954,292 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
10 Months Ago
0

Win7 Explorer.exe Crashes on Right-click

Hello;

I got some kind of infection or something last week, which caused my virus software not to update, and finally my computer to totally crash and would not reboot. I successfully recovered my system from an image (it was one level up of messy from actual system restore - which never works, why is that?).

Now explorer.exe crashes and restarts whenever I right click on files in explorer (not folders, they work as normal). This is true whether I click a file in a folder, or a file appearing over the Windows button.

I need the right click for all kinds of things.

Thank you so much in advance for your help!

Michael

Windows 7 64-bit
Windows Malicious Software Remover found nothing.
ATF Cleaner: Done.
GMER.one scan did not post any results (I think this is due to Win7 64bit).
Gmer two.LOG Follows
MBAM found nothing.
DDS.txt follows
Attach.txt is available. I received three different instructions for this which were confusing. The webpage says paste in the page. The pop-up window says do no post, but attach the file. Attach.txt itself says do not post. I have not attached it, pending further instructions.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-27 23:10:32
Windows 6.1.7600
Running: 3z7gk5t8.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT
\Parameters\Keys\701a049c7429


Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT
\Parameters\Keys\701a049c7437


Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT
\Parameters\Keys\70f1a101fac3


Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT
\Parameters\Keys\70f1a101fac3@58170ce50349

0x60 0x25 0xF5 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT
\Parameters\Keys\70f1a101fac3@0023d4a9e78f

0x5F 0x25 0x35 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT
\Parameters\Keys\904ce5fa4793


Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1


771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2


285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0


1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC


Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC@p0

C:\Program Files
(x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC@u0

0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC@h0

0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12

0x63 0x42 0x0F 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001


Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0

0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12

0xE0 0x1E 0x14 0xAA
...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0


Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC
\00000001\gdq0@hdf12

0x68 0x84 0x82 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1


Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC
\00000001\gdq1@hdf12

0x17 0x76 0x32 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2


Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC
\00000001\gdq2@hdf12

0x5D 0x4B 0xD4 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3


Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC
\00000001\gdq3@hdf12

0x5E 0xAD 0xDA 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT
\Parameters\Keys\701a049c7429 (not active ControlSet)


Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT
\Parameters\Keys\701a049c7437 (not active ControlSet)


Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT
\Parameters\Keys\70f1a101fac3 (not active ControlSet)


Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT
\Parameters\Keys\70f1a101fac3@58170ce50349

0x60 0x25 0xF5 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT
\Parameters\Keys\70f1a101fac3@0023d4a9e78f

0x5F 0x25 0x35 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT
\Parameters\Keys\904ce5fa4793 (not active ControlSet)


Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)


Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC@p0

C:\Program Files
(x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC@u0

0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC@h0

0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12

0x0C 0x23 0x7C 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active
ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0

0x20 0x01 0x00 0x00
...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12

0xE0 0x1E 0x14
0xAA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not
active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC
\00000001\gdq0@hdf12

0x9D 0x36 0x87 0xFC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not
active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC
\00000001\gdq1@hdf12

0x30 0x9C 0x77 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not
active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC
\00000001\gdq2@hdf12

0xC5 0x43 0x29 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not
active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
\14919EA49A8F3B4AA3CF1058D9A64CEC
\00000001\gdq3@hdf12

0x5E 0xAD 0xDA 0x6A ...

