Results 1 to 6 of 6

Thread: Explorer keeps crashing...please help

  1. 2011-11-15, 16:22 #1
    HungryGarou
    HungryGarou is offline
    Junior Member
    Join Date
    Nov 2011
    Posts
    3

    Default Explorer keeps crashing...please help

    Hello.

    I've had some issues where Explorer.exe where it keeps crashing and reloading periodically. Ive ran some scans with Avast, Malwarebytes, Spybot, and CCleaner. (I've already attempted to fixed the issues in the registry with CCleaner and Spybot) I was able to rid of a weird problem where upon startup i couldn't use explorer or any browser for about ten minutes, until a "firewall is not enabled" prompt came up, and the "wireless connection 2" icon soon appeared.

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
    Run by jinjin at 8:49:12 on 2011-11-15
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2942.1784 [GMT -6:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    L:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    L:\WINDOWS\System32\svchost.exe -k netsvcs
    L:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    L:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    L:\WINDOWS\system32\RUNDLL32.EXE
    L:\WINDOWS\RTHDCPL.EXE
    L:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
    L:\Program Files\Zune\ZuneLauncher.exe
    L:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
    L:\WINDOWS\system32\spoolsv.exe
    L:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    svchost.exe
    L:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe
    L:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    L:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    L:\WINDOWS\System32\svchost.exe -k Akamai
    L:\WINDOWS\system32\ANIWConnService.exe
    L:\Program Files\QuickTime\QTTask.exe
    L:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    L:\Program Files\iTunes\iTunesHelper.exe
    L:\Program Files\Application Updater\ApplicationUpdater.exe
    L:\Program Files\Bamboo Dock\BambooCore.exe
    L:\Program Files\Bonjour\mDNSResponder.exe
    L:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    L:\Program Files\Common Files\Java\Java Update\jusched.exe
    L:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\program files\real\realplayer\update\realsched.exe
    L:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    L:\WINDOWS\system32\ctfmon.exe
    L:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    L:\Program Files\Java\jre6\bin\jqs.exe
    L:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
    L:\WINDOWS\system32\lxducoms.exe
    L:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    L:\WINDOWS\System32\svchost.exe -k HPZ12
    L:\Program Files\CDBurnerXP\NMSAccessU.exe
    L:\WINDOWS\system32\nvsvc32.exe
    L:\WINDOWS\System32\svchost.exe -k HPZ12
    L:\WINDOWS\system32\svchost.exe -k imgsvc
    L:\Program Files\DAEMON Tools Lite\DTLite.exe
    L:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    L:\WINDOWS\system32\ZuneBusEnum.exe
    L:\Documents and Settings\jinjin\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    L:\Documents and Settings\jinjin\Local Settings\Application Data\Akamai\netsession_win.exe
    L:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    L:\Program Files\Logitech\SetPoint\SetPoint.exe
    L:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    L:\Program Files\MagicDisc\MagicDisc.exe
    L:\Documents and Settings\jinjin\Local Settings\Application Data\Akamai\netsession_win.exe
    L:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    L:\Program Files\iPod\bin\iPodService.exe
    L:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    L:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    L:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    E:\firefox portable\FirefoxPortable.exe
    E:\firefox portable\App\firefox\firefox.exe
    E:\firefox portable\App\firefox\plugin-container.exe
    L:\Program Files\Windows Media Player\wmplayer.exe
    L:\PROGRA~1\THEKMP~1\KMPlayer.exe
    L:\WINDOWS\explorer.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.msn.com
    uSearch Page =
    uSearch Bar =
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant =
    uURLSearchHooks: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - l:\program files\dealio toolbar\ie\4.7\dealioToolbarIE.dll
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - l:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - d:\orbit\orbitcth.dll
    BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - l:\program files\dealio toolbar\ie\4.7\dealioToolbarIE.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - l:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - l:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - l:\program files\lexmark toolbar\toolband.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - l:\program files\askbardis\bar\bin\askBar.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - l:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - l:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - l:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - l:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - l:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - l:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - l:\program files\lexmark printable web\bho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - l:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - l:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - l:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - l:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - l:\program files\lexmark toolbar\toolband.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - l:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - l:\program files\askbardis\bar\bin\askBar.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\orbit\GrabPro.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - l:\program files\daemon tools toolbar\DTToolbar.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - l:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: Pictures: {8e929f51-5914-11d6-971f-0050fc3f9161} - l:\program files\diodia software\pictures toolbar\Pictures.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - l:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - l:\program files\dealio toolbar\ie\4.7\dealioToolbarIE.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - l:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - l:\program files\canon\easy-webprint ex\ewpexhlp.dll
