# Windows Explorer Not Responding



## db301 (Mar 28, 2007)

Hello, the forum search function is not working, otherwise I would be searching for this common problem in the forum.

I have an older pc running Windows XP Pro, Version 2002, SP3.

My problem is that at least once a day windows explorer stops responding and freezes a folder. Given enough wait time, it will unfreeze and begin responding again. It is not specific to one folder. The folders that freeze don't have thousands of pictures, often 20 or less.

Another problem that I believe is related, is that thumbnail picture previews are slow to load, don't load at all, or a group of pics will load thumbnail previews for half the folder, then stop, or randomly have previews among a group of pictures.

If I add pictures to a powerpoint presentation, the pop up box will be slow or not load the thumbnail pictures. Sometimes powerpoint will freeze. Given enough wait time, it will unfreeze and respond again. I believe this is all related to windows explorer though. Other activities with Powerpoint not related to importing pictures and viewing thumbnails do not result in freezing of Powerpoint.

This has NOT happened because I downloaded something recently, or added a recent program. It started happening shortly after the last re-install of Windows XP and all the updates. But it's not like I can say it happened because of it or anything in particular that I could uninstall or go back to a restore point. 

I am at my patience end with this problem. Everyday I google search for ideas and help on this apparently common issue. Nothing so far has fixed the problem. Here's what I've done or tried:

-changed hardware acceleration settings, including lowering it as far as possible.
-unchecked the "cache thumbnails" box in the control panel folder settings.
-checked the "cache thumbnails" box.
-all my pictures are set up to open in MS Photo Editor (3.01)
-I recently this spring did a fresh reinstall of my Windows XP, to hopefully correct this problem. Didn't work.
-downloaded and installed ShellExView 1.37 and turned off all shell extensions except Microsoft ones.
-I use Norton 2009, Adaware, Spybot and Zonealarm firewall. All are up to date, and the first three are run weekly. I believe my system is clean.
-tried creating new folders and moving new pictures and / or old pictures to a new folder, maybe the old folder was corrupt in some way. 
-defrag (done weekly)
-there is a file in C drive that I read is some kind of thumbnail cache and if it gets too big, it can slow thumbnail loading down. I deleted it, so that the system could recreate it and it would be smaller (apologies for not knowing exactly what file)
-I am not one to modify the registry on my own, unless someone can help me through it. So I haven't done any changes like that.

Any help or suggestions would be greatly appreciated.

Thanks...

Don



-


----------



## Phantom010 (Mar 9, 2009)

Try increasing your icon cache.

Click on Start, Run and type regedit.

Navigate to

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Explorer

In the right hand pane, look for the value named Max Cached Icons.

The value of the key is probably set to 500 by default. To change the value, double click it. You'll then see the Edit String screen. Enter a value of 2000 in the Value Data field and click OK.

Reboot.

If no luck,

Please click *here* to download and install the *HijackThis installer*.​
Run it and select *Do a system scan and save a logfile*.

The log will be saved in Notepad. Copy and paste the log in your next post.

*Do not fix anything*​


----------



## abcdjzmcbt (Nov 1, 2004)

It sounds like failing hardware. If you did a full clean XP reinstall and you have that same issue then that's probably what it is. I would backup all your data then run a hard drive test and memory test. Also the next time the issue happens look at your watch and note the time, then go to event viewer and see what system or application messages happen around that time.

If nothing works you can try TweakUI to change the image quality and even the pixel size of the thumbnails. I'm not sure if this is the same thing as Phantom's suggestion but try his first. But I do know this worked perfectly on my computer and I didn't even notice any quality reduction, just a speed boost. Anyway, its a Microsoft tool so you can trust it. When inside, go to Explorer>>Thumbnails and lower the image quality.

http://download.cnet.com/Tweak-UI/3000-2072_4-10002117.html

You may want to blow out your case with a can of compressed air to make sure your vid card fan or cpu fan isn't blocked by any junk and overheating. Btw, what is your computer specs?


----------



## db301 (Mar 28, 2007)

Thanks for the reply. I should have mentioned that some things I'm not too quick to understand. While I followed your instructions and navigated to the explorer folder, the only 2 things that are in the right pane are:

(default) REG_SZ (value not set)
IconUnderline REG_NONE 03 00 00 00

Since they didn't match Max Cached Icons, I did not change anything.

Am I in the wrong place?



Phantom010 said:


> Try increasing your icon cache.
> 
> Click on Start, Run and type regedit.
> 
> ...


----------



## db301 (Mar 28, 2007)

Thanks for the reply. You could be correct, my machine is somewhat old. However, I was surprised to hear on a Google search that so many people were having the exact same issue as me. I just haven't been able to find the answer yet.

I did do a type of hardware test some time ago, took many overnight hours. It booted from a floppy disk so that was an old program too but everything checked out good.

I do routinely use low pressure compressed air to clean out the case as well. I use a grounding wrist strap to prevent static and hold the fans with a finger so they won't overspeed when I blow the dust off. Clean the cooling fins on the boards of dust as well, several times a year. The main case is also on a table and not on the floor with plenty of ventilation around it.

I did download tweakUI, and will try your suggestion.

I clicked properties on my computer and it says Intel Pentium 4, 2.50 ghz, ram 512 mb, 160gb hard drive.



abcdjzmcbt said:


> It sounds like failing hardware. If you did a full clean XP reinstall and you have that same issue then that's probably what it is. I would backup all your data then run a hard drive test and memory test. Also the next time the issue happens look at your watch and note the time, then go to event viewer and see what system or application messages happen around that time.
> 
> If nothing works you can try TweakUI to change the image quality and even the pixel size of the thumbnails. I'm not sure if this is the same thing as Phantom's suggestion but try his first. But I do know this worked perfectly on my computer and I didn't even notice any quality reduction, just a speed boost. Anyway, its a Microsoft tool so you can trust it. When inside, go to Explorer>>Thumbnails and lower the image quality.
> 
> ...


----------



## db301 (Mar 28, 2007)

Whoops! I thought I remembered that I already changed thumbnail quailty settings somewhere! Apparently I already have tweakui, and the thumbnail settings are as low as possible, 96 pixels also.



db301 said:


> Thanks for the reply. You could be correct, my machine is somewhat old. However, I was surprised to hear on a Google search that so many people were having the exact same issue as me. I just haven't been able to find the answer yet.
> 
> I did do a type of hardware test some time ago, took many overnight hours. It booted from a floppy disk so that was an old program too but everything checked out good.
> 
> ...


----------



## db301 (Mar 28, 2007)

Phantom010 said:


> [/FONT][/COLOR]The log will be saved in Notepad. Copy and paste the log in your next post.
> 
> *Do not fix anything*[/LEFT][/LEFT]


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:21 PM, on 7/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5151 bytes


----------



## Megabite (Apr 5, 2008)

Have you defragged lately?

Also you memory is a bit low at 512MB..you could try getting another 512MB...Norton is a resource hog too.

You can also try a scan with Malwarebytes HERE....download the blue free version to your desktop, install it and update it a do a scan


----------



## Phantom010 (Mar 9, 2009)

Before trying anymore suggestions, I must point out that your computer seems to be infected. It may not be the cause for your computer's behavior but by clearing your computer of malware, we'll be able to determine if it was the culprit or not.

A HijackThis log *F2* entry is displayed when there is a value that is not considered safe in the registry key.

Therefore, you should start a new thread in the *Malware Removal* forum.


----------



## db301 (Mar 28, 2007)

As stated, defrag is done weekly.

I did a scan with Malwarebytes and found 3 things, and removed them and rebooted.



Megabite said:


> Have you defragged lately?
> 
> Also you memory is a bit low at 512MB..you could try getting another 512MB...Norton is a resource hog too.
> 
> You can also try a scan with Malwarebytes HERE....download the blue free version to your desktop, install it and update it a do a scan


----------



## abcdjzmcbt (Nov 1, 2004)

What about the event viewer? It usually points to a process or even hardware component around the time of freezing. 

