I am having an issue where all of the sudden my desktop icons will not launch a program. Instead the dialog box requesting which program to open the file shows up. Same with some of the start menu programs. Some programs give the response that the program can't be found ie: MS word.
I have been able to use exehelper.com program to fix the issue and have had to use it several times. I have run Norton antivirus. Malwarebtes, and spybot. Some issues have been removed but the problem continues to occur. One other issue just happened. Not sure of the circumstances as my daughter was using the computer, but a multitude of Windows Explorer windows opened until the machine stopped respoding.

Thank you,
Stuart

DDS log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Caitlyn at 17:40:35.15 on Thu 04/29/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3070.1977 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Caitlyn\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\caitlyn\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartw~1.lnk - c:\program files\netgear\wg111 configuration utility\WG111CFG.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration

============= SERVICES / DRIVERS ===============

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-6-5 2440632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-26 102448]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2010-2-7 256000]
S2 gupdate1ca43b8b584169f;Google Update Service (gupdate1ca43b8b584169f);c:\program files\google\update\GoogleUpdate.exe [2009-10-2 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-6-5 23888]

=============== Created Last 30 ================

2010-04-28 00:55:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-28 00:31:29 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-28 00:31:29 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-27 19:58:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 19:58:39 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 19:54:24 65536 --sha-w- c:\users\caitlyn\ntuser.dat{9a56859d-5232-11df-bff2-001bb9dc3eab}.TM.blf
2010-04-27 19:54:24 524288 --sha-w- c:\users\caitlyn\ntuser.dat{9a56859d-5232-11df-bff2-001bb9dc3eab}.TMContainer00000000000000000002.regtrans-ms
2010-04-27 19:54:24 524288 --sha-w- c:\users\caitlyn\ntuser.dat{9a56859d-5232-11df-bff2-001bb9dc3eab}.TMContainer00000000000000000001.regtrans-ms
2010-04-27 19:02:44 0 d-----w- C:\Download
2010-04-27 19:00:16 0 d-----w- c:\windows\system32\EventProviders
2010-04-27 19:00:15 0 d-----w- C:\81a19d0c2c3fc8412f33
2010-04-26 18:47:11 0 d-----w- c:\programdata\Sun
2010-04-26 01:17:09 0 d-----w- c:\users\caitlyn\appdata\roaming\Malwarebytes
2010-04-26 01:16:58 0 d-----w- c:\programdata\Malwarebytes
2010-04-26 01:16:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 00:47:58 0 d-----w- c:\users\caitlyn\appdata\roaming\BCEF1789A457BAC37A506B7828F950BA
2010-04-14 10:19:04 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 10:19:04 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 10:19:04 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 10:18:59 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 10:18:59 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 10:18:56 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 10:18:55 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 10:18:53 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 10:18:53 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 10:18:53 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 10:17:41 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 10:17:39 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39:35 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-07 18:10:52 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-07 18:10:51 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-02-07 18:10:51 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-11 00:08:39 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-28 14:54:23 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-24 19:34:49 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-16 07:22:14 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 17:41:38.48 ===============

Look here. (http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html) download and apply the fix for lnk file association. after you 'unzip' the file to your desktop, right click and select merge to apply to the registry.

That was easy. is that all I should have to do?
Thank you,
Stuart

is that all I should have to do

If it all works now then that should be it. Are Malwarebytes and Spy Bot up to date and coming up clean after a scan?
Are you having any signs (http://www.virusvault.us/signs.html)of malware, other than the short cut problem which i dont think was malware related.

It happened again this morning. None of the icons would work. I had to run exe helper.com to restore it. No other signs of malware though?
Can anything else repeatedly cause this?
Thanks again,
Stuart

Malware usually produces symptoms. One symptom could be not allowing .exe to start. I have never seen this as the only symptom.
Malwarebytes is clean after a scan? You can do a online scan:

ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

It seems to be happening about 1 time per day and nothing else seems to be happening.
Malware bytes found 1 thing log file:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4066

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/4/2010 10:59:21 PM
mbam-log-2010-05-04 (22-59-21).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 260918
Time elapsed: 1 hour(s), 13 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\wbem\Logs\WMITracing.log (Worm.Waledac) -> Delete on reboot.

ESET found 3 things but the log.txt is only
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Thanks again,
Stuart

Did you try the online scan?

Yes, I listed what I got from it bottom of last post

ESET found 3 things but the log.txt is only
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

It didn't list what it found.
Stuart

Computer still doing it about 1 time a day but no other symptoms?
Thank you

Do you know if you have service pack 1 installed on the machine?

This thread has been archived due to inactivity.