---- Files - GMER 1.0.15 ----

File C:\Torrents\Completed Torrents\Windows Smart Phone Mobile
Applications And Games\Applications\Applications 2\Adisasta
wmZip v3.1.2.Build.3125.XScale.Smartphone200x.Incl.Keygen-
SyMPDA
\Adisasta.wmZip.v3.1.2.Build.3125.XScale.Smartphone200x.Incl.Key
gen-SyMPDA\file_id.diz 336 bytes
File C:\Torrents\Completed Torrents\Windows Smart Phone Mobile
Applications And Games\Applications\Applications 2\Adisasta
wmZip v3.1.2.Build.3125.XScale.Smartphone200x.Incl.Keygen-
SyMPDA
\Adisasta.wmZip.v3.1.2.Build.3125.XScale.Smartphone200x.Incl.Key
gen-SyMPDA\Keygen.exe 34816 bytes executable
File C:\Torrents\Completed Torrents\Windows Smart Phone Mobile
Applications And Games\Applications\Applications 2\Adisasta
wmZip v3.1.2.Build.3125.XScale.Smartphone200x.Incl.Keygen-
SyMPDA
\Adisasta.wmZip.v3.1.2.Build.3125.XScale.Smartphone200x.Incl.Key
gen-SyMPDA\sympda.nfo 16461 bytes
File C:\Users\Xuyuan\AppData\Local\Google\Chrome\User Data
\Default\Cookies-journal

0 bytes

---- EOF - GMER 1.0.15 ----

MBAM

Found nothing.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7300

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/07/2011 23:19:21
mbam-log-2011-07-27 (23-19-21).txt