Right click my computer
Click manage
Click event viewer
Check out the system part
If nothing is there check out the application part


----------



## Phantom010 (Mar 9, 2009)

Could you please post another HijackThis log?


----------



## Cookiegal (Aug 27, 2003)

The F2 entry is only showing because the format is a bit off but otherwise, it's fine. We can easily fix that.

Please post the scan log from MalwareBytes showing what it detected along with the next HijackThis log already asked for.


----------



## db301 (Mar 28, 2007)

*Results and actions from Malewarebytes scan.*

Malwarebytes' Anti-Malware 1.39
Database version: 2453
Windows 5.1.2600 Service Pack 3

7/18/2009 2:33:21 AM
mbam-log-2009-07-18 (02-33-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 180611
Time elapsed: 1 hour(s), 11 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\SelectRebates (Adware.SelectRebates) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

*
Scan results after 3 items were removed:*

Malwarebytes' Anti-Malware 1.39
Database version: 2453
Windows 5.1.2600 Service Pack 3

7/18/2009 10:30:34 AM
mbam-log-2009-07-18 (10-30-34).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 180558
Time elapsed: 1 hour(s), 15 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*Latest hijakthis scan:*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:33 PM, on 7/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5157 bytes


----------



## Phantom010 (Mar 9, 2009)

db301 said:


> Thanks for the reply. I should have mentioned that some things I'm not too quick to understand. While I followed your instructions and navigated to the explorer folder, the only 2 things that are in the right pane are:
> 
> (default) REG_SZ (value not set)
> IconUnderline REG_NONE 03 00 00 00
> ...


If the value doesn't exist, you'll need to add it. Select New > String Value from the Edit menu. The new value will appear in the right pane, prompting you for a value name. Type _Max Cached Icons_ and press [Enter]. Make sure you separate each word with a space. The proper value is Max Cached Icons, not MaxCachedIcons.

Double-click the new value. You'll then see the Edit String screen. Enter a value of 2000 in the Value Data field and click OK.


----------



## db301 (Mar 28, 2007)

Done successfully. Windows Explorer crashed when I went to reboot. "Windows Explorer has encountered a problem and needs to close", something like that. But, that's typical of the way it runs. On a daily basis, windows explorer either freezes a folder as I stated earlier, or crashes and recovers.

The next time I process pictures, I will see how it goes, if there is improvement. If I have another problem, I will note the time and look in the event viewer after to see what errors are being logged there.



Phantom010 said:


> If the value doesn't exist, you'll need to add it. Select New > String Value from the Edit menu. The new value will appear in the right pane, prompting you for a value name. Type _Max Cached Icons_ and press [Enter]. Make sure you separate each word with a space. The proper value is Max Cached Icons, not MaxCachedIcons.
> 
> Double-click the new value. You'll then see the Edit String screen. Enter a value of 2000 in the Value Data field and click OK.


----------



## Phantom010 (Mar 9, 2009)

Have you already tried a chkdsk /r?


----------



## db301 (Mar 28, 2007)

Phantom010 said:


> Have you already tried a chkdsk /r?


I just did on both C and D drives, but I did it from right clicking - properties - tools - check disk, to see what the result would be rather than run it from the command line.

Both drives completed the check without any error messages.


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a Fixuserinit.zip file to this post. Save it to your desktop and then unzip it and double-click the Fixuserinit.reg file. Allow it to merge into the registry.

Reboot and post a new HijackThis log please.


----------



## db301 (Mar 28, 2007)

Cookiegal said:


> I'm attaching a Fixuserinit.zip file to this post. Save it to your desktop and then unzip it and double-click the Fixuserinit.reg file. Allow it to merge into the registry.
> 
> Reboot and post a new HijackThis log please.


Done, as you instructed. Windows Explorer crashed when I went to reboot. "Windows Explorer has encountered a problem and needs to close" or something similar. This is typical of the behavior I have been experiencing with it. It recovered, and I rebooted and ran the scan, below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:31 PM, on 7/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5120 bytes


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## db301 (Mar 28, 2007)

Sorry for the delay, I appreciate your help. I had to allocate some time to run this ComboFix application, just in case there were problems from it like you described.

Please note I did NOT reboot after running ComboFix, I just generated both logs you requested.
*
Here's the log:*

ComboFix 09-07-19.04 - Don 07/21/2009 16:56.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.313 [GMT -4:00]
Running from: c:\documents and settings\Don\Desktop\Combo-Fix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\26a0c4b.msi
c:\windows\Installer\26a0c4c.msp
c:\windows\Installer\26a0c4d.msp
c:\windows\Installer\26a0c4e.msp
c:\windows\Installer\26a0c4f.msp
c:\windows\Installer\26a0c50.msp
c:\windows\Installer\26a0c51.msp
c:\windows\Installer\26a0c52.msp
c:\windows\Installer\26a0c53.msp
c:\windows\Installer\26a0c54.msp

