1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

HELP! My Computer/Files not opening!

Discussion in 'Malware and Virus Removal Archive' started by davidwlay, 2007/12/13.

  1. 2007/12/13
    davidwlay

    davidwlay Inactive Thread Starter

    Joined:
    2007/12/13
    Messages:
    2
    Likes Received:
    0
    Help! I have a problem with Windows XP. Nothing obvious has changed about my computer/internet usage (just peer-to-peer, browsing, no recent installations) but suddenly I'm unable to open My Ccomputer, My Documents, basically no folders will open without prompting a Windows Explorer error message, occasionally Dr Watson Debugger too. More or less the same symptoms as this thread.... http://www.windowsbbs.com/showthread.php?t=59518

    The internet is still working largely okay. I have no idea how to get around this problem! Any help would be very very very much appreciated.

    My hijackthis log is as follows....

    Logfile of HijackThis v1.99.1
    Scan saved at 23:55:48, on 13/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\DOCUME~1\a\LOCALS~1\Temp\Temporary Directory 3 for hijackthis_199[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193938417811
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{081B447F-BCB2-40AA-A29D-6AE1183120A2}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1C22B45F-9795-4525-87C4-A7A7D4CD2650}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{24C520DF-6242-4A30-9E21-4DCAFAB663B1}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{34637A92-9A0B-4987-9958-07B819C71D7D}: NameServer = 85.255.116.148 85.255.112.10
    O17 - HKLM\System\CCS\Services\Tcpip\..\{51ACA6A0-4F97-4EAB-8DF2-6E97DC1217C2}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{081B447F-BCB2-40AA-A29D-6AE1183120A2}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\..\{081B447F-BCB2-40AA-A29D-6AE1183120A2}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
     
    davidwlay,
    #1
  2. 2007/12/13
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS davidwlay :)

    We need to get a better look at things. First, you need to get an updated version of HijackThis. Please download the HijackThis Installer from here, then run a scan and save the log. Close the log for now.

    Next, download Deckard's System Scanner (dss.exe) and save it to your desktop.
    • Close all applications and windows.
    • Double click on dss.exe to run it and follow the prompts.
    • When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
    Post the contents of main.txt only for now.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2007/12/14
    davidwlay

    davidwlay Inactive Thread Starter

    Joined:
    2007/12/13
    Messages:
    2
    Likes Received:
    0
    thank you for the welcome!

    Have followed those steps and this is the contents of main.txt from Deckards System Scan;

    Deckard's System Scanner v20071014.68
    Run by a on 2007-12-14 18:10:34
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Total Physical Memory: 496 MiB (512 MiB recommended).


    -- HijackThis (run as a.exe) ---------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:10:40, on 14/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\a\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\a.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193938417811
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{081B447F-BCB2-40AA-A29D-6AE1183120A2}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1C22B45F-9795-4525-87C4-A7A7D4CD2650}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{24C520DF-6242-4A30-9E21-4DCAFAB663B1}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{34637A92-9A0B-4987-9958-07B819C71D7D}: NameServer = 85.255.116.148 85.255.112.10
    O17 - HKLM\System\CCS\Services\Tcpip\..\{51ACA6A0-4F97-4EAB-8DF2-6E97DC1217C2}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{081B447F-BCB2-40AA-A29D-6AE1183120A2}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\..\{081B447F-BCB2-40AA-A29D-6AE1183120A2}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 6147 bytes

    -- Files created between 2007-11-14 and 2007-12-14 -----------------------------

    2007-12-14 18:08:51 0 d-------- C:\Program Files\Trend Micro
    2007-12-13 22:24:13 92672 --a------ C:\WINDOWS\system32\KillBox.exe <Not Verified; Option; Explicit Software vbtechcd@gmail.com>
    2007-12-13 22:24:05 0 d-------- C:\!KillBox
    2007-12-12 18:50:59 0 d-------- C:\Program Files\Lavasoft
    2007-12-12 18:50:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-12 18:48:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-12-12 18:47:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-07 14:15:04 4456448 --a------ C:\Documents and Settings\a\ntuser.dat
    2007-12-04 19:52:29 0 d-------- C:\Program Files\NCH Software
    2007-12-03 23:18:57 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2007-12-03 23:18:42 0 d-------- C:\Program Files\NCH Swift Sound
    2007-12-03 23:18:42 0 d-------- C:\Documents and Settings\a\Application Data\NCH Swift Sound
    2007-12-03 21:25:54 0 d-------- C:\Program Files\Soulseek-Test
    2007-11-30 18:43:59 0 d-------- C:\Documents and Settings\a\Application Data\Apple Computer
    2007-11-30 18:43:09 0 d-------- C:\Program Files\iPod
    2007-11-30 18:42:55 0 d-------- C:\Program Files\iTunes
    2007-11-30 18:40:28 0 d-------- C:\Program Files\QuickTime
    2007-11-30 18:40:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-30 18:38:50 0 d-------- C:\Program Files\Apple Software Update
    2007-11-30 18:38:08 0 d-------- C:\Program Files\Common Files\Apple
    2007-11-30 18:38:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-11-26 18:35:41 0 d--h----- C:\WINDOWS\PIF


    -- Find3M Report ---------------------------------------------------------------

    2007-12-14 17:43:02 0 d-------- C:\Documents and Settings\a\Application Data\AVG7
    2007-12-12 18:48:49 0 d-------- C:\Program Files\Common Files
    2007-12-03 21:25:13 0 d-------- C:\Program Files\Soulseek
    2007-11-30 23:01:38 0 d-------- C:\Documents and Settings\a\Application Data\Macromedia
    2007-11-24 19:15:26 0 d-------- C:\Program Files\Championship Manager 01-02
    2007-11-05 09:07:02 0 d-------- C:\Documents and Settings\a\Application Data\Adobe
    2007-11-05 08:50:28 0 d-------- C:\Program Files\Common Files\Adobe
    2007-11-02 03:09:18 0 d-------- C:\Program Files\Messenger
    2007-10-31 23:36:20 0 d-------- C:\Program Files\True Sword 4
    2007-10-31 23:27:40 0 d-------- C:\Documents and Settings\a\Application Data\True Sword
    2007-10-27 16:49:18 0 d-------- C:\Program Files\Common Files\snpstd3
    2007-10-27 16:48:42 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-27 16:47:52 0 d-------- C:\Documents and Settings\a\Application Data\InstallShield
    2007-10-24 21:38:03 0 d-------- C:\Program Files\Scanitto
    2007-10-24 21:24:48 0 d-------- C:\Program Files\Dl_cats
    2007-10-24 21:19:15 0 d-------- C:\Program Files\Dell Photo AIO Printer 922
    2007-10-24 21:19:13 0 d-------- C:\Program Files\Common Files\Roxio Shared
    2007-10-24 21:19:07 0 d-------- C:\Program Files\Roxio
    2007-10-24 21:19:02 0 d-------- C:\Program Files\directx
    2007-10-24 21:18:49 57344 --a------ C:\WINDOWS\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
    2007-10-24 21:18:49 0 d-------- C:\Program Files\Common Files\Adaptec Shared
    2007-10-24 21:16:08 0 d-------- C:\Program Files\V3835 Digital Camera
    2007-10-23 18:52:18 0 d-------- C:\Program Files\MSN Messenger
    2007-10-16 17:20:21 0 d-------- C:\Program Files\Thomson
    2007-10-02 13:59:08 62 --ahs---- C:\Documents and Settings\a\Application Data\desktop.ini
    2007-10-02 13:36:45 0 --a------ C:\WINDOWS\nsreg.dat
    2007-10-02 13:13:59 0 -rahs---- C:\MSDOS.SYS
    2007-10-02 13:13:59 0 -rahs---- C:\IO.SYS
    2007-10-02 13:13:59 0 --a------ C:\CONFIG.SYS
    2007-10-02 13:13:59 0 --a------ C:\AUTOEXEC.BAT
    2007-10-02 13:09:37 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [23/10/2007 16:24]
    "ATIModeChange "= "Ati2mdxx.exe" [04/09/2001 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [07/11/2002 20:00]
    "SpeedTouch USB Diagnostics "= "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 10:38]
    "DLBTCATS "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [09/11/2004 16:41]
    "tsnpstd3 "= "C:\WINDOWS\tsnpstd3.exe" [29/11/2006 15:28]
    "snpstd3 "= "C:\WINDOWS\vsnpstd3.exe" [18/09/2006 13:12]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [14/11/2007 23:43]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 13:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 12:00]
    "MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54]
    "SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "




    -- End of Deckard's System Scanner: finished at 2007-12-14 18:11:02 ------------
     
    davidwlay,
    #3
  5. 2007/12/15
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Click Start>Run and type eventvwr.msc then hit enter to open the Event Viewer console. Select Application in the left column, then look for errors in the right pane. Double click any entry to view the event properties. Look for explorer.exe related entries and when found, click the button below the up/down arrows on the properties dialog (the button with the paper icon) to copy it to the clipboard. Clipboard contents can then be pasted into a reply here or into notepad for saving.

    I'd also like to see the extra.txt log created by the Deckard's scan. It will be located in a folder within the C:\Deckard folder.
     
    noahdfear,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...