SVCHOST.EXE causing lots of problems - can I use another users fix? - Page 2

cybertech · 09-Jul-2009, 02:19 PM **#16**

Please post your hijackthis log again and let me know if you are still having problems.

jonbyles · 09-Jul-2009, 02:33 PM **#17**

Hi, just missed you.

I was restarting the system.

after restarting, I got a message saying :
hpqimzone.exe common lan runtime debugging servies
Process id=0xalc(2588) Thread Id=0xa20(2592)

The the system froze.

I restarted again and got :

Application Error - NOT THE USUAL SVCHOST.EXE ERROR

But then, I got the usual svchost.exe error

0x75606eb5 referenced memory at 0x00000008 the memory could not be read.

Here's the hijack this log as promised.

The computer is running a bit better, and the CPU usage is definatle ydown to a more acceptable level - thank you.

If we could just sort the error messages out now it would be fantastic. Not tried to update windows yet, I'm waiting fro you to tell me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:31, on 09/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\TrayIcon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
D:\office2007\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\prog files\WCESCOMM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\office2007\Office12\ONENOTEM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\office2007\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\system32\TrayIcon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\office2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\prog files\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\office2007\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\prog files\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\prog files\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\prog files\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Jon\My Documents\New Folder\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Jon\My Documents\New Folder\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\office2007\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 11839 bytes

Many many thanks as ever

Lookinf forward to the next post

Jon

jonbyles · 09-Jul-2009, 02:41 PM **#18**

PS, there's still no sounds coming through on the system, except error messages.

Thought I'd keep you posted

Thanks

cybertech · 09-Jul-2009, 02:44 PM **#19**

The error at startup seems to be related to C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
You might try going into add/remove programs and see if there is a repair option. If not I would remove and reinstall that.

I don't see any reason for Symantec updates to be running. If you agree stop these services:

Click Start - Run - and type in:

services.msc
Click OK.

In the services window find each of these, one at a time:

LiveUpdate - Symantec Corporation
Automatic LiveUpdate Scheduler - Symantec Corporation

Right click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK.
Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

Run HJT again and put a check in the following:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Jon\My Documents\New Folder\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Jon\My Documents\New Folder\PartyPoker.exe (file missing)

Close all applications and browser windows before you click "fix checked".

Restart the machine, post a new hijackthis log and let me know what problems you may be having.

jonbyles · 09-Jul-2009, 03:13 PM **#20**

Hello again

Done all that, apart from repairing the HP file, it will take me an age to find the disk, and I presume it will need it. Is this important at the moment ? Plus, I'm printing all your replies out so I can follow them, and I don't want the printer to stop working just yet.

When I restarted, I got 4 svchost application errors, all stating the memory could not be "read"

They were

0x7c910c9e at 0x00000000

0x7564d383 at 0x00000060

0x7564d3bq at 00000020

0x7c928132 at 0x00000008

the HJT file is as follows :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:03, on 09/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\TrayIcon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
D:\office2007\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\prog files\WCESCOMM.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\office2007\Office12\ONENOTEM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\office2007\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\system32\TrayIcon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\office2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\prog files\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\office2007\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\prog files\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\prog files\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\prog files\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\office2007\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 10790 bytes

Speak soon

Jon

jonbyles · 09-Jul-2009, 03:14 PM **#21**

PS Sound not on yet

jonbyles · 09-Jul-2009, 03:15 PM **#22**

PPS

I didn't mean it to sound rude about the HP thing. What I meant to say was, I will happily do it if it is necessary to this fix. Not, is it really necessary ?? lol

Sorry bout that

cybertech · 09-Jul-2009, 08:05 PM **#23**

Run HJT again and put a check in the following:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)

Close all applications and browser windows before you click "fix checked".

The fix for the HP item was just to try and remove the error message. I'm not sure what program it's related to but I would think it may be a download from the HP site as well. I doubt if Digital Imaging has anything to do with your sound. You may need to reload the drivers for that to get it working again.

Download OTS.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTS on your desktop.

Close any open browsers.
If your Real protection or Antivirus intervenes with OTS, allow it to run.
Open the OTS folder and double-click on OTS.exe to start the program.
In Additional Scans section put a check in Disabled MS Config Items and EventViewer logs
Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file

Use the Reply button, scroll down to the attachments section and attach the notepad file here.

NOTE: The only people who can see attachments in the HJT forum are: the thread starter, Admins & Mods, and HJT Helpers & Trainees.

jonbyles · 10-Jul-2009, 01:04 PM **#24**

Hi again

Done as I was instructed.

The file can be found as requested.

Only the one error message today (same one though).......so far.

Thanks as always

Jon

cybertech · 10-Jul-2009, 01:21 PM **#25**

Start OTS. Copy/Paste the information in the Code box below into the pane where it says Paste fix here and then click the Run Fix button.

Code:

[Kill Explorer]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "btbb_McciTrayApp" -> C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe [C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe]
YN -> "Cmaudio" -> [RunDll32 cmicnfg.cpl,CMICtrlWnd]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}" [HKLM] -> [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk]
YN -> "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire]
YN -> "C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath ]
YN -> "C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe" -> C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe [C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:pandora]
YN -> "C:\Program Files\Yahoo!\Messenger\ypager.exe" -> C:\Program Files\Yahoo!\Messenger\ypager.exe [C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger]
YN -> "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server]
YN -> "D:\Ares\Ares.exe" -> D:\Ares\Ares.exe [D:\Ares\Ares.exe:*:Enabled:Ares]
< Drives with AutoRun files > -> 
NY -> D:\autorun.inf [[autorun] | ;vdljvreocqougypwvtsunpxdbovbwtjuaxeiiexjqkmklxqumusa | shellexecute="RECYCLER\S-5-9-99-100022251-100024658-100005233-4384.com d:\" | ;hwukaxhrxsgwrfmjkbyswdmszzymqenkvtrzgxiqbgbkflsnk | shell\Open\command="RECYCLER\S-5-9-99-100022251-100024658-100005233-4384.com d:\" | ;gwkplgihufxtnqqfayfxommfnlfuftssicuowtbueiyntimksmvweuggkxbiiaxkfnzcgesgolyifxk | shell=Open | ] -> D:\autorun.inf [ NTFS ]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\Open\command -> 
YN -> \D\Shell\Open\command\\"" -> D:\RECYCLER\S-5-9-99-100022251-100024658-100005233-4384.com [D:\RECYCLER\S-5-9-99-100022251-100024658-100005233-4384.com d:\]
[Files/Folders - Created Within 30 Days]
NY -> 2 C:\Documents and Settings\Jon\Desktop\*.tmp files -> C:\Documents and Settings\Jon\Desktop\*.tmp
[Files/Folders - Modified Within 30 Days]
NY -> 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 2972 C:\Documents and Settings\Jon\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jon\Local Settings\Temp\*.tmp
NY -> 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
Post that information back here.

I will review the information when it comes back in.

jonbyles · 10-Jul-2009, 01:55 PM **#26**

Hi

Followed all that but got a currupt file notification. I had to write it down:

The File or Directory C:\Documents and Settings\jon\localsettings\temp\~DF3030.tmp is corrupt and unreadable
Please run chkdsk utility

I had no choice but to press ok, but it didn't go away.

The system restarted, but the message was still there

and I also got 2 SVC host errors come up on startup as well

I've attached the notepad file and posted it here for you.

All Processes Killed
No active process named Explorer.EXE was found!
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\btbb_Mcci TrayApp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ubisoft\Splinter Cell Pandora Tomorrow\pandora.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\ypager.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Ares\Ares. exe deleted successfully.
D:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\D\Shell\Open\command\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\D\Shell\Open\command not found.
[Files/Folders - Created Within 30 Days]
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Jon\Local Settings\Temp\IXP867.TMP folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD141C.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD1429.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD1431.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD1435.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD143A.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD1469.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD1470.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD49A.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD5DA.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD5E8.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD60F.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD619.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD621.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD627.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\TCD720.tmp folder deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\_ds28.tmp folder deleted successfully.
File delete failed. C:\Documents and Settings\Jon\Local Settings\Temp\~DF3030.tmp scheduled to be deleted on reboot.
C:\Documents and Settings\Jon\Local Settings\Temp\~nsu.tmp folder deleted successfully.
[Empty Temp Folders]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jon
File delete failed. C:\Documents and Settings\Jon\Local Settings\Temp\~DF3030.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 1531657194 bytes
File delete failed. C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.Word\~WRS{4FEEB2D3-363F-4127-A7C0-D76262BA6B7F}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.Word\~WRS{8C6089FE-00F6-4D6E-8942-0641935DA40A}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.Word\~WRS{D94CEB32-D69A-433C-B316-BD4FBA8F748B}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3048348 bytes
->Java cache emptied: 42884877 bytes
->FireFox cache emptied: 114174033 bytes
->Google Chrome cache emptied: 4146196 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 79847 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1617.45 mb

< End of fix log >
OTS by OldTimer - Version 3.0.9.3 fix logfile created on 07102009_174336

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Jon\Local Settings\Temp\~DF3030.tmp not found!
File\Folder C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.Word\~WRS{4FEEB2D3-363F-4127-A7C0-D76262BA6B7F}.tmp not found!
File\Folder C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.Word\~WRS{8C6089FE-00F6-4D6E-8942-0641935DA40A}.tmp not found!
File\Folder C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.Word\~WRS{D94CEB32-D69A-433C-B316-BD4FBA8F748B}.tmp not found!

Registry entries deleted on Reboot...

Thanks again

Jon

cybertech · 10-Jul-2009, 08:13 PM **#27**

Run disk check to fix the disk errors.
Go to Start, click on My Computer, right-click on the C: drive and select Properties.

In the Properties dialog box, click the Tools tab. In the Error-Checking section, press the Check Now button.
A Check Disk dialog box displays, as shown below.

In the Check Disk dialog box, check both of the check boxes.

Click Start.

You will see a message box that says you can schedule the disk check to start the next time you restart your computer. Click Yes. Now restart your computer, it will automatically run through a disk check before displaying your login screen. After the disk check finishes, Windows will automatically bring you to your login screen.

Note: Check Disk can take more than an hour to check and clean errors on your computer.

After that has completed please try to run Malwarebytes again.

jonbyles · 11-Jul-2009, 06:20 AM **#28**

Morning

Really sorry that things aren't going straight forward here, but thanks for your continued help.

I've tried several times to run check disk but it keeps coming up with a message saying:

"Windows was unable to complete the disk check"

It actually doesn't even seem to attempt to start it !

Is there a plan B ?

Thanks as always

Jon

cybertech · 11-Jul-2009, 11:25 AM **#29**

Did you put a check in both boxes as shown above and restart the machine?

jonbyles · 11-Jul-2009, 08:55 PM **#30**

Hi

Yep I put a check in both boxes, but it didn't give me any option regarding restarting the machine. It just said unable to complete disk check, after about 1 second.

Tag Cloud
access acer asus bios bsod computer crash driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop mac malware memory monitor motherboard music network printer problem ram registry router server slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!