi\\Opera\\opera.exe "=
"c:\\Programmi\\uTorrent\\uTorrent.exe "=
"c:\\Documents and Settings\\Vincenzo\\Documenti\\apps\\utorrent.exe "=
"c:\\Documents and Settings\\Vincenzo\\Documenti\\apps\\Skype 3.8.0.115 Portable\\Plugin Manager\\skypePM.exe "=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe "=
"c:\\Programmi\\EA GAMES\\Battlefield 2\\BF2.exe "=
"c:\\Documents and Settings\\Vincenzo\\Documenti\\apps\\SkypePortable\\App\\Skype\\Phone\\Skype.exe "=
"c:\\Documents and Settings\\Vincenzo\\Documenti\\apps\\Skype 3.8.0.115 Portable\\Phone\\Skype.exe "=
"c:\\Programmi\\UUSee\\UUSeePlayer.exe "=
"c:\\Documents and Settings\\Vincenzo\\Documenti\\apps\\DreaMule 3.2\\DreaMule.exe "=
"c:\\Documents and Settings\\Vincenzo\\Documenti\\apps\\mIRC Italiano\\mirc.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"46403:TCP "= 46403:TCP:SPF Port 46403 TCP
"46403:UDP "= 46403:UDPorta in uscita
"4662:UDP "= 4662:UDP:SPF Port 4662 UDP
"4662:TCP "= 4662:TCP:SPF Port 4662 TCP
"4663:UDP "= 4663:UDP:SPF Port 4663 UDP
"4663:TCP "= 4663:TCP:SPF Port 4663 TCP
"4664:UDP "= 4664:UDP:SPF Port 4664 UDP
"4664:TCP "= 4664:TCP:SPF Port 4664 TCP
"4665:UDP "= 4665:UDP:SPF Port 4665 UDP
"4665:TCP "= 4665:TCP:SPF Port 4665 TCP
"4666:UDP "= 4666:UDP:SPF Port 4666 UDP
"4666:TCP "= 4666:TCP:SPF Port 4666 TCP
"4667:UDP "= 4667:UDP:SPF Port 4667 UDP
"4667:TCP "= 4667:TCP:SPF Port 4667 TCP
"4668:UDP "= 4668:UDP:SPF Port 4668 UDP
"4668:TCP "= 4668:TCP:SPF Port 4668 TCP
"4669:UDP "= 4669:UDP:SPF Port 4669 UDP
"4669:TCP "= 4669:TCP:SPF Port 4669 TCP
"4670:UDP "= 4670:UDP:SPF Port 4670 UDP
"4670:TCP "= 4670:TCP:SPF Port 4670 TCP
"4671:UDP "= 4671:UDP:SPF Port 4671 UDP
"4671:TCP "= 4671:TCP:SPF Port 4671 TCP
"4672:UDP "= 4672:UDP:SPF Port 4672 UDP
"4672:TCP "= 4672:TCP:SPF Port 4672 TCP

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [21/01/2008 19.28.04 20744]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/08/2010 17.45.34 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15.47.14 107256]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [02/09/2010 18.28.23 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [02/09/2010 18.28.15 41680]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [08/01/2010 0.51.02 380928]
R2 BsMobileCS;BsMobileCS;c:\programmi\IVT Corporation\BlueSoleil\BsMobileCS.exe [27/02/2009 17.40.48 143467]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET Smart Security\ekrn.exe [14/05/2009 15.47.54 731840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 10.55.38 1355416]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17/06/2009 15.02.46 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [21/01/2008 19.28.08 26248]
R3 TTTvTune;Cinergy 400 TV Tuner;c:\windows\system32\drivers\PhTvTune.sys [15/03/2010 22.11.40 16128]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/02/2010 20.34.58 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/02/2010 20.34.58 110096]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programmi\Lavasoft\Ad-Aware\kernexplorer.sys [18/08/2010 11.50.31 15008]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [02/09/2010 18.28.20 31824]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/01/2010 19.39.13 611064]
.
Contenuto della cartella 'Scheduled Tasks'

