Hello,
I'm running windows XP Professional service pack 3 on a laptop. The computer starts up, and some of the programs that come up at startup will appear in the little bar that lists active programs down in the bottom right hand courner of the screen, but after that any that I try to open, or that the system trys to open (so it seems anyway) gives me a 0xc0000142 error box that says the program has to be closed.
I tried doing an Avast anti-virus check, because it was among the programs that opened at startup, but it gave me nothing. I also tried running spybot, and sfc /scannow in safemode, neither of which came up with anything. After that I figured I had messed something up and tried to system restore, and realized I hadn't set a restore point, so I got the operating system reinstalled. After that I came home and tried started to reinstall my anti-virus software, foolishly not setting a restore point right away, I did however make a registry back up with Spybot. While upgrading 360安全卫士 the same problem repeared and I could not open any programs. I had a fair number of programs installed on the D: drive, which had not been erased before when the operating system was reinstalled, and thinking that these might have been the source of the problem I deleated them all except Spybot and Spyware Blaster.

I tried to run DDS and install ERUNT (downloaded on another computer and move over on a flashdrive) as the BEFORE You POST post says, but I got the same error as with everything else.

I know I've done some stupid things so far, and I could get the operating system reinstalled again, but I worry that the problem would just come back. Any help would be greatly appreciated.

hi grancher,

Your post is a few days old. If you still need help simply reply back.

I still need help. I haven't messed with anything since I posted the first time.

So if you boot into safe mode, the same thing happens or not? Its only the apps running in taskbar that are affected? If you launch something from start>programs, it works ok? Are you having any of these possible malware signs? (http://www.malwarevault.com/signs.html)


so I got the operating system reinstalled.
After a reformat of the hard drive?

All programs report the same error when I try to open them, or apparently when the system trys to open them. This includes programs opened from the taskbar, start>programs, the run button in the start menu, and programs that I opened by clicking on their .exe files.

The things that can run in safe mode all seem to run properly as far as I can tell.

I did notice that the internet explorer shortcut down on bottom left courner of the screen in the task bar had been set to open to a portal site I had never heard of. It took me there once, when I figured out how it did it I changed the shortcut.
But I haven't noticed any other malware signs, since the computer can't open any programs, I haven't been using that computer.

I don't think he reformated the hard drive. He only erased the C: drive, the D:, E:, and F: drives, which are partitions of the hard drive, remained untouched.

Would you happen to have the original Windows install media? To do a repair install, this will preserve your data. This error message just started appearing all of a sudden?
Just so I understand, in safe mode the .exe will start up ok but not after a normal reboot?
Have you recently installed any new software, hardware, drivers or Windows Updates, then noticed the error?

I don't have the original windows install media, it seems that computers don't come those things anymore. I remember having a repair disc of some sort, but it has disappeared, which is why I had to go to a local computer guy to get the system reinstalled.

"Just so I understand, in safe mode the .exe will start up ok but not after a normal reboot?"
Yes.

I don't think I installed any new software before the problem started, but I may have updated something. It happened a few days after we got a wireless connection in our home, and I hadn't connected to the wireless many times with that computer before the error messages started appearing.
I'm using the same wireless connection with another computer now though, and it seems to have no problems.

Lets make sure its not malware related. Scareware can use all kinds of different messages/popups that look like there really Windows generated.
You have DDS, try booting into safe mode and see if you can run it. If so we will get some more downloads to use in safe mode.

