Anytime I try to use an application (winamp, windows media player, windows explorer), It gives an error saying that it has encountered a problem and needs to close. BTW, when I boot into safe mode to use any anti-virus program I have, it ends up hanging. Have even tried to use an online virus scan, where the pc usually needs to be shut down, then restarted to work. Any help would be appreciated. Hijack This log provided below Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:02:27 PM, on 7/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
BoboJaymz, Your HJT Log is Clean, showing no signs of malware.. That don’t mean you’re not infected. Newer Malware can hide from HJT so here is what I would like you to do: Close HijackThis and rename it. • Go to C:\Program Files\Trend Micro\HijackThis.exe • Right click on HijackThis.exe and select Rename. • Type in BoboJaymz.exe and press Enter. • Right-click on BoboJaymz.exe and select Send To > Desktop (create shortcut) • From the desktop open Hijackthis. (aka BoboJaymz) • Click on the Do a system scan and save a log file button • Hijackthis will scan and then a log will open in notepad. • Copy and then paste the entire contents of the log in your post. • Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. Although we have renamed Hijackthis to BoboJaymz.exe, we will still refer to it as Hijackthis or HJT. Please post with a new HJT Log and hopefully we can pin it down. If Not, we’ll get out our bigger GUNS…. There is more than one way to catch a rat ; ) 2OG
try running a chkdsk c:/f from the command prompt (start menu/run). Do the chkdsk on all your partition/hard drives. Also another thing that might cause this problem is the windows explorer/thumbnail shell. For that you might have to disable that from the registry. Description: When opening folders with movie files in them, windows explorer (the desktop) crashes. Problem: This is a known issue with Windows XP's video thumbnail thing in Explorer. Being a thing invented by MS, it's buggy and doesn't always know how to handle things not supported by MS, and occasionally fails on things it does know how to support too. Every now and again it will crash and take Explorer down with it. Easy to solve thankfully. Solution: Windows XP: * Go to Start -> Run... and type regsvr32 /u shmedia.dll Press enter. Done. It's as simple as that. If you, for some reason want it back, simply do the same thing again, but remove the "/u". That is: Start -> Run... regsvr32 shmedia.dll This will only disable movie thumbnails/previews, not picture thumbnails.
Hi BoboJaymz Just wanted to ask a question: are winamp, windows media player, and windows explorer the only applications that cannot open? If all applications cannot open, just how exactly did you manage to run HijackThis? Perhaps this will help: After the error has occured, please go to Control Panel, Administrative Tools, Event Viewer. Double click on the first item on the list, and take a screenshot. Please upload the image to a site like imageshack.us, and post the url to the image here. Best Regards
Any application I try to run will, it's like 8 seconds after I get a dialog box stating that the application needs to be closed because of an error. At which point the only way to get rid of the box is to click close and the application does just that.
Set a Restore Point and try some of the suggestions posted to you. If it don’t work, you can always go back and try something else. Just remember: All advice given by anyone volunteering here, is taken at own risk. While best efforts are made to assist in removing infections safely, unexpected stuff can happen.
Hey BoboJaymz After you have done all that I instructed, please click on your Start button, Run, and type in regedit. Click on the plus sign (+) next to HKEY_CLASSES_ROOT and scroll down the list till you find exefile. Right click on exefile, and click on Export. Save it to your desktop, and right click on the .reg file which appears on your desktop. Click on Edit, and post the contents here. Best Regards