2010-09-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 09:50]

2010-09-03 c:\windows\Tasks\User_Feed_Synchronization-{86246C64-CD55-448A-A092-B031C131E1A9}.job
- c:\windows\system32\msfeedssync.exe [2008-05-04 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2420539
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Invia tramite Bluetooth - c:\programmi\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Invia usando Messaggio(&M)... - c:\programmi\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: Scarica con Mipony - file://c:\documents and settings\Vincenzo\Desktop\Mipony-Installer\Browser\IEContext.htm
TCP: {BC30DBFF-02EE-4EDE-B2A2-18A349CE0C9D} = 172.16.1.131,172.16.1.132
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
FF - ProfilePath - c:\documents and settings\Vincenzo\Dati applicazioni\Mozilla\Firefox\Profiles\8chtt890.default\
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\programmi\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Veetle\Player\npvlc.dll
FF - plugin: c:\programmi\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programmi\Veetle\VLCBroadcast\npvbp.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-SearchSettings - c:\programmi\pdfforge Toolbar\SearchSettings.exe
ActiveSetup-{5C240589-711B-0CB8-073B-9AA5122C2F9C} - c:\programmi\winlog.exe\sploov.exe
AddRemove-mIRC - c:\documents and settings\Vincenzo\Desktop\mIRC Explorer 1.5\mirc.exe
AddRemove-Nero9.4.26.0 Lite - c:\windows\Nero\uninstall.exe
AddRemove-XPv3.8.252 - c:\windows\Radeon Omega Drivers v3.8.252



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 13:17
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir "= "c:\\Documents and Settings\\All Users\\Dati applicazioni\\ESET\\ESET Smart Security\\ "
"DataDir "= "ESET\\ESET Smart Security\\ "
"EditionName "= "BUSINESS EDITION "
"InstallDir "= "c:\\Programmi\\ESET\\ESET Smart Security\\ "
"LanguageId "=dword:00000409
"PackageTag "=dword:6090e758
"ProductBase "=dword:00000001
"ProductCode "= "{71CBF9BB-7E07-4A9D-BF30-84C11810B242} "
"ProductName "= "ESET Smart Security "
"ProductType "= "essbe "
"ProductVersion "= "4.0.437.0 "
"UniqueId "= "000AF4CF4ADACE9A "
"ScannerBuild "=dword:00001b5d
"ScannerVersionId "=dword:000013c3
"ScannerVersion "= "Open window for status. "
"FixId "=dword:00000007
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(2024)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\documents and settings\Vincenzo\Documenti\apps\Trasformare Xp\yzshdw22\YzShadow.dll
c:\programmi\UberIcon\UberIcon.dll
c:\documents and settings\Vincenzo\Documenti\apps\Trasformare Xp\Lclock\LC162b\LC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\windows\SOUNDMAN.EXE
c:\programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Ora fine scansione: 2010-09-03 13:21:51 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-09-03 11:21

Pre-Run: 86.051.717.120 byte disponibili
Post-Run: 85.964.152.832 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 984AA9443DAF50F45CA0431BFECAB480

 

How are things at the moment?

Translation required please: è mancante

==

Do you have your XP installation disc?

 

I have to use some days to test completely my pc.

translation:
è mancante = is missing

==

yes, i have my xp installation disc

 

Go to Start | Run and type in sfc /scannow and hit the Ok button. Insert your CD if/when requested.

Keep us updated.

 

hello, I discovered that my XP Pro CD is full of scratches and no longer works.
I tried the pc for a few days and the error has not been seen.
I keep it always under control
I'll tell you if the error displays again

 

No worries. Give it a couple of days and then post back please.

 

After some days to test my pc, i think that the problem is solved, because the error message didn't appair.
thanks for your help!

 

No worries

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.