Scan type: Quick scan
Objects scanned: 190929
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Xuyuan at 23:20:45 on 2011-07-27
Microsoft Windows 7 Ultimate
6.1.7600.0.950.886.1033.18.3838.1107 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated*
{9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36
-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-
4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2
-AA01-20A2-213B-0B8EB45B02E8}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-
56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository
\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection
\Smc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared
\ccSvcHst.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k
LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED
\IMEDICTUPDATE.EXE
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp
4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\PC Tools\sMonitor
\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort
\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection
\Rtvscan.exe
C:\Program Files (x86)\TeamViewer
\Version5\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live
\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live
\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection
\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection
\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components
\scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Users\Xuyuan\AppData\Local\Google\Update
\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\InstallShield\UpdateService
\issch.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Google\Google Desktop Search
\GoogleDesktop.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIMplugin.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor
\SSDMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF
\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Program Files\Common Files\Microsoft Shared
\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k
NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Google Talk Plugin
\googletalkplugin.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application
\chrome.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uDefault_Page_URL = hxxp://www.bing.com
uInternet Settings,ProxyOverride = localhost, 127.0.0.1,
hxxp://gaeapanda.dyndns.org:8888/cgi-bin/html/login.html
uInternet Settings,ProxyServer = http= 195.37.16.152:3128
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-
768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart
Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-
fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe
\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-
206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:
\Program Files (x86)\Microsoft\Search Enhancement Pack\Search
Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-
0bbc1d38a37e} - C:
\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-
8ecc-5164760863c6} - C:\Program Files (x86)\Common Files
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSO Helper Object: {a2f122da-055f-4df7-8f24-
7354dbdba85b} - FAIESSOHelper Class
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-
484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files
\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22
-42b3008e02ff} - C:
\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-
9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077}
- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX
\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856}
- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing
\hpswp_BHO.dll
TB: Dr.eye WebPage Translation: {92b255fe-94e2-4bca-958d-
3926ce38913f} - C:\Program Files (x86)\Inventec\Dreye\DreyeMT
\DreyeIEBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:
\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX
\AcroIEFavClient.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-
cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart
Web Printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON
Tools Lite\DTLite.exe" -autorun
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD
\AnyDVD.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [ISUSPM Startup] C:
\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -
startup
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search
& Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Xuyuan\AppData\Local\Google
\Update\GoogleUpdate.exe" /c
uRun: [DfMarshal] regsvr32 /s /u "C:\Users\Xuyuan\AppData\Local
\DfMarshal\DfMarshal.dll"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
/autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe"
/nosplash /minimized
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files
\InstallShield\UpdateService\issch.exe" -start
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec
Shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files
(x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe
\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office
\Office14\BCSSync.exe" /DelayServices
mRun: [IME14 CHT Setup] C:
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED
\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [IME14 JPN Setup] C:
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED
\IMEKLMG.EXE /SetPreload /JPN /Log
mRun: [IME14 KOR Setup] C:
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED
\IMEKLMG.EXE /SetPreload /KOR /Log
mRun: [IME14 CHS Setup] C:
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED
\IMEKLMG.EXE /SetPreload /CHS /Log
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google
\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software
Update\HPWuSchd2.exe
mRun: [IMDreyePlugin] "C:\Program Files (x86)\Inventec\Dreye
\DreyeMT\DreyeIMplugin.exe" /h
mRun: [AdobeCS5ServiceManager] "C:\Program Files
(x86)\Common Files\Adobe\CS5ServiceManager
\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe
\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool
\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC
Tools\sMonitor\SSDMonitor.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime
\QTTask.exe" -atboottime
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local
Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Xuyuan\AppData\Roaming