.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-21 20:26 . 2009-02-27 10:57	165240	----a-r-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-07-18 00:39 . 2009-07-18 00:39	--------	d-----w-	c:\documents and settings\Don\Application Data\Malwarebytes
2009-07-18 00:39 . 2009-07-13 17:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-18 00:39 . 2009-07-18 00:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-18 00:39 . 2009-07-13 17:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-07-18 00:39 . 2009-07-18 00:39	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-07-18 00:34 . 2009-07-18 00:34	--------	d-----w-	c:\program files\Trend Micro
2009-07-17 20:26 . 2009-03-19 08:00	177520	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090717.006\NAVENG32.DLL
2009-07-17 20:26 . 2009-03-19 08:00	1181040	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090717.006\NAVEX32A.DLL
2009-07-17 20:26 . 2009-03-19 08:00	371248	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090717.006\EECTRL.SYS
2009-07-17 20:26 . 2009-03-19 08:00	259368	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090717.006\ECMSVR32.DLL
2009-07-17 20:26 . 2009-03-19 08:00	2414128	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090717.006\CCERASER.DLL
2009-07-17 20:26 . 2009-03-19 08:00	101936	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090717.006\ERASER.SYS
2009-07-17 20:26 . 2009-07-11 19:34	276344	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSXpx86.sys
2009-07-17 20:26 . 2009-07-11 19:34	293424	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys
2009-07-17 20:26 . 2009-07-11 19:34	533880	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\Scxpx86.dll
2009-07-17 20:26 . 2009-07-11 19:34	451960	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSxpx86.dll
2009-07-17 20:26 . 2009-07-11 19:34	397360	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSviA64.sys
2009-07-17 08:00 . 2009-07-17 08:00	87888	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090717.006\NAVENG.SYS
2009-07-17 08:00 . 2009-07-17 08:00	875728	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090717.006\NAVEX15.SYS
2009-07-15 20:33 . 2009-07-15 20:33	--------	d-----w-	c:\program files\MSXML 4.0
2009-07-14 20:32 . 2009-07-15 09:12	--------	d-----w-	c:\documents and settings\Don\Local Settings\Application Data\Corel
2009-07-14 20:31 . 2009-07-15 09:10	952	--sha-w-	c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-07-14 20:28 . 2009-07-14 20:32	--------	d-----w-	c:\documents and settings\Don\Application Data\Corel
2009-07-14 20:21 . 2009-07-14 20:21	--------	d-----w-	c:\program files\Common Files\Protexis
2009-07-14 20:20 . 2009-07-14 23:43	--------	d-----w-	c:\program files\Corel
2009-07-14 20:20 . 2009-07-14 23:43	--------	d-----w-	c:\program files\Common Files\Corel
2009-07-14 20:20 . 2009-07-14 23:34	--------	d-----w-	c:\documents and settings\All Users\Application Data\Corel
2009-07-11 19:34 . 2009-07-11 19:34	276344	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34	293424	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34	533880	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34	451960	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34	397360	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-11 12:12 . 2009-03-16 20:03	533880	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\Scxpx86.dll
2009-07-11 12:12 . 2009-01-29 21:50	276344	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSXpx86.sys
2009-07-11 12:12 . 2009-01-29 21:50	292912	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSvix86.sys
2009-07-11 12:12 . 2009-01-29 21:50	447864	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSxpx86.dll
2009-07-11 12:12 . 2009-01-29 21:50	396848	----a-w-	c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSviA64.sys
2009-07-02 21:07 . 2003-06-25 20:05	266360	----a-w-	c:\windows\system32\TweakUI.exe
2009-07-02 09:16 . 2009-07-02 09:16	--------	d-----w-	c:\documents and settings\Wendy\Local Settings\Application Data\Symantec
2009-06-22 09:16 . 2009-06-22 09:16	--------	d-sh--w-	c:\documents and settings\Wendy\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 20:39 . 2009-01-24 23:31	--------	d-----w-	c:\program files\Mozilla Thunderbird
2009-07-20 09:29 . 2009-01-25 01:02	2467995	----a-w-	c:\documents and settings\Wendy\Application Data\Thunderbird\Profiles\r2cqnp12.default\Mail\Local Folders\Inbox.sbd\Amazon.Com
2009-07-16 09:27 . 2009-02-17 17:50	30864	----a-w-	c:\documents and settings\Wendy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 09:11 . 2009-01-24 22:12	30864	----a-w-	c:\documents and settings\Don\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-12 00:59 . 2009-07-12 10:44	2293760	----a-w-	c:\windows\Internet Logs\xDB1.tmp
2009-07-11 12:16 . 2009-06-20 21:44	563064	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-11 12:16 . 2009-06-20 21:44	314712	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-11 12:16 . 2009-06-20 21:44	25440	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-11 12:16 . 2009-06-20 21:44	169312	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-11 12:16 . 2009-06-20 21:44	348496	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-11 12:15 . 2009-06-20 21:44	298336	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-11 12:15 . 2009-05-30 16:10	84832	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-11 12:15 . 2009-06-20 21:44	1630560	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-11 12:15 . 2009-05-30 16:10	246128	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-11 12:15 . 2009-05-30 16:10	40288	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-11 12:15 . 2009-06-20 21:44	85352	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-11 12:15 . 2009-06-20 21:44	664424	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-11 12:14 . 2009-06-20 21:44	566632	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-11 12:14 . 2009-06-20 21:44	2353480	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-11 12:14 . 2009-06-20 21:44	629072	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-11 12:14 . 2009-06-20 21:44	520024	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-11 12:14 . 2009-06-20 21:44	1029456	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-16 14:36 . 2004-08-04 12:00	81920	------w-	c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00	119808	------w-	c:\windows\system32\t2embed.dll
2009-06-12 00:49 . 2009-01-24 23:55	--------	d-----w-	c:\program files\Downloaded programs
2009-06-03 19:09 . 2004-08-04 12:00	1291264	----a-w-	c:\windows\system32\quartz.dll
2009-05-31 15:05 . 2009-01-26 21:05	--------	d---a-w-	c:\program files\PhotoEd
2009-05-30 16:10 . 2009-05-30 16:10	15688	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-30 16:10 . 2009-03-16 23:15	15688	------w-	c:\windows\system32\lsdelete.exe
2009-05-29 20:36 . 2009-05-29 20:31	--------	d-----w-	c:\program files\ShellExView
2009-05-29 20:31 . 2009-05-29 20:31	39424	----a-w-	c:\windows\zipinst.exe
2009-05-20 09:27 . 2009-05-20 09:27	664	------w-	c:\windows\system32\d3d9caps.dat
2009-05-13 05:15 . 2004-08-04 12:00	915456	------w-	c:\windows\system32\wininet.dll
2009-05-04 00:39 . 2009-02-02 01:06	828029	------w-	c:\windows\system32\xvidcore.dll
2009-05-04 00:39 . 2008-12-19 15:15	4470469	------w-	c:\windows\system32\libavcodec.dll
2009-05-04 00:39 . 2008-12-17 17:41	830380	------w-	c:\windows\system32\ff_x264.dll
2009-05-04 00:39 . 2008-12-17 17:22	98304	------w-	c:\windows\system32\ff_wmv9.dll
2009-05-04 00:39 . 2008-12-17 17:22	85504	------w-	c:\windows\system32\ff_vfw.dll
2009-05-04 00:39 . 2008-12-17 16:59	557469	------w-	c:\windows\system32\libmplayer.dll
2009-04-25 13:59 . 2009-04-25 13:59	64160	----a-w-	c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-25 13:59 . 2009-03-16 21:08	64160	------w-	c:\windows\system32\drivers\Lbd.sys
2008-01-12 01:06 . 2009-01-27 09:33	1268353	----a-w-	c:\program files\InstallRarZilla.exe
2009-06-12 23:29 . 2009-01-24 21:56	134648	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-25 180269]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Corel File Shell Monitor"="c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe" [2008-07-09 37888]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/16/2009 5:08 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [3/26/2009 4:54 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [3/26/2009 4:54 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [3/26/2009 4:53 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSXpx86.sys [7/17/2009 4:26 PM 276344]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [1/24/2009 7:03 PM 464264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [3/26/2009 4:54 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/19/2009 4:00 AM 101936]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\SiriusUSB.sys [1/25/2009 5:06 PM 7552]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl

.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\uaukecgr.default\
FF - prefs.js: browser.startup.homepage - hxxp://wwwa.accuweather.com/radar-large.asp?partner=accuweather&traveler=0&site=CT_&type=SIR&anim=1&level=state&large=1
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 17:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-07-21 17:04
ComboFix-quarantined-files.txt 2009-07-21 21:04

Pre-Run: 84,748,607,488 bytes free
Post-Run: 85,329,330,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

196	--- E O F ---	2009-07-15 20:36

_*
Here's the hijackthis log:*_

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:58 PM, on 7/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4820 bytes



Cookiegal said:


> Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.
> 
> The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.
> 
> ...


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## db301 (Mar 28, 2007)

Ad-Aware
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Ahead InCD EasyWrite Reader
Apple Software Update
Audacity 1.2.6
ConvertHelper 2.2
Corel MediaOne
Corel Paint Shop Pro Photo X2
Corel Painter Photo Essentials 4
Corel Painter Photo Essentials 4
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ffdshow [rev 2936] [2009-05-03]
Free FLV to AVI Converter
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
hp deskjet 5550 series (Remove only)
HP Photo and Imaging 1.0 - Scanjet 3500c Series
hp print screen utility
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.12)
Mozilla Thunderbird (2.0.0.22)
MSN
MSXML 4.0 SP2 (KB954430)
My Sirius Studio
Nero 6
Nero Media Player
NeroVision Express 2
Norton AntiVirus
QuickTime
RarZilla Free Unrar 2.52
RealPlayer
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
ServiceProvider
ShellExView
Shuangs Audio Joiner 1.1
SmartSoft Video Converter
Spybot - Search & Destroy
STOIK Video Converter 2
Tweak UI
Ulead DVD Workshop Trial
upapp
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
XP Codec Pack
ZoneAlarm
ZoneAlarm Spy Blocker Toolbar



Cookiegal said:


> Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## Cookiegal (Aug 27, 2003)

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version:

*JRE 6 Update 13*

Instructions for Kaspersky scan:


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.


----------



## abcdjzmcbt (Nov 1, 2004)

I'm sorry but why are tools like HijackThis always being used BEFORE scanners around here? HijackThis does not remove infections it just repairs the OS. Of course other info can be gained with it but it just seems roundabout to me.


----------



## Cookiegal (Aug 27, 2003)

abcdjzmcbt said:


> I'm sorry but why are tools like HijackThis always being used BEFORE scanners around here? HijackThis does not remove infections it just repairs the OS. Of course other info can be gained with it but it just seems roundabout to me.


When you are qualified for malware removal you can use the methods you prefer.


----------



## db301 (Mar 28, 2007)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, July 24, 2009 22:56:01
Records in database: 2527820
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 69316
Threat name: 3
Infected objects: 2
Suspicious objects: 2
Duration of the scan: 02:01:20

File name / Threat name / Threats count
C:\Documents and Settings\Don\Application Data\Thunderbird\Profiles\v34r0kln.default\Mail\Local Folders\Inbox	Infected: Trojan-Spy.HTML.Paylap.by	1
C:\Documents and Settings\Don\Application Data\Thunderbird\Profiles\v34r0kln.default\Mail\Local Folders\Inbox	Suspicious: Trojan-Spy.HTML.Fraud.gen	1
C:\Documents and Settings\Don\Application Data\Thunderbird\Profiles\v34r0kln.default\Mail\Local Folders\Save	Suspicious: Trojan-Spy.HTML.Fraud.gen	1
C:\Program Files\Downloaded programs\free-flv-to-avi-converter.exe	Infected: Trojan-Downloader.Win32.Injecter.cpk	1

The selected area was scanned.



Cookiegal said:


> Please do an online scan with Kaspersky WebScanner
> 
> Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version:
> 
> ...


----------



## Cookiegal (Aug 27, 2003)

There's no need to quote my posts with the instructions each time you reply. It just adds more clutter. 

There are some suspicious or infected e-mails in your Thunderbird Inbox but they aren't identified so that normally means they're not a threat. You should look through them though and delete any that look like they could be spam or have unknown attachments.

The same applies to the Save Folder in Thunderbird.

Please delete these file:

C:\Program Files\Downloaded programs\*free-flv-to-avi-converter.exe*

Then please post a new HijackThis log.


----------



## db301 (Mar 28, 2007)

Sorry about the extra clutter there..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:58 PM, on 7/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5495 bytes


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## db301 (Mar 28, 2007)

Ad-Aware
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Ahead InCD EasyWrite Reader
Apple Software Update
Audacity 1.2.6
ConvertHelper 2.2
Corel MediaOne
Corel Paint Shop Pro Photo X2
Corel Painter Photo Essentials 4
Corel Painter Photo Essentials 4
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ffdshow [rev 2936] [2009-05-03]
Free FLV to AVI Converter
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
hp deskjet 5550 series (Remove only)
HP Photo and Imaging 1.0 - Scanjet 3500c Series
hp print screen utility
Java(TM) 6 Update 14
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.12)
Mozilla Thunderbird (2.0.0.22)
MSN
MSXML 4.0 SP2 (KB954430)
My Sirius Studio
Nero 6
Nero Media Player
NeroVision Express 2
Norton AntiVirus
QuickTime
RarZilla Free Unrar 2.52
RealPlayer
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
ServiceProvider
ShellExView
Shuangs Audio Joiner 1.1
SmartSoft Video Converter
Spybot - Search & Destroy
STOIK Video Converter 2
Tweak UI
Ulead DVD Workshop Trial
upapp
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
XP Codec Pack
ZoneAlarm
ZoneAlarm Spy Blocker Toolbar


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log and let me know how things are now.


----------



## db301 (Mar 28, 2007)

My computer is running better. Windows Explorer has not crashed in about 4 days. But, I still have problems with thumbnail loading and folders hanging up.

For example, let's say I have folder "a" in my documents folder. Inside folder "a", there is folder "b" and "c" with 30 pictures each in them. I open folder "a", open folder "b" and the 30 thumbnail preview pictures load slowly, they start loading after about 10 seconds of waiting. I can see 10 of the 30 pictures in the thumbnail folder view and once the 10 thumbnails are loaded completely I scroll down to see the other 20 and those thumbnails are not loaded. Then, it takes about 5-10 seconds for those to load sometimes longer.

At this point, I would start opening pictures one at a time with photo editor, to crop, lighten the pictures, and then close and save them. Works normally for a time. At some point, folder "b" (in this case) stops responding. The new thumbnail of the newly edited picture does not load. I can't even close folder "b". So, I go back to folder "a" and double click on the icon for folder "b" again, and it opens up a second folder "b", which is not frozen. The thumbnails load slowly again, but I am able to use the contents of the folder to continue editing pictures. That is until this second folder "b" stops responding, at that point I go back to the first folder "b" which has by this time started responding again. So back and forth I go, just to be able to get work done to edit pictures this way.

I have tried creating a new folder "a" and "b", and moving the contents from the old versions to the new, but it has not helped. I thought maybe the original folders were corrupt in some way.

This problem is not unique to folders "a", "b" or "c", but has happened to any folder on my computer at any time. Once in a great while I go to edit pictures and there are few or no hangups. What a pleasure that is! Doesn't happen very often unfortunately.

When I use Powerpoint and import pictures, the popup insert picture window has slow loading thumbnails. Sometimes when I select a picture and click ok to put it into Powerpoint, the popup window half closes, then freezes. The only way it unfreezes is by waiting for it, about 2-3 minutes sometimes.

Please note that this seems to be picture and thumbnail related, as the programs "Word" and "Excel" and others that don't involve pictures don't have these kind of hangup or freezing problems. But I don't use those programs as often either.

I also have problems with folders that do not refresh. These do not necessarily use thumbnail views. I delete a file by either right clicking or using the delete button on the left of the window, click ok to accept, and the file is still visable. It is not accessible, because it has been deleted. I have to either right click and select refresh, press F5, or close the folder and re-enter it for the file I deleted to be gone. I have tried creating fresh folders to fix this problem also but it does not help.

Here is the latest Hijackthis scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:24 PM, on 7/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5552 bytes


----------



## Cookiegal (Aug 27, 2003)

Do you have the same problem in safe mode?


----------



## db301 (Mar 28, 2007)

Yes, the performance and operation is about the same in safe mode, maybe a little faster loading of thumbnails but similar temporary freezing of folders.

I recreated the folders I use frequently, and moved the pictures and files from the old ones to the new folders I created. The loading of thumbnails got better, and the freezing of the folders has become less in duration.

After I did this the other night, and after editing pictures and using powerpoint and having better luck and less problems when I went to shut down the computer for the night I clicked on the start button, selected turn off computer and windows explorer crashed. First time in about a week. But it crashed so hard that after 15 minutes it had still not cleared the desktop and recovered. I had no choice but to manually shut off the computer to reboot. After that it has been same as before, for the most part WE doesn't crash, and icon loading and folder freezing has been less but still happens.

The event viewer finally acknowledged and recorded a WE crash, here is the information from the event viewer if it helps:

Details 
Product: Windows Operating System 
ID: 1000 
Source: Application Error 
Version: 5.2 
Symbolic Name: ER_USERCRASH_LOG 
Message: Faulting application %1, version %2, faulting module %3, version %4, fault address 0x%5.

Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04fdc550.

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 7/28/2009
Time: 9:55:46 PM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x04fdc550.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 35 35 31 32 20 00.5512 
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 30 34 66 fset 04f
0050: 64 63 35 35 30 0d 0a dc550..


----------



## Cookiegal (Aug 27, 2003)

Go to *Start * *Run *- type *msconfig*  click OK and click on the *startup tab*. Uncheck everything there except for your anti-virus program. Then reboot and let me know if the problem persists please.


----------



## db301 (Mar 28, 2007)

Ok, I did that and I am still having similar issues. Windows Explorer hasn't crashed in about a week, which is good.

But, thumbnail previews still load slowly in folders. They will load fairly well in the area of the screen that I can see, but if I scroll down in the folder the rest don't load until I expose them and even then it's very slow. Sometimes 10 to 20 seconds before they start loading. Also the folder sometimes freezes as I'm trying to work with the pictures, IE select a group of them for moving or deletion. Freeze duration is about 10-15 seconds.

Creating a brand new folder and transferring the pictures to the new folder helps for a while, like about a day or two. Then that folder starts behaving like the old one did.


----------



## Cookiegal (Aug 27, 2003)

What are your system specs with regards to resources? I mean the size of the hard drive, how much RAM?

What is the size of the paging file? To find that information, do this:

Click Start, and then click Control Panel. 
If in Category view, click on Click Performance and Maintenance and then click System (if in Classic view just click System). 
On the Advanced tab, under Performance, click Settings. 
On the Advanced tab, under Virtual memory, click Change. 
Don't change anything but let me know what it says the size of the initial file is.


----------



## db301 (Mar 28, 2007)

My machine is a Pentium 4 2.5 ghz, 512mb ram, 120gb C drive, 40gb D drive.

Initial paging file is 768mb, range is 768 to 1536. Space available on C drive is 70828.


----------



## Cookiegal (Aug 27, 2003)

Go to the *Run *box on the *Start Menu* and type in:

*sfc /scannow*

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. You may be prompted to insert the installation CD.


----------



## db301 (Mar 28, 2007)

Today I ran the scan as you instructed. Almost immediately, windows requested I put in the XP CD, which I did. I stayed at the computer to watch the whole scan, which took some 30 minutes or more. I am aggravated by Windows and how it gives no indication as to whether there are corrupt files, missing files, no information is given. Just the blue progress bar.

The progress bar got to about 60 % complete, and the computer crashed. I let it restart itself, logged back in, let it sit for 15 minutes to complete whatever processes it wanted to. I removed the CD. It never gave me a "Windows has recovered from a serious error" message or anything to indicate why it crashed.

So, I started the scan again. It asked for the CD again, which I installed. This time it finished after over 30 minutes. The scan window just disappears, no indication if it found bad files, replaced them, nothing.

I removed the CD and rebooted.

I logged back in, let the startup processes run without any other applications and when it was all started up and running the first folder I opened up, stopped responding. Same problem as before.

Eventually it unfroze and began responding again, and as the evening went on things seemed to be better and folders were responding normally.

I just went to log off for the night, clicked the start and turn off computer button, got the message "windows explorer has encountered a problem and must close". It would not recover. Control Alt Delete eventually brought up task manager, which was unresponsive as well. 

I walked away and came back in 15 minutes, giving the system time to recover. 

Another error message was up, "Dr Watson postmortem debugger has encountered a problem and must close". This window also was unresponsive. 

So at this point I had two error messages up, task manager window, and none could be closed or would respond. The activity light on the computer was inactive after 15 minutes. I shut it down manually to get it running again.

When it booted up I logged in, no error messages have been displayed indicating any lock ups or crashes.

This was in the event viewer around the time of the lock up tonight.:

Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0425c550.

Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

I'm totally confused and frustrated.


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop and double-click on it to extract the files. It will create a folder named *OTS* on your desktop.

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Open the *OTS* folder and double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## db301 (Mar 28, 2007)

Most of the computer activity yesterday was normal, but again when I went to log off explorer crashed but this time recovered and reset all the desktop icons within about 10 seconds. I was able to log off normally after that.

I ran the scan today as directed, the file is attached.


----------



## Cookiegal (Aug 27, 2003)

I just wanted to let you know that I haven't forgotten you but will only be able to get to this log tomorrow.


----------



## db301 (Mar 28, 2007)

No problem, I appreciate all your help!


----------



## Cookiegal (Aug 27, 2003)

Go to the following link and upload the following file(s) for analysis and let me know what the results are please:

http://virusscan.jotti.org/

*C:\WINDOWS\systju.dll*

Then please do the following:

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> [Adobe PDF Reader Link Helper]
YN -> {201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> [Java(tm) Plug-In 2 SSV Helper]
YN -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> [JQSIEStartDetectorImpl Class]
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> HPDJ Taskbar Utility hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
[Files/Folders - Created Within 30 Days]
NY -> 6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp
NY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 Days]
NY -> 7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 22 C:\Documents and Settings\Don\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Don\Local Settings\Temp\*.tmp
NY -> 14 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```
Also, please do the following:

Right-click on *My Computer* and select *Properties* and then click on the Hardware tab and click on the *Device Manager *button.

Are there any yellow marks showing in Device Manager?


----------



## Cookiegal (Aug 27, 2003)

Also, please do a search on your machine for the following file and let me know if it exists and if so, what is the entire path to each one that you find.

*cdrom.sys*


----------



## db301 (Mar 28, 2007)

*Analysis of C:\WINDOWS\systju.dll :*

Filename: sysmf4.dll
Status: 
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Fri 12 Jun 2009 07:23:56 (CET) Permalink

*OTS scan and results :*

All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
[Registry - Additional Scans - Safe List]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPDJ Taskbar Utility hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ not found.
File not found.
[Files/Folders - Created Within 30 Days]
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Don\Local Settings\Temp\IXP000.TMP folder deleted successfully.
File delete failed. C:\Documents and Settings\Don\Local Settings\Temp\~DF28E4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Temp\JETE4B2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\Temp\ZLT068e5.TMP scheduled to be deleted on reboot.
[Empty Temp Folders]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Don
File delete failed. C:\Documents and Settings\Don\Local Settings\Temp\~DF28E4.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 497194 bytes
File delete failed. C:\Documents and Settings\Don\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 4663152 bytes
->Java cache emptied: 13556966 bytes
->FireFox cache emptied: 116588605 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 51176 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: Wendy
->Temp folder emptied: 19386673 bytes
->Temporary Internet Files folder emptied: 1014751 bytes
->FireFox cache emptied: 88564302 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\JETE4B2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT068e5.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 206248 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 233.23 mb

< End of fix log >
OTS by OldTimer - Version 3.0.10.3 fix logfile created on 08232009_085956

Files\Folders moved on Reboot...
C:\Documents and Settings\Don\Local Settings\Temp\~DF28E4.tmp moved successfully.
File\Folder C:\WINDOWS\Temp\JETE4B2.tmp not found!
File\Folder C:\WINDOWS\Temp\ZLT068e5.TMP not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d0.dat not found!

Registry entries deleted on Reboot...

*Hijack this log :*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:57 AM, on 8/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.10\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.10\ccSvcHst.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/searc

h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/searc

h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

C:\Program Files\Norton AntiVirus\Engine\16.7.2.10\IPSBHO.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASKService - Unknown owner - C:\Program

Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton

AntiVirus\Engine\16.7.2.10\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common

Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program

Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5701 bytes

*There are no yellow marks in device manager, I checked items in the groups under the + marks also.*

*Search results for cdrom.sys:*

C:\WINDOWS\ServicePackFiles\i386
C:\WINDOWS\system32\drivers
C:\WINDOWS\Driver Cache\i386\sp2.cab
C:\WINDOWS\Driver Cache\i386\sp3.cab
C:\WINDOWS\ServicePackFiles\i386\sp3.cab

*New problem this morning. "Symantec service framework has encountered a problem and needs to close". I assume this is my Norton antivirus because the quicklaunch icon randomly disappears, and then everything starts to hang up. I am going to uninstall and reinstall the Norton antivirus. Please note that all the information above that you requested was collected and submitted before reinstalling the antivirus program.*


----------



## db301 (Mar 28, 2007)

Has this thread been abandoned? I provided all the information requested in the last 2 postings but have not received any replies.


----------



## Cookiegal (Aug 27, 2003)

I'm sorry but I never received notification of your reply.

Please post a new HijackThis log but this time be sure "word wrap" is unchecked under Format in Notepad.

Also, since some time has passed, can you give me a summary of what problems remain please?


----------



## db301 (Mar 28, 2007)

Ok, I wasn't sure what was going on.

After I reinstalled my Norton Antivirus, things were running better. I say better because I still thing they are not running the way they should be, as far as how fast picture thumbnails should load, as well as how some folders with pictures just decide to freeze and not respond for 10 seconds.

Then today I was loading pictures into a powerpoint presentation. The popup insert picture from file box in powerpoint did not load the thumbnail views. I waited 5 minutes, never loaded them. So, I just selected the pictures by their number instead, and powerpoint locked up. Waited 10 minutes for that to unlock, never happened. So, I used task manager to end the program, rebooted, and the same scenario happened again.

The third time, I turned off Norton and powerpoint seemed to run better and did not freeze / become unresponsive. I finished my work, and re-enabled Norton

Hijack this log: (word wrap is unchecked)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:23 PM, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5755 bytes


----------



## Cookiegal (Aug 27, 2003)

The problem may be with Norton then.

Try booting to safe mode and doing some of those functions you were having problems with and let me know if they still don't work properly.

Then boot back to Windows normally and do the following please:

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## db301 (Mar 28, 2007)

I had similar problems in safe mode. Norton was not running in safe mode.

The past 4 days in regular boot mode, the windows explorer crashing problem has returned. It has crashed the past 3 times I have tried to shut down the computer, upon clicking the start turn off computer buttons.

Here is the log you requested:

Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Ahead InCD EasyWrite Reader
Apple Software Update
Audacity 1.2.6
ConvertHelper 2.2
Corel MediaOne
Corel Paint Shop Pro Photo X2
Corel Painter Photo Essentials 4
Corel Painter Photo Essentials 4
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ffdshow [rev 2936] [2009-05-03]
Free FLV to AVI Converter
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
hp deskjet 5550 series (Remove only)
HP Photo and Imaging 1.0 - Scanjet 3500c Series
hp print screen utility
Java(TM) 6 Update 14
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.3)
Mozilla Thunderbird (2.0.0.23)
MSN
MSXML 4.0 SP2 (KB954430)
My Sirius Studio
Nero 6
Nero Media Player
NeroVision Express 2
Norton AntiVirus
QuickTime
RarZilla Free Unrar 2.52
RealPlayer
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
ServiceProvider
ShellExView
Shuangs Audio Joiner 1.1
SmartSoft Video Converter
Spybot - Search & Destroy
STOIK Video Converter 2
Tweak UI
Ulead DVD Workshop Trial
upapp
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
XP Codec Pack
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm
ZoneAlarm Spy Blocker Toolbar


----------



## Cookiegal (Aug 27, 2003)

Are there other users on this machine that have their own accounts?


----------



## db301 (Mar 28, 2007)

Yes, my wife has an account but we both have admin rights also. She doesn't run as many of the processes as I do and she doesn't seem to have the problems I do on my account. On occasion windows explorer will crash on her account, but rarely.


----------



## Cookiegal (Aug 27, 2003)

Can you please post a HijackThis log taken from her account?


----------



## db301 (Mar 28, 2007)

Ok, I logged in to her account and put the hijackthis shortcut on the desktop and ran the scan. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:04 AM, on 10/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4778 bytes


----------



## db301 (Mar 28, 2007)

The same thing just happened tonight, that happened back in message 42 on 08/18/09 of this thread:

"I just went to log off for the night, clicked the start and turn off computer button, got the message "windows explorer has encountered a problem and must close". It would not recover. Control Alt Delete eventually brought up task manager, which was unresponsive as well.

I walked away and came back in 15 minutes, giving the system time to recover.

Another error message was up, "Dr Watson postmortem debugger has encountered a problem and must close". This window also was unresponsive.

So at this point I had two error messages up, task manager window, and none could be closed or would respond. The activity light on the computer was inactive after 15 minutes. I shut it down manually to get it running again.

When it booted up I logged in, no error messages have been displayed indicating any lock ups or crashes."


----------



## Cookiegal (Aug 27, 2003)

I'm sorry about the delay and wanted to let you know that I haven't forgotten you. I've had connection problems for several days and wasn't able to get on-line at all. It will probably take me a few days to catch up so I will post back here as soon as I can with further instructions.


----------



## Cookiegal (Aug 27, 2003)

That can happen from time to time with no specific explanation but if it happens very often then it could be a problem.

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## db301 (Mar 28, 2007)

After the last crash, I was thinking that maybe there are too many programs trying to scan my processes and they are conflicting with one another. So I uninstalled AdAware program, because it seemed glitchy when I used it and I think there was some caution that it wasn't compatible with spybot or something. Just so you know 

Here's the log:

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Ahead InCD EasyWrite Reader
Apple Software Update
Audacity 1.2.6
ConvertHelper 2.2
Corel MediaOne
Corel Paint Shop Pro Photo X2
Corel Painter Photo Essentials 4
Corel Painter Photo Essentials 4
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ffdshow [rev 2936] [2009-05-03]
Free FLV to AVI Converter
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
hp deskjet 5550 series (Remove only)
HP Photo and Imaging 1.0 - Scanjet 3500c Series
hp print screen utility
Java(TM) 6 Update 14
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.3)
Mozilla Thunderbird (2.0.0.23)
MSN
MSXML 4.0 SP2 (KB954430)
My Sirius Studio
Nero 6
Nero Media Player
NeroVision Express 2
Norton AntiVirus
QuickTime
RarZilla Free Unrar 2.52
RealPlayer
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
ServiceProvider
ShellExView
Shuangs Audio Joiner 1.1
SmartSoft Video Converter
Spybot - Search & Destroy
STOIK Video Converter 2
Tweak UI
Ulead DVD Workshop Trial
upapp
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
XP Codec Pack
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm
ZoneAlarm Spy Blocker Toolbar


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application.

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 16*.
Click the "*Download*" button to the right.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 16 License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. *Do NOT use the Sun Download Manager.*
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with *Java Runtime Environment, JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.


----------



## db301 (Mar 28, 2007)

There have been no explorer crashes since 10/4/09.

I will now uninstall Java and install the file you directed me to.

*
APPLICATION ERRORS SINCE 10/4/09:*

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 10/4/2009
Time: 10:05:17 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
Faulting application tmpgenc.exe, version 2.58.44.152, faulting module unknown, version 0.0.0.0, fault address 0x0148aaa4.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 74 6d 70  ure tmp
0018: 67 65 6e 63 2e 65 78 65 genc.exe
0020: 20 32 2e 35 38 2e 34 34 2.58.44
0028: 2e 31 35 32 20 69 6e 20 .152 in 
0030: 75 6e 6b 6e 6f 77 6e 20 unknown 
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0 
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 31 34 38 61 61 t 0148aa
0050: 61 34 0d 0a a4..

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 10/4/2009
Time: 8:09:57 PM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0544c550.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 35 35 31 32 20 00.5512 
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 30 35 34 fset 054
0050: 34 63 35 35 30 0d 0a 4c550..

Event Type:	Error
Event Source:	Application Error
Event Category:	(100)
Event ID:	1000
Date: 10/4/2009
Time: 8:15:43 PM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 64 72 77 ure drw
0018: 74 73 6e 33 32 2e 65 78 tsn32.ex
0020: 65 20 35 2e 31 2e 32 36 e 5.1.26
0028: 30 30 2e 30 20 69 6e 20 00.0 in 
0030: 64 62 67 68 65 6c 70 2e dbghelp.
0038: 64 6c 6c 20 35 2e 31 2e dll 5.1.
0040: 32 36 30 30 2e 35 35 31 2600.551
0048: 32 20 61 74 20 6f 66 66 2 at off
0050: 73 65 74 20 30 30 30 31 set 0001
0058: 32 39 35 64 295d

*SYSTEM ERRORS SINCE 10/4/09:*

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 10/5/2009
Time: 8:10:06 PM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 10/5/2009
Time: 8:10:06 PM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/5/2009
Time: 8:14:43 PM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/6/2009
Time: 2:46:15 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/6/2009
Time: 5:06:17 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/6/2009
Time: 3:59:10 PM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/7/2009
Time: 2:51:24 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/7/2009
Time: 5:08:28 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/7/2009
Time: 4:07:00 PM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/8/2009
Time: 2:36:55 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/8/2009
Time: 5:07:08 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/8/2009
Time: 4:24:36 PM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/8/2009
Time: 8:49:37 PM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/9/2009
Time: 2:46:48 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/9/2009
Time: 5:09:33 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/9/2009
Time: 4:03:28 PM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/10/2009
Time: 6:40:45 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/10/2009
Time: 7:06:12 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Did you uninstall Ad-Aware? And if so, how did you uninstall it?


----------



## db301 (Mar 28, 2007)

I uninstalled Adaware on 10/06/09 by using Windows Add/Remove programs in control panel, just like I did with Java today.

Why?


----------



## Cookiegal (Aug 27, 2003)

Because many of those errors relate to an Ad-Aware driver that is still trying to start up but failing. What version of Ad-Aware was it?


----------



## db301 (Mar 28, 2007)

I'm sorry I do not know. Whenever I download a *.exe file program, I always save the downloaded file in my C drive in so if I forget where I got it I have a copy. I found the Adaware EXE file there, and deleted it. Although I don't know if that file alone just sitting there in a folder could cause a system or application error, looking for a driver.


----------



## db301 (Mar 28, 2007)

Absolutely horrible operation this morning. 

Folders freezing, thumbnails not loading or loading slowly or only half of them load in a folder in a folder, powerpoint not responding, folders not responding, windows explorer crashes, icons disappear and only the background picture is left, I go away for 15-20 minutes and come back to just the background picture, icons have still not returned. Windows explorer did not recover, had to manually turn off the computer twice so far today.

I feel like I'm back at square one. Extremely frustrated.


----------



## db301 (Mar 28, 2007)

system error messages from today:

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/12/2009
Time: 3:26:06 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/12/2009
Time: 3:49:54 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/12/2009
Time: 9:17:46 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 10/12/2009
Time: 9:45:37 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The following boot-start or system-start driver(s) failed to load: 
Lbd

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## db301 (Mar 28, 2007)

Ran Spybot, found nothing.

Ran sfc /scannow again with the original Windows XP disk in. Rebooted after that. 

Started my work again, cropped 15 pictures and upon closing one the folder froze for 4 minutes with a white screen where the contents of the folder would be. 

When it finally unfroze, I tried to close the folder by "X"ing it out , and it froze again.

I have become very tired of this problem. WHY WILL NOTHING FIX THIS????


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run * type in *cmd *then click OK. The MSDOS window will be displayed. At the prompt type the following:

*SC Stop lbd*
Then press Enter

Type:

*SC Delete lbd*

Then press Enter.

Then post a new Hijack This log please.


----------



## db301 (Mar 28, 2007)

In the MSDOS window, after entering what you asked, I got the message :SC ControlService FAILED. The service has not been started.

After the delete command, this message: Delete Service Success.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:19 PM, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/searc

h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/searc

h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASKService - Unknown owner - C:\Program

Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton

AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common

Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program

Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5969 bytes


----------



## Cookiegal (Aug 27, 2003)

Download GMER from: http://gmer.net/index.php

Save it on your desktop and unzip it.

Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click *Copy*. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.


----------



## db301 (Mar 28, 2007)

Here you go. I unchecked word wrap as you've said before, I hope it pasted in correctly...

I checked both C and D drives in the scan.

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-12 17:23:47
Windows 5.1.2600 Service Pack 3
Running: 441uv5fh.exe; Driver: C:\DOCUME~1\Don\LOCALS~1\Temp\awairfow.sys

---- System - GMER 1.0.15 ----

SSDT 82AB7970 ZwAlertResumeThread
SSDT 82AB74D8 ZwAlertThread
SSDT 8280E1F8 ZwAllocateVirtualMemory
SSDT 82ABE340 ZwAssignProcessToJobObject
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF5C1DFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF5C1AC80]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF5D5C130]
SSDT 828391F8 ZwCreateMutant
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF5C1E580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF5C32900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF5C32B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF5C36B10]
SSDT 82CA9A10 ZwCreateSymbolicLinkObject
SSDT 82C9F580 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF5C1E670]
SSDT 82ABDC70 ZwDebugActiveProcess
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF5C1B210]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF5D5C3B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF5D5C910]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF5C32280]
SSDT 8281D1F8 ZwFreeVirtualMemory
SSDT 82AB8C70 ZwImpersonateAnonymousToken
SSDT 82AACB78 ZwImpersonateThread
SSDT 82CE5580 ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF5C35F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF5C35F90]
SSDT 82C883F8 ZwMapViewOfSection
SSDT 82AD7C70 ZwOpenEvent
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF5C1B070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF5C34180]
SSDT 82AAE340 ZwOpenProcessToken
SSDT 82ABD7D8 ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF5C33F40]
SSDT 82D635B8 ZwProtectVirtualMemory
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF5C366F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF5C36150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF5C1DBE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF5C36540]
SSDT 82D12268 ZwResumeThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF5C1E190]
SSDT 82AA6E08 ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF5C1B440]
SSDT 8282E1F8 ZwSetInformationProcess
SSDT 82AB7E08  ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF5D5CB60]
SSDT 82A93C70 ZwSuspendProcess
SSDT 82AB1C70 ZwSuspendThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF5C33200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF5C33080]
SSDT 82AAE7D8 ZwTerminateThread
SSDT 82A95E08 ZwUnmapViewOfSection
SSDT 828231F8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [80, E5, C1, F5, 00, 29, C3, ...] {AND CH, 0xc1; CMC ; ADD [ECX], CH; RET ; CMC ; ADC [EBX], CH; RET ; CMC }
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 12 Bytes [80, 55, CE, 82, 10, 5F, C3, ...] {ADC BYTE [EBP-0x32], 0x82; ADC [EDI-0x3d], BL; CMC ; NOP ; POP EDI; RET ; CMC }
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [70, 3C, A9, 82, 70, 1C, AB, ...] {JO 0x3e; TEST EAX, 0xab1c7082; ADD BYTE [EAX], 0x32; RET ; CMC }
? SYMEFA.SYS The system cannot find the file specified. !
? srescan.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3188] ntdll.dll!RtlValidateUnicodeString + 554 7C9163BE 10 Bytes JMP 022E003A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F5C22B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F5C22930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F5C23260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F5C20E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]  [F5C20E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F5C22B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F5C22930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F5C23260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F5C22B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F5C20E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F5C23260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F5C22930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F5C23260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F5C22930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F5C22B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F5C3BB30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F5C23260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F5C22930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F5C20E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F5C22B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F5C22B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F5C20E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F5C23260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F5C22930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F5C1B8D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F5C1BA80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F5C1B5E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F5C1B980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


----------



## db301 (Mar 28, 2007)

I tried accessing the folders that most often freeze up and using powerpoint from my wife's user ID, same result.

The folder I use is on D drive, but even when I had it on C drive I had the same problems. Windows Explorer just sucks or something is constantly causing it to crash when trying to use programs that involve images. I don't have these same issues with programs involving internet, music or video.

I'm reluctant to even open folders with pictures or use powerpoint right now, because I seldom have time enough to wait for WE to crash and recover over and over again. Really takes the fun out of using the computer.


----------



## Cookiegal (Aug 27, 2003)

Please check the Event Viewer logs again and post any errors that have occurred since you deleted the Ad-Aware driver.


----------



## db301 (Mar 28, 2007)

I don't think I did delete the adaware driver. Where would I find it to delete it? I removed the adaware program through add/remove programs in control panel, and then deleted the original download *.exe file for adaware.

I had already posted all the errors for you since then.

Here are the ones today, but I did not spend any time today processing pictures or using powerpoint, which is when I encounter the problems.

They are all system errors:

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 10/13/2009
Time: 2:36:45 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 10/13/2009
Time: 2:36:45 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 10/13/2009
Time: 2:37:00 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 10/13/2009
Time: 2:37:00 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 10/13/2009
Time: 2:52:01 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 10/13/2009
Time: 2:52:01 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 10/13/2009
Time: 3:22:01 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 10/13/2009
Time: 3:22:01 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 59 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 10/13/2009
Time: 4:22:01 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 10/13/2009
Time: 4:22:01 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 119 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 10/13/2009
Time: 6:05:09 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 10/13/2009
Time: 6:05:09 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	17
Date: 10/13/2009
Time: 6:05:24 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	W32Time
Event Category:	None
Event ID:	29
Date: 10/13/2009
Time: 6:05:24 AM
User: N/A
Computer:	HOME-3909DA9FE9
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## db301 (Mar 28, 2007)

How long does it take for an error to show up in event viewer?

I just tried to use powerpoint, when I tried to insert pictures the program stopped responding for 4 minutes, then resumed. 

No system or application errors in event viewer.


----------



## db301 (Mar 28, 2007)

With all the powerpoint freeze ups, I tried a repair with the original disk of Microsoft Office. Will advise as to whether or not this improves anything.


----------



## Cookiegal (Aug 27, 2003)

I had you remove the Ad-Aware driver with those commands. You should re-synch your time clock with some other source as there are repeated errors synching the time.

Let me know how things are after you repair Office please.


----------



## db301 (Mar 28, 2007)

Oh ok, I didn't know what the commands meant that you had me do.

"You should re-synch your time clock with some other source as there are repeated errors synching the time."

I'm sorry I don't understand that or what to do for that.

No system or application errors so far, powerpoint froze briefly in use today but performed ok and the folders accessed didn't freeze at all.

Not yet anyway...


----------



## db301 (Mar 28, 2007)

Same problem, see message number 69 in this thread. WE crashed and took over 4 minutes to recover after I opened a folder.



"Folders freezing, thumbnails not loading or loading slowly or only half of them load in a folder in a folder, powerpoint not responding, folders not responding, windows explorer crashes, icons disappear and only the background picture is left.."


----------



## db301 (Mar 28, 2007)

After the recovery, just went back and opened one picture and cropped it, closed and saved the picture and the folder WE crashed immediately AGAIN.

No application or system errors in event viewer. 

See message number 34 in this thread:

"For example, let's say I have folder "a" in my documents folder. Inside folder "a", there is folder "b" and "c" with 30 pictures each in them. I open folder "a", open folder "b" and the 30 thumbnail preview pictures load slowly, they start loading after about 10 seconds of waiting. I can see 10 of the 30 pictures in the thumbnail folder view and once the 10 thumbnails are loaded completely I scroll down to see the other 20 and those thumbnails are not loaded. Then, it takes about 5-10 seconds for those to load sometimes longer.

At this point, I would start opening pictures one at a time with photo editor, to crop, lighten the pictures, and then close and save them. Works normally for a time. At some point, folder "b" (in this case) stops responding. The new thumbnail of the newly edited picture does not load. I can't even close folder "b". So, I go back to folder "a" and double click on the icon for folder "b" again, and it opens up a second folder "b", which is not frozen. The thumbnails load slowly again, but I am able to use the contents of the folder to continue editing pictures. That is until this second folder "b" stops responding, at that point I go back to the first folder "b" which has by this time started responding again. So back and forth I go, just to be able to get work done to edit pictures this way.

I have tried creating a new folder "a" and "b", and moving the contents from the old versions to the new, but it has not helped. I thought maybe the original folders were corrupt in some way.

This problem is not unique to folders "a", "b" or "c", but has happened to any folder on my computer at any time. Once in a great while I go to edit pictures and there are few or no hangups. What a pleasure that is! Doesn't happen very often unfortunately.

When I use Powerpoint and import pictures, the popup insert picture window has slow loading thumbnails. Sometimes when I select a picture and click ok to put it into Powerpoint, the popup window half closes, then freezes. The only way it unfreezes is by waiting for it, about 2-3 minutes sometimes."


----------



## db301 (Mar 28, 2007)

Just tried to use powerpoint, it locked up when trying to insert a picture, unable to end the program in task manager by ending program or ending process.

Finally closed after about 4 minutes.

No system or application errors in event manager.

There is something wrong with the way the computer processes picture files and thumbnails, as the original problem stated. Folders and programs stop responding, when folders with pictures and thumbnails are involved.


----------



## Cookiegal (Aug 27, 2003)

What are your system resources like? How much RAM do you have? What is the size of the hard drive? How much space is free on the hard drive?


----------



## db301 (Mar 28, 2007)

I clicked properties on my computer and it says Intel Pentium 4, 2.50 ghz, ram 512 mb, 160gb hard drive. 

120 GB C drive, 40.6 GB used, 73.8 GB free.

40 GB D drive, 27.7 GB used, 9.54 GB free.

Is that not enough space to be able to process pictures and use powerpoint?


----------



## Cookiegal (Aug 27, 2003)

It should be.

What is the size of the paging file? To find that information, do this:

Click Start, and then click Control Panel. 
If in Category view, click on Click Performance and Maintenance and then click System (if in Classic view just click System). 
On the Advanced tab, under Performance, click Settings. 
On the Advanced tab, under Virtual memory, click Change. 
Don't change anything but let me know what it says the size of the initial file is.


----------



## db301 (Mar 28, 2007)

C drive has an initial size of 768mb, maximum of 1536mb

D drive has no paging file.

Could that be a problem? The folders I use the most and have the most problems with are on D drive.


----------



## Cookiegal (Aug 27, 2003)

No, there should generally only be a paging file on the boot partition.

Do you defrag the computer regularly?


----------



## db301 (Mar 28, 2007)

We are starting to go in circles now. Yes, as I stated earlier, I run update and run virus scans as well as defrag Weekly.

I'm disappointed about the paging file answer, I really thought that was possibly the problem. Wouldn't it make sense if since most of the freeze ups seem to occur from files on D, that maybe the one paging file is not enough to handle it?

Would it harm anything to create another paging file, on D drive?

Have you seen this article?

http://support.microsoft.com/kb/314482

I mean, the last thing I need is more problems, but after 7 pages and several months here I still am experiencing the same original problem. I know that my computer is better and cleaner of malware thanks to your help , but the original problem remains and I am being asked questions that I have answered on previous pages.

Is there a limit to the amount of pictures I can have?
Is there a limit to the amount of powerpoint files I can have?
Is there a limit to the amount of space I can use on my computer, before windows explorer starts freezing?

If these questions had a definitive answer, I would comply in order to solve my problem!

It is beyond me how my problem could be simply a matter of too many pictures, or not enough maintenance on my part, but certainly if there was a solution like I need to archive some data on CD's or something to solve the issue I would do it.

I have read many people on the internet who experience problems like I do, but I've never seen a solution. So I need to try anything at this point to stop this freezing problem from happening.

What do you think?


----------



## Cookiegal (Aug 27, 2003)

You're right. I hadn't realized this thread had been going on for so long. Since I've run out of options, other than backing up important data, etc. and doing a reformat to solve the problems, I suggest you start a new thread for assistance.


----------



## db301 (Mar 28, 2007)

The problem I'm having was there shortly after my most recent reformat, which was sometime this past spring.

What are your opinions about setting up another paging file on D drive?

What are you opinions about the link to the article I posted?


----------



## Cookiegal (Aug 27, 2003)

Yes I saw it. This is not my area of expertise though. That's why I suggested you start a new thread with those questions.


----------



## db301 (Mar 28, 2007)

Ok, I understand 

Well then, I sincerely thank you for all your help! 

I appreciate all the time and effort you put into this thread and in helping me for so long, thank you so much! I know my computer is free from Malware, thanks to your expertise and hard work!


----------