Here's the DDS log from safe mode

.
DDS (Ver_2011-08-26.01) - FAT32x86 MINIMAL
Internet Explorer: 6.0.2900.5512
Run by Administrator at 10:00:31 on 2011-09-28
Microsoft Windows XP Professional 5.1.2600.3.936.86.2052.18.246.141 [GMT 8:00]
.
AV: 360杀毒 *Enabled/Updated* {D737F2DE-FA43-4036-AF5B-911612E2D674}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
BHO: Thunder Browser Helper: {889d2feb-5411-4565-8998-1dd2c5261283} - c:\program files\thunder network\thunder\comdlls\xunleiBHO_Now.dll
BHO: SafeMon Class: {b69f34dd-f0f9-42dc-9edd-957187da688d} - c:\program files\360\360safe\safemon\safemon.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [360sd] "c:\program files\360\360sd\360sdrun.exe"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [360Safetray] "c:\program files\360\360safe\safemon\360Tray.exe" /start
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMMyDocs = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: 使用迅雷下载 - c:\program files\thunder network\thunder\program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\program\GetAllUrl.htm
IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\thunder network\thunder\program\Thunder.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A436F066-1C4F-481C-BCB6-C73CA143634D} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 0.0.0.0 pubstat.sandai.net
Hosts: 0.0.0.0 mcfg.sandai.net
Hosts: 0.0.0.0 biz5.sandai.net
Hosts: 0.0.0.0 float.sandai.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
S0 HookPort;HookPort;c:\windows\system32\drivers\hookport.sys [2011-9-14 63704]
S1 360netmon;360netmon;c:\windows\system32\drivers\360netmon.sys [2011-9-14 154968]
S1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys [2011-9-14 142552]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\drivers\BAPIDRV.SYS [2011-9-14 83416]
S1 EfiMon;EfiSystemMon;c:\windows\system32\drivers\efimon.sys [2011-9-14 19712]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-14 233136]
S1 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\drivers\qutmdrv.sys [2011-9-14 171992]
S1 qutmipc;qutmipc;c:\windows\system32\drivers\qutmipc.sys [2011-9-14 35160]
S2 360rp;360 杀毒实时防护服务;c:\program files\360\360sd\360rps.exe [2011-5-9 161112]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-9-14 88040]
S2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-9-14 818432]
S2 ZhuDongFangYu;主动防御;c:\program files\360\360safe\deepscan\ZhuDongFangYu.exe [2011-9-14 181592]
S3 360Box;360Box mini-filter driver;c:\windows\system32\drivers\360Box.sys [2011-9-14 156760]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-9-14 70664]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-9-14 58816]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-9-14 115216]
S4 ccosm;Contrl Center of Storm Media;c:\program files\stormii\stormliv.exe [2011-9-14 473184]
.
=============== File Associations ===============
.
chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1
.
=============== Created Last 30 ================
.
2011-09-14 13:01:48 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Help
2011-09-14 10:57:51 -------- d-----w- c:\documents and settings\administrator\application data\PCToolsFirewallPlus
2011-09-14 08:09:44 330240 ------w- c:\windows\system32\SET4D7.tmp
2011-09-14 08:09:30 652288 ------w- c:\windows\system32\SET4CB.tmp
2011-09-14 08:09:30 620544 ------w- c:\windows\system32\SET4CC.tmp
2011-09-14 08:09:30 37888 ------w- c:\windows\system32\SET4CD.tmp
2011-09-14 08:09:29 1509888 ------w- c:\windows\system32\SET4CE.tmp
2011-09-14 08:09:29 1024512 ------w- c:\windows\system32\SET4D0.tmp
2011-09-14 08:09:28 3105792 ------w- c:\windows\system32\SET4CF.tmp
2011-09-14 08:08:31 512000 ------w- c:\windows\system32\SET4B2.tmp
2011-09-14 08:08:24 45056 ------w- c:\windows\system32\SET4AC.tmp
2011-09-14 08:08:24 240640 ------w- c:\windows\system32\SET4AB.tmp
2011-09-14 08:08:24 149504 ------w- c:\windows\system32\SET4AD.tmp
2011-09-14 08:06:07 590848 ------w- c:\windows\system32\SET466.tmp
2011-09-14 08:05:43 209920 ------w- c:\program files\windows nt\accessories\SET459.tmp
2011-09-14 08:05:43 1287680 ------w- c:\windows\system32\SET458.tmp
2011-09-14 08:05:36 58880 ------w- c:\windows\system32\SET454.tmp
2011-09-14 08:05:25 406016 ------w- c:\windows\system32\SET450.tmp
2011-09-14 08:05:14 1172480 ------w- c:\windows\system32\SET44A.tmp
2011-09-14 08:05:02 149504 ------w- c:\windows\system32\SET443.tmp
2011-09-14 08:04:39 65536 ------w- c:\windows\system32\SET43C.tmp
2011-09-14 08:01:17 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-14 07:59:34 1858560 ------w- c:\windows\system32\dllcache\win32k.sys
2011-09-14 07:59:05 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2011-09-14 07:59:05 330240 ------w- c:\windows\system32\dllcache\winsrv.dll
2011-09-14 07:57:12 852480 ------w- c:\windows\system32\dllcache\vgx.dll
2011-09-14 07:57:02 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-09-14 07:56:26 551936 ------w- c:\windows\system32\dllcache\oleaut32.dll
2011-09-14 07:52:10 36864 ------w- c:\windows\system32\dllcache\tsgqec.dll
2011-09-14 07:52:10 2690560 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-09-14 07:52:10 130560 ------w- c:\windows\system32\dllcache\aaclient.dll
2011-09-14 07:52:10 1034240 ------w- c:\windows\system32\dllcache\mstsc.exe
2011-09-14 07:51:55 186880 ------w- c:\windows\system32\dllcache\encdec.dll
2011-09-14 07:51:54 270848 ------w- c:\windows\system32\dllcache\sbe.dll
2011-09-14 07:51:34 435200 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-09-14 07:51:16 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2011-09-14 07:51:06 707584 ------w- c:\windows\system32\dllcache\lsasrv.dll
2011-09-14 07:50:49 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2011-09-14 07:50:49 249856 ------w- c:\windows\system32\dllcache\odbc32.dll
2011-09-14 07:50:49 200704 ------w- c:\windows\system32\dllcache\msadox.dll
2011-09-14 07:50:49 180224 ------w- c:\windows\system32\dllcache\msadomd.dll
2011-09-14 07:50:49 143360 ------w- c:\windows\system32\dllcache\msadco.dll
2011-09-14 07:50:49 102400 ------w- c:\windows\system32\dllcache\msjro.dll
2011-09-14 07:50:11 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-09-14 07:49:36 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-09-14 07:47:39 -------- d-----w- c:\windows\system32\LogFiles
2011-09-14 07:45:56 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-09-14 07:45:56 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-09-14 07:45:56 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-09-14 07:44:49 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2011-09-14 07:44:38 99840 ------w- c:\windows\system32\dllcache\srvsvc.dll
2011-09-14 07:44:38 357888 ------w- c:\windows\system32\dllcache\srv.sys
2011-09-14 07:44:24 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-09-14 07:44:08 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2011-09-14 07:43:49 209920 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-09-14 07:43:49 1287680 ------w- c:\windows\system32\dllcache\ole32.dll
2011-09-14 07:43:16 -------- d-----w- c:\documents and settings\administrator\application data\360se
2011-09-14 07:43:14 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2011-09-14 07:42:00 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2011-09-14 07:41:24 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2011-09-14 07:40:53 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2011-09-14 07:40:36 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-09-14 07:40:20 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2011-09-14 07:38:56 692736 ------w- c:\windows\system32\dllcache\inetcomm.dll
2011-09-14 07:38:32 176640 ------w- c:\windows\system32\dllcache\wintrust.dll
2011-09-14 07:38:20 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2011-09-14 07:38:20 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2011-09-14 07:38:07 332288 ------w- c:\windows\system32\dllcache\mspaint.exe
2011-09-14 07:37:48 47616 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2011-09-14 07:37:48 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2011-09-14 07:37:48 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2011-09-14 07:37:47 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2011-09-14 07:37:47 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2011-09-14 07:37:35 473088 ------w- c:\windows\system32\dllcache\shlwapi.dll
2011-09-14 07:37:14 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2011-09-14 07:37:13 1273856 ------w- c:\windows\system32\dllcache\quartz.dll
2011-09-14 07:36:36 -------- d--h--w- c:\windows\$hf_mig$
2011-09-14 07:36:24 134144 ------w- c:\windows\system32\dllcache\shsvcs.dll
2011-09-14 07:36:23 8320000 ------w- c:\windows\system32\dllcache\shell32.dll
2011-09-14 07:30:38 -------- d-----w- c:\documents and settings\all users\application data\360safe
2011-09-14 07:29:46 -------- d-----w- c:\documents and settings\administrator\application data\360WD
2011-09-14 07:29:38 -------- d-sh--r- C:\360SANDBOX
2011-09-14 07:29:38 -------- d-----w- c:\documents and settings\administrator\application data\360safe
2011-09-14 07:29:37 156760 ----a-w- c:\windows\system32\drivers\360Box.sys
2011-09-14 07:29:36 35160 ----a-w- c:\windows\system32\drivers\qutmipc.sys
2011-09-14 07:29:33 93528 ----a-w- c:\windows\system32\360SoftMgr.cpl
2011-09-14 07:29:31 154968 ----a-w- c:\windows\system32\drivers\360netmon.sys
2011-09-14 07:29:27 27400 ----a-w- c:\windows\system32\drivers\360AntiARP.sys
2011-09-14 07:29:27 14080 ----a-w- c:\windows\system32\drivers\ProtoDrv.sys
2011-09-14 07:27:55 327368 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-09-14 07:27:52 171992 ----a-w- c:\windows\system32\drivers\qutmdrv.sys
2011-09-14 07:27:46 -------- d-----w- C:\360Rec
2011-09-14 07:26:37 83416 ----a-w- c:\windows\system32\drivers\BAPIDRV.SYS
2011-09-14 07:26:07 -------- d-----w- c:\documents and settings\all users\application data\360SD
2011-09-14 07:26:06 -------- d-----w- c:\program files\360
2011-09-14 07:04:00 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-14 07:04:00 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-14 07:03:59 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-14 07:03:36 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-09-14 07:03:36 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-09-14 07:03:36 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-09-14 07:03:36 -------- d-----w- c:\program files\common files\PC Tools
2011-09-14 07:03:34 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-09-14 07:03:32 -------- d-----w- c:\program files\PC Tools Firewall Plus
2011-09-14 07:00:29 63704 ----a-w- c:\windows\system32\drivers\hookport.sys
2011-09-14 07:00:29 53504 ----a-w- c:\windows\system32\drivers\SafeBoxKrnl.sys
2011-09-14 07:00:29 142552 ----a-w- c:\windows\system32\drivers\360SelfProtection.sys
2011-09-14 07:00:28 19712 ----a-w- c:\windows\system32\drivers\efimon.sys
2011-09-14 06:56:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-14 06:56:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-14 06:56:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-14 06:56:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-14 06:46:12 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-14 06:22:50 860 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-09-14 06:22:00 106496 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2011-09-14 06:22:00 106496 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2011-09-14 06:22:00 106496 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2011-09-14 06:21:22 -------- d-----w- c:\program files\common files\Tencent
2011-09-14 06:19:16 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-09-14 06:19:14 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-09-14 06:19:13 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-09-14 06:19:08 -------- d-----w- c:\documents and settings\administrator\application data\Tencent
2011-09-14 06:18:21 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-09-14 06:17:23 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-09-14 06:17:22 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-09-14 06:17:20 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-09-14 06:17:19 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-09-14 06:17:17 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2011-09-14 06:17:14 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2011-09-14 06:17:13 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2011-09-14 06:14:30 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-09-14 06:14:30 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-09-14 06:14:29 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-09-14 06:14:29 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-09-14 06:14:19 32768 ----a-r- c:\windows\system32\w70n5msg.dll
2011-09-14 06:14:17 248448 ----a-w- c:\windows\system32\PROUnstl.exe
2011-09-14 06:14:04 -------- d-----w- c:\program files\Synaptics
2011-09-14 06:13:57 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-09-14 06:13:09 674560 ----a-w- c:\windows\system32\drivers\w70n51.sys
2011-09-14 06:13:07 165496 ----a-w- c:\windows\system32\drivers\e100b325.sys
2011-09-14 06:13:06 995328 ----a-w- c:\windows\system32\W20MLRes.dll
2011-09-14 06:13:06 430147 ----a-w- c:\windows\system32\W20NCPA.dll
2011-09-14 06:13:06 40056 ----a-w- c:\windows\system32\NicInst.dll
2011-09-14 06:13:06 28272 ----a-w- c:\windows\system32\NicCo2.dll
2011-09-14 06:13:05 35424 ----a-w- c:\windows\system32\e100bmsg.dll
2011-09-14 06:11:52 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2011-09-14 06:11:51 16128 ----a-w- c:\windows\system32\drivers\battc.sys
2011-09-14 06:11:51 13952 ----a-w- c:\windows\system32\drivers\CmBatt.sys
.
==================== Find3M ====================
.
2011-07-15 13:29:32 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 10:01:13.97 ===============

I dont see anything that looks out of place. Unless we find malware then we will be guessing what the problem may be. Do you know what this is:

Contrl Center of Storm Media;c:\program files\stormii\

I know its not updated but run Malwarebytes while in safe mode and post the log.

How long has it been since you have been to Windows Update? Your running IE6.0 thats two versions behind.

I think Storm Media is software that lets you watch movies online, I'm not sure, I have never used it. The guy who reinstalled my operating system installed it, along with Thunder Network and almost all the other programs on the computer except the Firewall and Anti-virus software.

The operating system had not been reinstalled for very long before errors started appearing, and I hadn't finnished updaing windows yet.


Here's the Malwarebytes Log, I didn't fix anything it found, just copied the results here.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

数据库版本： 7622

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

2011-9-29 上午 11:52:50
mbam-log-2011-09-29 (11-52-39).txt

扫描类型: 完整扫描 (C:\|D:\|E:\|F:\|)
扫描项目: 177962
扫描用时 12 分钟, 15 秒

被感染内存进程数目： 0
被感染内存模块数目： 0
被感染注册表项数目： 10
被感染注册表值数目： 0
被感染注册表数据项数目： 3
被感染文件夹数目： 0
被感染文件数目： 10

被感染内存进程数目：
(未发现有害项目）

被感染内存模块数目：
(未发现有害项目）

被感染注册表项数目：
HKEY_CLASSES_ROOT\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{802F530B-A8F6-4631-AE49-6BACAAC6373E} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.XDownloadManager.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.XDownloadManager (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.ThunderIEHelper.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\XunLeiBHO.ThunderIEHelper (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{889D2FEB-5411-4565-8998-1DD2C5261283} (Trojan.BHO) -> No action taken.

被感染注册表值数目：
(未发现有害项目）

被感染注册表数据项数目：
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

被感染文件夹数目：
(未发现有害项目）

被感染文件数目：
c:\program files\thunder network\Thunder\ComDlls\xunleibho_now.dll (Trojan.BHO) -> No action taken.
c:\program files\360\360SD\leakrepair.dll (Trojan.Agent) -> No action taken.
c:\program files\360\360Safe\360leakfixer.exe (Trojan.Agent) -> No action taken.
c:\program files\360\360Safe\leakrepair.dll (Trojan.Agent) -> No action taken.
c:\program files\360\360Safe\ipc\patchcheck.dll (Trojan.Agent) -> No action taken.
c:\program files\360\360Safe\modules\360vulsetup.exe (Trojan.Agent) -> No action taken.
c:\program files\360\360Safe\links\links.dll (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\application data\microsoft\internet explorer\quick launch\启动 internet explorer 浏览器.lnk (Hijack.Trace) -> No action taken.
c:\documents and settings\default user\application data\microsoft\internet explorer\quick launch\启动 internet explorer 浏览

After you ran Malwarebytes did you click "remove selected" and then reboot?
MBAM needs to reboot to remove items. Re-run it again in safe mode and have it "remove selected" then reboot your computer.

After you reboot back into safe mode: go to the add/remove programs panel and uninstall:
Storm Media
Thunder Network

You see these in the Malwarebytes log:


\thunder network\Thunder\ComDlls\xunleibho_now.dll (Trojan.BHO)

360 is your antivirus? You see this in the malwarebytes log;


c:\program files\360\360SD\leakrepair.dll (Trojan.Agent) -> No action taken.
c:\program files\360\360Safe\360leakfixer.exe (Trojan.Agent) -> No action taken.
c:\program files\360\360Safe\leakrepair.dll (Trojan.Agent) -> No action taken.
c:\program files\360\360Safe\ipc\patchcheck.dll (Trojan.Agent) -> No action taken.

I cant believe those are all false positives. You should remove 360 from the add/remove programs panel also and get another AV. There are several free one I can link to

Uninstalling 360Safe and 360 AV got rid of the errors which seems strange to me I had used 360Safe for years without any clearly related problems. I ran this Malwarebytes scan from normal windows instead of safe mode, clicked on remove selected and rebooted.
I also uninstalled Storm Media and Thunder Network.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

数据库版本： 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2011-10-1 下午 01:32:16
mbam-log-2011-10-01 (13-32-16).txt

扫描类型: 完整扫描 (C:\|D:\|E:\|F:\|)
扫描项目: 176501
扫描用时 5 分钟, 10 秒

被感染内存进程数目： 0
被感染内存模块数目： 0
被感染注册表项数目： 0
被感染注册表值数目： 0
被感染注册表数据项数目： 3
被感染文件夹数目： 0
被感染文件数目： 3

被感染内存进程数目：
(未发现有害项目）

被感染内存模块数目：
(未发现有害项目）

被感染注册表项数目：
(未发现有害项目）

被感染注册表值数目：
(未发现有害项目）

被感染注册表数据项数目：
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

被感染文件夹数目：
(未发现有害项目）

被感染文件数目：
c:\documents and settings\administrator\application data\microsoft\internet explorer\quick launch\启动 internet explorer 浏览器.lnk (Hijack.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\default user\application data\microsoft\internet explorer\quick launch\启动 internet explorer 浏览器.lnk (Hijack.Trace) -> Quarantin

I had used 360Safe for years
Maybe you or somebody installed a fake or cracked version? Dont know really, but you can see what malwarebytes found.

Did you get another AV installed? I wouldnt be without one for long. Malwarebytes isnt AV.

When you ran DDS it made two logs. You posted one. Can you post the other, it shows a list of installed software. If you didnt save it you can just run DDS again to get a new copy. It will show what else that "guy" installed to your machine.

I attached the 2nd dds log file, I couldn't find the old one so I ran dds again.

I haven't installed AV yet, I'm not sure what is good. I used the free Avast anti-virus software for a while, but it didn't seem to do very much, I would certainly like to hear recommendations.

I used the free Avast anti-virus software for a while,
Nothing wrong with Avast.
some others below. You need to get one installed and updated

AVG (http://free.avg.com/us-en/free-downloads)
Panda cloud (http://www.cloudantivirus.com/en/)
MS Security Essentials (http://www.microsoft.com/security/pc-security/mse.aspx)

I downloaded and installed Panda Cloud. It deleted a hxtlcolor.dll.

I've been having some trouble getting on the internet, but I think that is a network problem, as it seems to effect both of the computers in our house.

We will get one more download as a check for malware:

Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click to run, then click the SCAN button. When finished click the SAVE LOG button, save the log somewhere and post it in your reply.

Here is the aswMBR scan log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-10 13:36:15
-----------------------------
13:36:15.800 OS Version: Windows 5.1.2600 Service Pack 3
13:36:15.800 Number of processors: 1 586 0x905
13:36:15.800 ComputerName: HP-201109141411 UserName: Administrator
13:36:23.722 Initialize success
13:53:10.760 AVAST engine defs: 11100901
13:53:20.784 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:53:20.784 Disk 0 Vendor: SAMSUNG_HM160HC LQ100-10 Size: 152627MB BusType: 3
13:53:22.847 Disk 0 MBR read successfully
13:53:22.847 Disk 0 MBR scan
13:53:23.037 Disk 0 unknown MBR code
13:53:23.037 Disk 0 scanning sectors +312576705
13:53:23.137 Disk 0 scanning C:\WINDOWS\system32\drivers
13:53:32.481 Service scanning
13:53:34.504 Modules scanning
13:53:44.498 Disk 0 trace - called modules:
13:53:44.518 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:53:44.518 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x812e09d0]
13:53:44.528 3 CLASSPNP.SYS[f95cdfd7] -> nt!IofCallDriver -> \Device\0000007e[0x812e2d80]
13:53:44.568 5 ACPI.sys[f9544620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x812e3b58]
13:53:45.500 AVAST engine scan C:\WINDOWS
13:53:48.975 AVAST engine scan C:\WINDOWS\system32
13:55:33.275 AVAST engine scan C:\WINDOWS\system32\drivers
13:55:43.309 AVAST engine scan C:\Documents and Settings\Administrator
13:56:48.933 AVAST engine scan C:\Documents and Settings\All Users
13:56:55.012 Scan finished successfully
13:59:50.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\桌面\MBR.dat"
13:59:50.835 The log file has been saved successfully to "C:\Documents and Settings\Administrator\桌面\aswMBR.txt"

Looks ok. You can delete the aswMBR icon from your desktop. So is it looking ok on your end now?

It's working alright. Thank you very much for all of your help and I'm sorry I haven't always been prompt in my replys, I had some trouble getting to these forums for a little while, but that seems to have gone away now.
Thanks again.

No problem, your welcome. Note that the free version of malwarebytes must be updated manually and a scan started manually. Its good practice to check for updates regularly even if you dont do a scan at that time.

You can also make a new restore point; the how and the why:
One of the features of Windows XP, Vista and Windows 7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.


2. Reboot.


3. Turn ON System Restore.(creates a new restore points on a clean system)

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

For your reference:

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) The why and how for securing (http://www.cert.org/tech_tips/securing_browser/) your browser for safer surfing.

10) Warez, cracks, keygens and p2p are very popular for carrying malware payloads. A file can be named anything, be nothing but malware or have malware bundled in it. Do you really trust the source of the file?


More info/tips with pictures, links below

Happy Safe Surfing.