\MICROS~1\Windows\STARTM~1\Programs\Startup
\JACQUI~1.LNK - C:\Program Files (x86)\Jacquie Lawson Advent
Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent
Calendar.exe
StartupFolder: C:\Users\Xuyuan\AppData\Roaming
\MICROS~1\Windows\STARTM~1\Programs\Startup
\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office
\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows
\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files
(x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files
(x86)\Common Files\Adobe\Acrobat\ActiveX
\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files
\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files
(x86)\Common Files\Adobe\Acrobat\ActiveX
\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files
\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:
\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: English<->German - C:\Program Files (x86)\LingvoSoft
\LingvoSoft Talking Dictionary 2007 (English-German) for
Windows\Plugins\IE.htm
IE: Se&nd to OneNote - C:
\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files
\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files
\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700}
IE: {9A64FC4B-7139-594F-BB95-62943D7D7F03}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "C:\Program
Files (x86)\ProxyPick\ProxyPick.exe"
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267
-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files
(x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-
E1D6-4330-914C-F5F514E3486C} - C:\Program Files
(x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0
-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile
\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0
-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile
\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614
-B694-4AE6-AB38-5D6374584B52} - C:\Program Files
(x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-
83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP
\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-
6F74-2D53-2644-206D7942484F} - C:
\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-
i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-
i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-
i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swfla
sh.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0FD62F36-7FDC-432B-BECB-9177DAE12814} :
NameServer = 192.168.1.1
TCP: Interfaces\{433D458E-DFE2-4BE2-927C-D4C328319872} :
DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F1396390-F8D4-4C88-BF17-837BD9474AB1} :
DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F1396390-F8D4-4C88-BF17-
837BD9474AB1}\244584F6D65684572623D275937425 :
DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F1396390-F8D4-4C88-BF17-
837BD9474AB1}\94F454C49424 : NameServer =
168.95.1.1,192.168.4.254
TCP: Interfaces\{F1396390-F8D4-4C88-BF17-
837BD9474AB1}\94F454C49424 : DhcpNameServer =
140.109.128.5 140.109.129.5 140.109.1.10
TCP: Interfaces\{F1396390-F8D4-4C88-BF17-
837BD9474AB1}\D4541444F475 : DhcpNameServer =
212.74.112.66 212.74.112.67
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -
C:\Program Files (x86)\Common Files\microsoft shared
\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
C:\Program Files (x86)\Windows Live\Photo Gallery
\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: acaptuser32.dll C:\PROGRA~2\Google
\GOOGLE~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-
b3ba-52453494e6cd} - C:
\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-
768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart
Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596
-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe
\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644
-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-
B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search
Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-
B7F9-0BBC1D38A37E} - C:
\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-
4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} -
FAIESSOHelper Class
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-
E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-
4959-BA22-42B3008E02FF} - C:
\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-
435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin
\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-
665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe
\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-
0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart
Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Dr.eye WebPage Translation: {92B255FE-94E2-4BCA-
958D-3926CE38913F} - C:\Program Files (x86)\Inventec\Dreye
\DreyeMT\DreyeIEBar.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-
0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe
\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files
\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files
\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files
(x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files
\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office
\Office14\BCSSync.exe" /DelayServices
mRun-x64: [IME14 CHT Setup] C:
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED
\IMEKLMG.EXE /SetPreload /CHT /Log
mRun-x64: [IME14 JPN Setup] C:
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED
\IMEKLMG.EXE /SetPreload /JPN /Log
mRun-x64: [IME14 KOR Setup] C:
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED
\IMEKLMG.EXE /SetPreload /KOR /Log
mRun-x64: [IME14 CHS Setup] C:
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED
\IMEKLMG.EXE /SetPreload /CHS /Log
mRun-x64: [Google Desktop Search] "C:\Program Files
(x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP
Software Update\HPWuSchd2.exe
mRun-x64: [IMDreyePlugin] "C:\Program Files (x86)\Inventec
\Dreye\DreyeMT\DreyeIMplugin.exe" /h
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files
(x86)\Common Files\Adobe\CS5ServiceManager
\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe
\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool
\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC
Tools\sMonitor\SSDMonitor.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime
\QTTask.exe" -atboottime
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe
Local Backup\Components\scheduler\Launcher.exe
IE-X64: {612F6E5C-B314-4bab-93D1-D266AAFBE700}
IE-X64: {9A64FC4B-7139-594F-BB95-62943D7D7F03}
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:
\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "C:
\Program Files (x86)\ProxyPick\ProxyPick.exe"
AppInit_DLLs-X64: acaptuser32.dll C:\PROGRA~2\Google
\GOOGLE~1\GO36F4~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-
4420-B3BA-52453494E6CD} - C:
\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Xuyuan\AppData\Roaming\Mozilla
\Firefox\Profiles\409nch2r.default\
FF - prefs.js: browser.startup.homepage -
hxxps://www.google.com/accounts/ServiceLogin?
service=mail&passive=true&rm=false&continue=https%3A%2F
%2Fmail.google.com%2Fmail%2F%3Faccount_id
%3Dmstanleybaker%40gmail.com%26zx%3D162r7o244df
%26shva%3D1%26ui%3Dhtml%26zy
%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=googlemail
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.http - 195.37.16.152
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR
\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight
\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins
\npdjvu.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery
\NPWLPG.dll
FF - plugin: C:\Users\Xuyuan\AppData\Local\Google\Update
\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Xuyuan\AppData\Roaming\Mozilla\plugins
\npgoogletalk.dll
FF - plugin: C:\Users\Xuyuan\AppData\Roaming\Mozilla\plugins
\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash
\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 bftpdskc64;BUFFALO TurboPC Cache Filter;C:\Windows
\system32\drivers\bftpdskc64.sys --> C:\Windows\system32\drivers
\bftpdskc64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:
\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys
--> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows
\system32\DRIVERS\vwififlt.sys --> C:\Windows
\system32\DRIVERS\vwififlt.sys [?]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy
service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
[2010-9-29 67584]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell
\DellDock\DockLogin.exe [2009-6-9 155648]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:
\Program Files\Common Files\Microsoft Shared\IME14\SHARED
\IMEDICTUPDATE.EXE [2010-1-21 83312]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown
Monitor service;C:\Program Files (x86)\Common Files\PC Tools
\sMonitor\StartManSvc.exe [2011-7-23 632792]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program
Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-29
1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell
DataSafe Local Backup\SftService.exe [2010-1-22 689472]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program
Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
[2009-9-17 2477304]
R2 TeamViewer5;TeamViewer 5;C:\Program Files
(x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-12-1
2011944]
R3 bautpw64;BUFFALO eco manager for HD Filter;C:\Windows
\system32\drivers\bautpw64.sys --> C:\Windows\system32\drivers
\bautpw64.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows
\system32\DRIVERS\bcmvwl64.sys --> C:\Windows
\system32\DRIVERS\bcmvwl64.sys [?]
R3 bftpusbx64;BUFFALO TurboPC USB Filter;C:\Windows
\system32\drivers\bftpusbx64.sys --> C:\Windows\system32\drivers
\bftpusbx64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows
\system32\DRIVERS\CtClsFlt.sys --> C:\Windows
\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files
(x86)\Common Files\Symantec Shared\EENGINE
\EraserUtilRebootDrv.sys [2011-7-20 136824]
R3 itecir;ITECIR Infrared Receiver;C:\Windows
\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS
\itecir.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:
\Windows\system32\drivers\nvhda64v.sys --> C:\Windows
\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files
\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform
\OSPPSVC.EXE [2010-1-9 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC
{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service
Helper Driver;C:\Program Files\Dell Support Center
\pcdsrvc_x64.pkms [2010-11-18 25072]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows
\system32\DRIVERS\vwifimp.sys --> C:\Windows
\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework
NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework
\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework
NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET
\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers
\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows
\system32\DRIVERS\btwl2cap.sys --> C:\Windows
\system32\DRIVERS\btwl2cap.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files
(x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:
\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe
[2010-8-21 25832]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows
\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS
\facap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:
\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files
(x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop
Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google
Desktop Search\GoogleDesktop.exe [2010-11-15 30192]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows
\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS
\ivusb.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:
\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-8-
12 2146496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files
(x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 17152]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows
\system32\E400.tmp --> C:\Windows\system32\E400.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft
SharePoint Workspace Audit Service;C:\Program Files
(x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25
30969208]
S3 sprtsvc_DellComms;SupportSoft Sprocket Service
(DellComms);C:\Program Files (x86)\Dell\DellComms\bin
\sprtsvc.exe [2009-5-5 206064]
S3 WatAdminSvc;Windows Activation Technologies Service;C:
\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows
\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows
\system32\DRIVERS\WSDPrint.sys --> C:\Windows
\system32\DRIVERS\WSDPrint.sys [?]
S4 McProxy;McAfee Proxy Service;C:\Program Files (x86)\Common
Files\McAfee\McProxy\McProxy.exe [2010-1-22 359952]
.
=============== Created Last 30 ================
.
2011-07-24 01:13:12 -------- d-----w- C:\Users\Xuyuan
\AppData\Roaming\Registry Mechanic
2011-07-23 08:13:26 880640 ----a-w- C:\Windows
\SysWow64\UniBox10.ocx
2011-07-23 08:13:26 506368 ----a-w- C:\Windows
\SysWow64\msxml.dll
2011-07-23 08:13:26 40408 ----a-w- C:\Windows
\System32\CleanMFT64.exe
2011-07-23 08:13:26 212992 ----a-w- C:\Windows
\SysWow64\UniBoxVB12.ocx
2011-07-23 08:13:26 1101824 ----a-w- C:\Windows
\SysWow64\UniBox210.ocx
2011-07-23 08:13:23 -------- d-----w- C:\Program Files
(x86)\Common Files\PC Tools
2011-07-23 06:43:56 404640 ----a-w- C:\Windows
\SysWow64\FlashPlayerCPLApp.cpl
2011-07-20 19:54:30 -------- d-----w- C:\ProgramData\DivX
2011-07-20 12:26:10 80384 ----a-w- C:\Windows
\System32\drivers\BTHUSB.SYS
2011-07-20 12:26:10 552448 ----a-w- C:\Windows
\System32\drivers\bthport.sys
2011-07-19 15:12:13 2106216 ----a-w- C:\Program Files
(x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-19 15:12:13 1998168 ----a-w- C:\Program Files
(x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-19 14:24:40 759296 ----a-w- C:\Program Files
(x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-19 14:24:40 1110528 ----a-w- C:\Program Files
\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-18 21:05:41 157696 ----a-w- C:\Windows
\System32\drivers\mrxsmb.sys
2011-07-18 21:05:41 126464 ----a-w- C:\Windows
\System32\drivers\mrxsmb20.sys
2011-07-18 21:05:40 287744 ----a-w- C:\Windows
\System32\drivers\mrxsmb10.sys
2011-07-18 21:03:03 161792 ----a-w- C:\Windows
\SysWow64\d3d10_1.dll
2011-07-18 21:03:02 197120 ----a-w- C:\Windows
\System32\d3d10_1.dll
2011-07-18 21:01:56 3134464 ----a-w- C:\Windows
\System32\win32k.sys
2011-07-18 20:36:43 5509504 ----a-w- C:\Windows
\System32\ntoskrnl.exe
2011-07-18 20:36:41 3957632 ----a-w- C:\Windows
\SysWow64\ntkrnlpa.exe
2011-07-18 20:36:40 3901824 ----a-w- C:\Windows
\SysWow64\ntoskrnl.exe
2011-07-18 20:36:30 2870272 ----a-w- C:\Windows\explorer.exe
2011-07-18 20:36:29 2614784 ----a-w- C:\Windows
\SysWow64\explorer.exe
2011-07-18 20:36:17 142336 ----a-w- C:\Windows
\System32\poqexec.exe
2011-07-18 20:36:17 123904 ----a-w- C:\Windows
\SysWow64\poqexec.exe
2011-07-18 20:36:08 662528 ----a-w- C:\Windows
\System32\XpsPrint.dll
2011-07-18 20:36:08 442880 ----a-w- C:\Windows
\SysWow64\XpsPrint.dll
2011-07-18 20:34:12 31232 ----a-w- C:\Windows
\SysWow64\prevhost.exe
2011-07-18 20:34:12 31232 ----a-w- C:\Windows
\System32\prevhost.exe
2011-07-18 20:19:49 7844688 ----a-w- C:\ProgramData
\Microsoft\Windows Defender\Definition Updates\{2AAB4CFD-
5DB0-43E3-BE37-9C02D8C825BB}\mpengine.dll
2011-07-13 16:54:29 404992 ----a-w- C:\Windows
\System32\umpnpmgr.dll
2011-07-13 16:54:28 64512 ----a-w- C:\Windows
\SysWow64\devobj.dll
2011-07-13 16:54:28 44544 ----a-w- C:\Windows
\SysWow64\devrtl.dll
2011-07-13 16:54:28 252928 ----a-w- C:\Windows
\SysWow64\drvinst.exe
2011-07-13 16:54:28 145920 ----a-w- C:\Windows
\SysWow64\cfgmgr32.dll
2011-07-10 12:03:50 -------- d-----w- C:\Users\Xuyuan
\AppData\Roaming\DisneyInteractiveStudios
2011-07-09 23:22:05 -------- d-----w- C:\Program Files
(x86)\Disney Interactive Studios
.
==================== Find3M ====================
.
2011-07-27 12:25:32 17408 ----a-w- C:\Windows
\System32\rpcnetp.exe
2011-07-27 12:25:29 58288 ----a-w- C:\Windows
\SysWow64\rpcnet.dll
2011-07-06 17:52:42 41272 ----a-w- C:\Windows
\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 25912 ----a-w- C:\Windows
\System32\drivers\mbam.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows
\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows
\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows
\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows
\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows
\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows
\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows
\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows
\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch
\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows
\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows
\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows
\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows
\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\Windows
\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows
\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows
\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows
\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows
\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows
\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows
\SysWow64\mshtml.tlb
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows
\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows
\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows
\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows
\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows
\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows
\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows
\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows
\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows
\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows
\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows
\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows
\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows
\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows
\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows
\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows
\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows
\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows
\SysWow64\SearchProtocolHost.exe
2011-05-03 05:21:22 976896 ----a-w- C:\Windows
\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows
\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows
\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows
\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows
\System32\drivers\srvnet.sys
.
============= FINISH: 23:22:26.30 ===============

Michael_SB
Newbie Poster
18 posts since Sep 2010
Reputation Points: 10
Solved Threads: 0
 
10 Months Ago
0

Maybe something in context menu (right click menu) crash explorer ?
If i read it right, the problem is only with the files.
If you right click on a folder explorer work fine.

Download from here ShellexView, and from here shellMenuview

First run ShellMenu.exe and disable evrything you find suspicious.

Then run the ShellexView and do the same.
To disable an item just select it with your mouse and then click the red button on the uper left corner of the Window.

You may need to disable them all and enable them one at the time, to find what cause the problem.

biggeo65
Newbie Poster
14 posts since Apr 2010
Reputation Points: 6
Solved Threads: 1
 
10 Months Ago
0

Don't access the links first. Other experts in the Virus Area will help you.

jingda
Industrious Poster
4,698 posts since Mar 2011
Reputation Points: 182
Solved Threads: 142
 
10 Months Ago
0

Thanks biggeo65 and Jingda. Jingda, I didn't see your post earlier, so I tried using both softwares. I disabled first half of everything in ShellMenu and no result. I then re-enabled and disabled the other half. No dice.
ShellexView was more complicated, as some Windows Office softwares are connected to the system(?) and I was told disabling them could prevent me starting up again. So I disabled everything I could that was either created or modified on or since the time of crash. No results, right-click still crashed explorer.
I don't know if I was using the software correctly - was I supposed to reboot each time after disabling something?

@Jingda - thanks. This thread is in Windows - should I somehow repost it to viruses?

Michael_SB
Newbie Poster
18 posts since Sep 2010
Reputation Points: 10
Solved Threads: 0
 
10 Months Ago
0

Hi Michael,

It appears you are running Symantec Endpoint Protection. There are a couple tools that we provide, that may help find and remove hard to discover threats.

First is the Power Eraser tool, found in the SEP support tool. Run this first and see if anything gets picked up.

http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US

The second utility is also found within the SEP support tool.
Run the Load Point Analysis utility to help troubleshoot your system and determine if your system is infected.

http://www.symantec.com/business/support/index?page=content&id=TECH96291&locale=en_US

I hope this information is helpful to you.

Best,
Thomas (Symantec)

thomas_symantec
Newbie Poster
1 post since Jul 2011
Reputation Points: 10
Solved Threads: 0
 
9 Months Ago
0

Dear Thomas;

Thank you but this also produced no results.

Michael_SB
Newbie Poster
18 posts since Sep 2010
Reputation Points: 10
Solved Threads: 0
 
9 Months Ago
0

I've further found that certain clicks in the Control Panel (such as managing backups) also causes explorer to fail.
In addition, my computer just spontaneously crashed tonight, with no warning - just froze for 10 minutes and then rebooted. It went through a self disk-check, but only found one .tmp file that it associated with a directory.
This is getting dangerous! I'm worried about losing work. I don't believe there's a disk problem, since the Disk Check didn't find anything - but I'm open to investigating. However, I think the issue of explorer.exe closing spontaneously is a soft error. What to do???

Michael_SB
Newbie Poster
18 posts since Sep 2010
Reputation Points: 10
Solved Threads: 0
 
9 Months Ago
0

When explorer resets, it also tries to send a file back to Windows. It's called WER64D1.tmp.hdmp Is that useful for anyone for analysis?

Michael_SB
Newbie Poster
18 posts since Sep 2010
Reputation Points: 10
Solved Threads: 0
 
9 Months Ago
0

Try backing up your data on a external hard disk first in case you loose all your work. See this too

http://answers.microsoft.com/en-us/windows/forum/windows_7-system/problem-with-explorerexe-in-windows-7/41ae6113-974b-4ba8-985e-f710260396e5

jingda
Industrious Poster
4,698 posts since Mar 2011
Reputation Points: 182
Solved Threads: 142
 
9 Months Ago
0


Thanks. I have backed up.

I ran the sfc scan, and it didn't solve the problem. But it produced the attached report - is it helpful? It was originally titled CBS.log, I've renamed it to CBS.log.txt for uploading.

Many thanks for your help!

Michael

Attachments CBS.log_.txt (874.69KB)
Michael_SB
Newbie Poster
18 posts since Sep 2010
Reputation Points: 10
Solved Threads: 0
 
9 Months Ago
0

I think you better take your laptop for a repair. Let an expert to closely look at it. You can try reformat your computer first.

jingda
Industrious Poster
4,698 posts since Mar 2011
Reputation Points: 182
Solved Threads: 142
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed