1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

i cant open any folders

Discussion in 'Windows XP' started by ozzy_beamer, Feb 15, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. ozzy_beamer

    ozzy_beamer Banned Thread Starter

    Joined:
    Feb 15, 2005
    Messages:
    31
    hi guys, i was wondering if anyone can give me a hand with what i think is a virus. everytime i go to open a folder (my computer, my documents, c drive etc.) my curser goes to the waiting stage for about a second, then nothing comes up. i push ctrl+alt+delete, to bring up task manager, and when i try to open the folders, it tells me, in processes, that a program called "drwtsn32.exe" is running, and i think that is what is not letting me open my folders. could anyone tell me how to get rid of it, so i can get rid of ANOTHER virus.
     
  2. Dochoi

    Dochoi

    Joined:
    Feb 14, 2005
    Messages:
    26
    Drwtsn32.exe is a program error debugger that gathers information about your computer when an error (or user-mode fault) occurs with a program. The program obtains and logs to diagnose a program error. When an error is detected, it creates a text file (Drwtsn32.log).
    You can check out this log to see what hints can find from it.

    Apart from this, virus or newly install malfunction softwares can cause such this problem.

    Hope you can quickly solve your problem. :rolleyes:
     
  3. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Try restoring the file association for folders:

    http://www.dougknox.com/xp/fileassoc/folder_reg.zip

    To disable Dr. Watson, run regedit and delete this key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

    To re-enable him, go to Start > Run, and type:
    drwtsn32 -i <Enter>

    Dr. Watson seems to have some problems in SP2. You may even see 2 instances of Dr. Watson, the second trying to debug the errors of the first---and then your machine soon locks up. Disable him if that seems to be the problem.
     
  4. ozzy_beamer

    ozzy_beamer Banned Thread Starter

    Joined:
    Feb 15, 2005
    Messages:
    31
    Hey, Elvandil, i done what you said, removed HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug, and re-enabled him. now when i try to open my computer i get this mesage "explorer.exe - application error
    The instruction at "0x03aad065" referenced memory at "0x00000000". The memory could not be written.
    Click ok to terminate this program."
    I NEED HELP
     
  5. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Remove the key but don't re-enable until you get the problem solved (Re-enabling puts the key back that you just removed).

    Can you scan your computer with your AV and try to remove any viruses? That may be the reason for the errors, and it may be getting worse.

    If you are having problems that prevent you from removing the virus, you might try going to Start > Run, and typing:
    sfc /scannow
    to repair/replace any files that the virus has infected that may prevent you from accessing your folders.

    Does your AV have some problem removing the virus? If so, there are removal tools available for many of them. What virus is it?
     
  6. ozzy_beamer

    ozzy_beamer Banned Thread Starter

    Joined:
    Feb 15, 2005
    Messages:
    31
    ok i ran my AV (XsoftSpy) and i found all the viruses on my computer, but it also thinks my P2P program (Morpheus) is a virus/addware, so should i quarantine morpheus, i dont want to because it is really good, but if it is harmfull to my computer i will, what do you say?
     
  7. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
  8. ozzy_beamer

    ozzy_beamer Banned Thread Starter

    Joined:
    Feb 15, 2005
    Messages:
    31
    ok, now i am pissed off because i have downloadad and ran registry mechanic, and it done nothing. THEN i downloaded and ran norton antivirus and guess what IT DONE NOTHING!!!!! my computer seriously needs help, so if anyone can offer any, please!!!!!
     
  9. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Have you tried using System Restore to return to a date when the system ran properly?

    If you are having problems with "Explorer" it may be best to try it from a "command prompt"


    http://support.microsoft.com/default.aspx?scid=kb;en-us;304449

    If you want to post a HijackThis Scanlog, we can see what is running and possibly root out any obvious infections.

    Create a new, permanent folder for HijackThis and save the file to that. Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply

    Direct HijackThis download link: http://www.spywareinfo.com/~merijn/files/HijackThis.exe
     
  10. ozzy_beamer

    ozzy_beamer Banned Thread Starter

    Joined:
    Feb 15, 2005
    Messages:
    31
    ok well heres my hijack this log, its long
    Logfile of HijackThis v1.99.1
    Scan saved at 8:50:34 AM, on 18/2/05
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\system32\scanregg.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\DTS3\svcagnt.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\ubmgbp.dat
    C:\WINDOWS\netkg32.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\WINDOWS\system32\wyjiqrzc.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Daily Weather Forecast\weather.exe
    C:\Program Files\Invisible Keylogger\nvsr32.exe
    C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Home\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.myfunstart.com/index.cfm?pc=sahp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - C:\WINDOWS\system32\bridge.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {DF668E96-27EB-767C-CDC7-40ADB11675F2} - C:\WINDOWS\system32\iehr.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [netkg32.exe] C:\WINDOWS\netkg32.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [bwvwbrwwu] C:\WINDOWS\system32\wyjiqrzc.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\system32\bridge.dll",Load
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [scanregg] C:\WINDOWS\system32\scanregg.exe
    O4 - HKLM\..\Run: [Config32 Loader] iexplore32.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
    O4 - HKLM\..\Run: [InternetK] C:\Program Files\Invisible Keylogger\nvsr32.exe
    O4 - HKLM\..\RunServices: [Config32 Loader] iexplore32.exe
    O4 - HKCU\..\Run: [Config32 Loader] iexplore32.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - blank (file missing)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Search cracks at CrackSpider.NET - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://crackspider.net/ie/btn.php (file missing) (HKCU)
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.05p.com (HKLM)
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.scoobidoo.com (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: 206.161.124.130 (HKLM)
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...m.au/Commodore/VY_Series2/content.asp?model=1
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...b743482bfaec:0a002003c3f6d5950937c6314a45eb37
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BDFB45BA-3CF5-4770-AFA2-FC56980B5B8D}: NameServer = 203.49.70.92 139.134.2.190
    O20 - Winlogon Notify: scanregg - C:\WINDOWS\SYSTEM32\scanregg.dll
    O21 - SSODL: systemp - {F314E944-8E22-480D-8F82-FCC3D688522F} - systemp.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Windows Desktop Security (dtsagntsvc) - Unknown owner - C:\Program Files\DTS3\svcagnt.exe" /svc (file missing)
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner - C:\WINDOWS\ubmgbp.dat.exe (file missing)
     
  11. ozzy_beamer

    ozzy_beamer Banned Thread Starter

    Joined:
    Feb 15, 2005
    Messages:
    31
    holy crap i have so much porn stuff on there, i dont look at porn, i mean it!!!
     
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, let's try this:

    Download, unzip and have availaibe:

    DELDOMAINS: http://forums.techguy.org/attachment.php?attachmentid=46816

    >> Start by going to Add/Remove programs and remove new.net and reboot.

    Then....


    [​IMG] Have these instructions printed or in a convenient Notepad (or Wordpad) file so you can view them in Safe Mode. Have "show hidden (or all) files" checked in Folder Options > View in case you have to search for any hidden files to delete. Also ensure you do NOT have "hide file extensions..." enabled in Folder Options > View

    If HijackThis has not been downloaded or copied to a permanent folder, move it there before beginning.

    Download and unzip to a convenient location the CoolWebShredder, CWShredder.exe available here: http://www.intermute.com/spysubtract/cwshredder_download.html

    Then:

    1 >> Restart in Safe Mode. Instructions here if you need them:http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

    2 >> In Safe Mode run the CoolWebShredder and have it "fix" detected problems. Then run HijackThis and check and "fix" the following entries:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lrowu.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.myfunstart.com/index.cfm?pc=sahp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - C:\WINDOWS\system32\bridge.dll (file missing)

    O2 - BHO: (no name) - {DF668E96-27EB-767C-CDC7-40ADB11675F2} - C:\WINDOWS\system32\iehr.dll

    O4 - HKLM\..\Run: [netkg32.exe] C:\WINDOWS\netkg32.exe

    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    ^^ I have never seen this before, do a search for powrprof.dll. Right Click on it and select Properties > Version. If it has a Microsoft Copyright, leave it. If not, delete it. and the fix the regestry entry.


    O4 - HKLM\..\Run: [scanregg] C:\WINDOWS\system32\scanregg.exe
    O4 - HKLM\..\Run: [Config32 Loader] iexplore32.exe

    ^^ do a File Search for "iexplore32.exe" and delete all instances of it.

    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

    ^^ delete the "updater" folder in c:\Program Files\Common Files

    O4 - HKLM\..\RunServices: [Config32 Loader] iexplore32.exe
    O4 - HKCU\..\Run: [Config32 Loader] iexplore32.exe

    O20 - Winlogon Notify: scanregg - C:\WINDOWS\SYSTEM32\scanregg.dll
    O21 - SSODL: systemp - {F314E944-8E22-480D-8F82-FCC3D688522F} - systemp.dll (file missing)

    O23 - Service: Windows Desktop Security (dtsagntsvc) - Unknown owner - C:\Program Files\DTS3\svcagnt.exe" /svc (file missing)

    O23 - Service: Network Security Service (NSS) (?%AF夶À¨) - Unknown owner - C:\WINDOWS\ubmgbp.dat.exe (file missing)


    3 >> Go to Start > Run and enter cmd and a command shell will open. At the prompt carefully type and enter each line:

    del C:\WINDOWS\system32\scanregg.exe
    del C:\Program Files\DTS3\svcagnt.exe
    del C:\WINDOWS\ubmgbp.dat
    del C:\WINDOWS\netkg32.exe
    del C:\WINDOWS\system32\wyjiqrzc.exe
    del C:\Program Files\Invisible Keylogger\nvsr32.exe


    ^^ look for Invisible Keylogger in Add/Remove programs and remove it there if found. If not, delete the Invisible Keylogger folder in C:\Program Files



    Additional cleanup instructions: Go to the Control Panel > Internet Options applet. Clear the Temporary Internet Cache, History and Offline Content. Go to the Programs tab and select "reset web settings", including your home page if it has been altered. You can reset that later to what you desire.

    Go to Start > Run, enter %temp% and then click Edit > Select All. Right click on the selected files and folders and delete them

    >> Right Click on deldomains.inf and select "Install" from the right click menu. There will be no prompts or confirmations.

    >> Reboot and post a new Scanlog. Report on any remaining issues.
     
  13. ozzy_beamer

    ozzy_beamer Banned Thread Starter

    Joined:
    Feb 15, 2005
    Messages:
    31
    ok Rog, there is one MAJOR flaw in your plan. I CANT OPEN FOLDERS. if i try to this message appears:application error
    The instruction at "0x03aad065" referenced memory at "0x00000000". The memory could not be written.
    Click ok to terminate this program."
    so i cant open ANY folders, even control panel. so unless theres a command prompt for add/remove programs or any of the other thingsi need, im screwed!
     
  14. ozzy_beamer

    ozzy_beamer Banned Thread Starter

    Joined:
    Feb 15, 2005
    Messages:
    31
    and invisible keylogger, i know about that one, i installed it, so unless it will cause harm to my computer, i will keep it.
     
  15. EAFiedler

    EAFiedler Moderator

    Joined:
    Apr 25, 2000
    Messages:
    14,146
    Hi ozzy beamer

    Using this link
    http://www.newdotnet.com/removal.html
    follow PROCEDURE 4 (Download Uninstall from New.net):
    download the executable file to a floppy and uninstall NewDotNet following their instructions at that link.
    It is not necessary to remove the keylogger since you intentionally installed it.

    CWShredder is the executable, no unzipping required.

    Link for unzipped Deldomains.inf file
    http://mvps.org/winhelp2002/DelDomains.inf
    right click the .inf file to Install.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - cant open folders
  1. Coco767
    Replies:
    3
    Views:
    308
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/330747

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice