Need Help!! (HJT LOG INCLUDED)

Turn Off TeaTimer, it can interfere with fixes done.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Now, can I ask, what all do you have disabled from auto start? Go back into msconfig and put a check mark in Normal Start and then reboot.
Can you go back into msconfig and re-enable everything? We need to know what's on there.

Well this may seem short but the only items that actually appear on the list right now are...

ashDisp (Avast)
Yahoo! Messenger

So...I don't think rebooting would do any good.

Not just in start up programs also in services.

The 017 entry does concern me. What is that?

SBC Internet Services, is that your internet provider?

Yes my ISP is SBC Yahoo!

These are all of the services I have checkmarked at the moment.

Application Layer Gatewat Service
Application Management
ASP.NET State Service
avast! iAVS4 Control Service
Windows Audio
avast! Antivirus
avast! Mail Scanner
avast! Web Scanner
Background Intelligent Transfer Service
Computer Browser
Indexing Service
.NET Runtime Optimization Service v2.0.50727_X86
COM+System Application
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Logical Disk Manager Administrative Service
Logical Disk Manager
DNS Client
Error Reporting Service
Event Log
COM+ Event System
Fast User Switching Compatibility
Help and Support
HTTP SSL
IMAPI CD-Burning COM Service
Java Quick Starter
Server
Workstation
TCP/IP NetBIOS Helper
NetMeeting Remote Desktop Sharing
Distributed Transaction Coordinator
Windows Installer
MSSQL$SONY_MEDIAMGR
MSSQLServerADHelper
Net Logon
Network Connections
Network Location Awareness (NLA)
NT LM Security Support Provider
Removable Storage
Plug and Play
IPSEC Services
Protected Storage
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Desktop Help Session Manager
Remote Procedure (RPC) Locator
Remote Procedure (RPC)
QoS RSVP
Security Accounts Manager
Smart Card
Task Scheduler
Secondary Logon
System Event Notification
Windows Firewall/Internet Connection Sharing (ICS)
Shell Hardware Detection
Print Spooler
SOLAgent$SONY_MEDIAMGR
System Restore Service
SSDP Discovery Service
Windows Image Acquisition (WIA)
MS Software Shadow Copy Provider
Performance Logs and Alerts
Telephony
Terminal Services
Themes
Distributed Link Tracking Client
Universal Plug and Play Device Host
Uninterruptible Power Supply
Volume Shadow Copy
Windows Time
WebClient
Windows Management Instrumentation
Portable Media Serial Number Service
WMI Performance Adapter
Windows Media Player Network Sharing Service
Security Center
Automatic Updates
Windows Driver Foundation - User-mode Driver Framework
Wireless Zero Configuration
Network Provisioning Service

Ok. Just wondered as I seldom see so few auto starts unless the scan is run in safe mode...:)
Really don't see much out of the ordinary in the log other than the small number of auto starts. Is there a reason you have never updated your browser to IE7?
How much RAM do you have on the system?
You say you ran Spybot, did it find anything and if so, what?

Do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Run a new scan with HJT after the reboot and save the log.
Post back here with both of those logs.

Is there a reason you have never updated your browser to IE7?

Because I use Firefox. Should I bother to update IE?

How much RAM do you have on the system?

Right now 1024MB

You say you ran Spybot, did it find anything and if so, what?

It found one thing but it effected nothing really.

What did spybot find?

What did spybot find?

I don't remember now, but here are the results of the scan and the new log. Every problem seems to be resolved now but the WE one, I doubled clicked Recycle Bin and still get the error message.

Malwarebytes' Anti-Malware 1.34
Database version: 1815
Windows 5.1.2600 Service Pack 2

3/3/2009 7:19:21 PM
mbam-log-2009-03-03 (19-19-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 162930
Time elapsed: 1 hour(s), 50 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\My Backup -- 09-02-14 0314PM\WINDOWS\system32\rqRKBqpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2548852145-676069781-287698876-1006\Dc20.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-2548852145-676069781-287698876-1006\Dc24.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:29 PM, on 3/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\My Backup -- 09-02-14 0314PM\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B526CB30-5E73-423F-A74B-4B1DA2F7F0E6}: NameServer = 151.164.8.201 204.60.203.179
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 2550 bytes

I doubled clicked Recycle Bin and still get the error message.

What is the full error message you get? Have you checked Event Viewer for noted items around the time of these crashes? It should tell you quite possibly what is actually causing these crashes. I would need the full info on any of the noted items.

Windows Explorer

Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvience.

If you were in the middle...I think you get the idea.

Error signature
EventType : InPageError P1 c000009c P2 " 00000003

The following files will be included in this error report
C:\DOCUME~1\Bob\LOCALS~1\Temp\WER7118.dir00\explorer.exe.mdmp
C:\DOCUME~1\Bob\LOCALS~1\Temp\WER7118.dir00\appcompat.txt

Have you checked Event Viewer for noted items around the time of these crashes?

How do I check it in Windows XP?

Start Up, Control Panel, Administrative Services. You will find it in there.

Okay, I did find this there...

3/4/09 3:37 PM

Faulting application explorer.exe, version 6.0.2900.3156, faulting module browseui.dll, version 6.0.2900.3462, fault address 0x0006ce2d.

Data (words)
0000: 6c707041 74616369 206e6f69 6c696146
0010: 20657275 70786520 65726f6c 78652e72
0020: 2e362065 39322e30 332e3030 20363531
0030: 62206e69 73776f72 2e697565 206c6c64
0040: 2e302e36 30303932 3634332e 74612032
0050: 66666f20 20746573 36303030 64326563
0060: 0a0d

There are many of these throughout.

Something else I found there is this error...

Windows cannot access the file C:\WINDOWS\system32\browseui.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Shell Browser UI Library because of this error.

Program: Shell Browser UI Library
File: C:\WINDOWS\system32\browseui.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again.
2. If the file still cannot be accessed and
- It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.
Additional Data
Error value: C000009C
Disk type: 3

This file is an integral part of Internet Explorer. Try a repair of IE by going to Start, Control Panel, Add/Remove. Click on Internet Explorer and try a Repair.

I went to Add/Remove programs but for some reason I do not see IE there.

Try running System File Checker:
To run the System File Checker, follow these steps:

1. Click Start, click Run type sfc /scannow, and then press ENTER.
2. Follow the prompts throughout the System File Checker process.
3. Restart the computer when System File Checker process is complete.

It worked! ty

Fantastic!