    uRun: [ctfmon.exe] l:\windows\system32\ctfmon.exe
    uRun: [swg] "l:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [DAEMON Tools Lite] "l:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [msnmsgr] "l:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [SansaDispatch] l:\documents and settings\jinjin\application data\sandisk\sansa updater\SansaDispatch.exe
    uRun: [Akamai NetSession Interface] l:\documents and settings\jinjin\local settings\application data\akamai\netsession_win.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE l:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE l:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IMJPMIG8.1] "l:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] l:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] l:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] l:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [lxdumon.exe] "l:\program files\lexmark 5600-6600 series\lxdumon.exe"
    mRun: [lxduamon] "l:\program files\lexmark 5600-6600 series\lxduamon.exe"
    mRun: [Zune Launcher] "l:\program files\zune\ZuneLauncher.exe"
    mRun: [ClientGW]
    mRun: [eSnips] "l:\program files\esnips\ClientGW.exe"
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [hpqSRMon]
    mRun: [ANIWZCS2Service] l:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
    mRun: [D-Link D-Link Xtreme N Dual Band DWA-160] l:\program files\d-link\dwa-160 reva\AirNCFG.exe
    mRun: [avast5] l:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [CanonMyPrinter] l:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenu] l:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [QuickTime Task] "l:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "l:\program files\itunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "l:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [BambooCore] l:\program files\bamboo dock\BambooCore.exe
    mRun: [<NO NAME>]
    mRun: [SearchSettings] "l:\program files\common files\spigot\search settings\SearchSettings.exe"
    mRun: [SunJavaUpdateSched] "l:\program files\common files\java\java update\jusched.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [Malwarebytes' Anti-Malware] "l:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: l:\docume~1\jinjin\startm~1\programs\startup\erunta~1.lnk - l:\program files\erunt\AUTOBACK.EXE
    StartupFolder: l:\docume~1\jinjin\startm~1\programs\startup\magicd~1.lnk - l:\program files\magicdisc\MagicDisc.exe
    StartupFolder: l:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - l:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: l:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - l:\program files\logitech\setpoint\SetPoint.exe
    IE: &Download by Orbit - d:\orbit\orbitmxt.dll/201
    IE: &Grab video by Orbit - d:\orbit\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - d:\orbit\orbitmxt.dll/203
    IE: Down&load all by Orbit - d:\orbit\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - l:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Extract Flash Video with Bytescout... - l:\program files\bytescout movies extractor scout\flashextract_ie.html
    IE: Google Sidewiki... - l:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Snip to my eSnips account - l:\program files\esnips\res\SnipIt.htm
    IE: {626B5BA3-81E5-4748-A4C5-B77434C12DD3} - l:\program files\bytescout movies extractor scout\flashextract_ie.html
    IE: {72270F2D-66B9-477D-9A1F-180EB66AA23B} - l:\program files\bytescout movies extractor scout\flashextract_ie.html
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - l:\documents and settings\jinjin\start menu\programs\imvu\Run IMVU.lnk
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - l:\program files\messenger\msmsgs.exe
    IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - l:\program files\winhttrack\WinHTTrackIEBar.dll
    IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - l:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - l:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - l:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - l:\progra~1\spybot~1\SDHelper.dll
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1244245586125
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{4DAC69A4-7758-4596-9F7B-4BAD8028ACD6} : DhcpNameServer = 209.18.47.61 209.18.47.62
    Notify: LBTWlgn - l:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - l:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - l:\documents and settings\jinjin\application data\mozilla\firefox\profiles\1dkcd1uf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WEATDF&PC=WEATDF&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=992732&ilc=12&p=
    FF - component: l:\documents and settings\jinjin\application data\mozilla\firefox\profiles\1dkcd1uf.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
    FF - plugin: l:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: l:\documents and settings\jinjin\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: l:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: l:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: l:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: l:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: l:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: l:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: l:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: l:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: l:\program files\mozilla firefox\plugins\npkanevapatch.dll
    FF - plugin: l:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: l:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - l:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - l:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - l:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - l:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - l:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - l:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - l:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Movies Extractor Scout helper: {ABD59049-8F4C-4F50-A274-CC63527942FA} - %profile%\extensions\{ABD59049-8F4C-4F50-A274-CC63527942FA}
    FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
    FF - Ext: BatchDownload: batchdownload@panshisoft.cn - %profile%\extensions\batchdownload@panshisoft.cn
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - l:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - l:\program files\java\jre6\lib\deploy\jqs\ff
    .
    ---- FIREFOX POLICIES ----
    pref(dom.disable_open_during_load, true);
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;l:\windows\system32\drivers\aswSnx.sys [2011-4-2 442200]
    R1 aswSP;aswSP;l:\windows\system32\drivers\aswSP.sys [2008-11-3 320856]
    R2 Akamai;Akamai NetSession Interface;l:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
    R2 ANIWConnService;ANIWConn Service;l:\windows\system32\ANIWConnService.exe [2010-2-21 147456]
    R2 Application Updater;Application Updater;l:\program files\application updater\ApplicationUpdater.exe [2011-9-27 745880]
    R2 aswFsBlk;aswFsBlk;l:\windows\system32\drivers\aswFsBlk.sys [2008-11-3 20568]
    R2 avast! Antivirus;avast! Antivirus;l:\program files\alwil software\avast5\AvastSvc.exe [2010-3-23 44768]
    R2 lxdu_device;lxdu_device;l:\windows\system32\lxducoms.exe -service --> l:\windows\system32\lxducoms.exe -service [?]
    R2 lxduCATSCustConnectService;lxduCATSCustConnectService;l:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2008-11-29 98984]
    R2 MBAMService;MBAMService;l:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-11-12 366152]
    R3 arusb(Atheros);D-Link Wireless Network Adapter Service;l:\windows\system32\drivers\dwarusb.sys [2010-2-21 457728]
    R3 MBAMProtector;MBAMProtector;l:\windows\system32\drivers\mbam.sys [2008-11-12 22216]
    S2 gupdate1ca6268959ce04c;Google Update Service (gupdate1ca6268959ce04c);l:\program files\google\update\GoogleUpdate.exe [2009-11-10 133104]
    S3 gupdatem;Google Update Service (gupdatem);l:\program files\google\update\GoogleUpdate.exe [2009-11-10 133104]
    S3 hid8101;hid8101;l:\windows\system32\drivers\hid8101.sys [2010-2-9 31899]
    S3 NPF;NetGroup Packet Filter Driver;l:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    S3 PL-40R;CASIO USB MIDI;l:\windows\system32\drivers\pl40rwdm.sys [2011-5-17 18048]
    S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;l:\windows\system32\drivers\rt2870.sys --> l:\windows\system32\drivers\rt2870.sys [?]
    S3 xbreader;MaxDrive XBox Driver (xbreader.sys);l:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]
    S3 XDva311;XDva311;\??\l:\windows\system32\xdva311.sys --> l:\windows\system32\XDva311.sys [?]
    S3 XDva344;XDva344;\??\l:\windows\system32\xdva344.sys --> l:\windows\system32\XDva344.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-15 06:18:53 388096 ----a-r- l:\documents and settings\jinjin\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-15 06:18:52 -------- d-----w- l:\program files\Trend Micro
    2011-11-15 01:46:14 -------- d-----w- l:\program files\Spybot - Search & Destroy
    2011-11-15 01:46:14 -------- d-----w- l:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-11-12 06:46:18 -------- d-----w- l:\documents and settings\jinjin\application data\SumatraPDF
    2011-11-12 06:46:12 -------- d-----w- l:\program files\SumatraPDF
    2011-11-12 06:29:47 -------- d-----w- l:\documents and settings\jinjin\application data\IObit
    2011-11-12 04:34:55 -------- d-----w- l:\program files\Defraggler
    2011-11-09 01:03:43 -------- d-----w- l:\documents and settings\jinjin\application data\bsnes
    2011-11-08 04:58:38 -------- d-----w- l:\documents and settings\jinjin\application data\.anki
    2011-11-08 04:40:12 -------- d-----w- l:\program files\Anki
    2011-11-07 13:38:09 -------- d-----w- l:\program files\common files\xing shared
    2011-11-03 01:03:40 1033728 ----a-w- l:\windows\system32\explorer.exe
    2011-11-03 00:39:24 -------- d-----w- l:\documents and settings\jinjin\local settings\application data\Akamai
    .
    ==================== Find3M ====================
    .
    2011-11-07 13:37:35 499712 ----a-w- l:\windows\system32\msvcp71.dll
    2011-11-07 13:37:35 348160 ----a-w- l:\windows\system32\msvcr71.dll
    2011-10-27 13:51:13 414368 ----a-w- l:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22:41 692736 ----a-w- l:\windows\system32\inetcomm.dll
    2011-10-03 10:06:03 472808 ----a-w- l:\windows\system32\deployJava1.dll
    2011-10-03 07:37:52 73728 ----a-w- l:\windows\system32\javacpl.cpl
    2011-09-28 07:06:50 599040 ----a-w- l:\windows\system32\crypt32.dll
    2011-09-26 16:41:20 611328 ----a-w- l:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20 220160 ----a-w- l:\windows\system32\oleacc.dll
    2011-09-26 16:41:14 20480 ----a-w- l:\windows\system32\oleaccrc.dll
    2011-09-06 21:45:29 41184 ----a-w- l:\windows\avastSS.scr
    2011-09-06 21:38:05 442200 ----a-w- l:\windows\system32\drivers\aswSnx.sys
    2011-09-06 13:20:51 1858944 ----a-w- l:\windows\system32\win32k.sys
    2011-08-31 23:00:50 22216 ----a-w- l:\windows\system32\drivers\mbam.sys
    2011-08-17 21:32:17 832512 ----a-w- l:\windows\system32\wininet.dll
    2011-08-17 21:32:16 78336 ----a-w- l:\windows\system32\ieencode.dll
    2011-08-17 21:32:16 1830912 ------w- l:\windows\system32\inetcpl.cpl
    2011-08-17 21:32:15 17408 ----a-w- l:\windows\system32\corpol.dll
    2006-05-03 09:06:54 163328 --sh--r- l:\windows\system32\flvDX.dll
    2007-02-21 10:47:16 31232 --sh--r- l:\windows\system32\msfDX.dll
    2008-03-16 12:30:52 216064 --sh--r- l:\windows\system32\nbDX.dll
    .
    ============= FINISH: 8:52:02.09 ===============

    also..if it helps

    --error signature--

    EventType : BEX P1 : explorer.exe P2 : 6.0.2900.5512 P3 : 48025c30
    P4 : unknown P5 : 0.0.0.0 P6 : 00000000 P7 : 0b789290
    P8 : c0000005 P9 : 00000008
  2. 2011-11-17, 19:35 #2
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello HungryGarou and

    My name is JonTom

    • Malware Logs can sometimes take a lot of time to research and interpret.
    • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
    • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
    • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
    • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.


    Before we begin any fixing please do the following:

    1. DeFogger


      • Please download DeFogger to your desktop.
      • Click on DeFogger to run the tool.
      • The application window will appear.
      • Click the Disable button to disable your CD Emulation drivers.
      • Click Yes to continue.
      • A 'Finished!' message will appear.
      • Click OK.
      • DeFogger will now ask to reboot the machine - click OK.
        IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
        Do not re-enable these drivers until otherwise instructed.


    2. Please scan your system with GMER



      Download GMER Rootkit Scanner from here or here.
      • Extract the contents of the zipped file to desktop.
      • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
      • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
      • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
        • IAT/EAT
        • Drives/Partition other than Systemdrive (typically C:\)
        • Show All (don't miss this one)
      • Then click the Scan button & wait for it to finish.
      • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
      • Save it where you can easily find it, such as your desktop, and post it in your reply.


      **Caution**
      Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries

      Please post the GMER log in your next reply. If you encounter any problems with the scan come back and let me know.
    Proud Graduate of the WTT Classroom
  3. 2011-11-22, 06:00 #3
    HungryGarou
    HungryGarou is offline
    Junior Member
    Join Date
    Nov 2011
    Posts
    3

    Default

    thanks..getting started now. will post updates...
  4. 2011-11-22, 17:45 #4
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    You are lucky HungryGarou

    I was almost about to close you thread.

    Post the requested logs when you can (I will leave your thread open for another day or two).
    Proud Graduate of the WTT Classroom
  5. 2011-11-25, 18:27 #5
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Do you still need help?
    Proud Graduate of the WTT Classroom
  6. 2011-11-26, 16:02 #6
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Due to inactivity, this topic has been closed.

    If you need continued support, please begin a new thread.
    Proud Graduate of the WTT Classroom
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules