Win7 Explorer.exe Crashes on Right-click

Question

Michael_SB 0 Newbie Poster

13 Years Ago

Hello;

I got some kind of infection or something last week, which caused my virus software not to update, and finally my computer to totally crash and would not reboot. I successfully recovered my system from an image (it was one level up of messy from actual system restore - which never works, why is that?).

Now explorer.exe crashes and restarts whenever I right click on files in explorer (not folders, they work as normal). This is true whether I click a file in a folder, or a file appearing over the Windows button.

I need the right click for all kinds of things.

Thank you so much in advance for your help!

Michael

Windows 7 64-bit
Windows Malicious Software Remover found nothing.
ATF Cleaner: Done.
GMER.one scan did not post any results (I think this is due to Win7 64bit).
Gmer two.LOG Follows
MBAM found nothing.
DDS.txt follows
Attach.txt is available. I received three different instructions for this which were confusing. The webpage says paste in the page. The pop-up window says do no post, but attach the file. Attach.txt itself says do not post. I have not attached it, pending further instructions.

GMER 1.0.15.15641 - [url]http://www.gmer.net[/url]
Rootkit scan 2011-07-27 23:10:32
Windows 6.1.7600  
Running: 3z7gk5t8.exe


---- Registry - GMER 1.0.15 ----

Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT 
\Parameters\Keys\701a049c7429                                                        


Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT 
\Parameters\Keys\701a049c7437                                                        


Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT 
\Parameters\Keys\70f1a101fac3                                                          


Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT 
\Parameters\Keys\70f1a101fac3@58170ce50349                                 

                                                0x60 0x25 0xF5 0xB7 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT 
\Parameters\Keys\70f1a101fac3@0023d4a9e78f                                  

                                               0x5F 0x25 0x35 0x2B ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT 
\Parameters\Keys\904ce5fa4793                                                         


Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1         


       771343423
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2         


       285507792
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0         


       1
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC                                    


Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                             

                                                         C:\Program Files  
(x86)\DAEMON Tools Lite\
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                             

                                                         0x00 0x00 0x00 0x00 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                             

                                                         0
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                        

                                                           0x63 0x42 0x0F 0xEC ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                    


Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0              

                                                               0x20 0x01 0x00 0x00 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12         

                                                                 0xE0 0x1E 0x14 0xAA  
...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0            


Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC 
\00000001\gdq0@hdf12                                                                    

 0x68 0x84 0x82 0x99 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1            


Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC 
\00000001\gdq1@hdf12                                                                    

 0x17 0x76 0x32 0x07 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2            


Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC 
\00000001\gdq2@hdf12                                                                    

 0x5D 0x4B 0xD4 0xB7 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3            


Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC 
\00000001\gdq3@hdf12                                                                    

 0x5E 0xAD 0xDA 0x6A ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT 
\Parameters\Keys\701a049c7429 (not active ControlSet)                      


Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT 
\Parameters\Keys\701a049c7437 (not active ControlSet)                      


Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT 
\Parameters\Keys\70f1a101fac3 (not active ControlSet)                        


Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT 
\Parameters\Keys\70f1a101fac3@58170ce50349                                 

                                                    0x60 0x25 0xF5 0xB7 ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT 
\Parameters\Keys\70f1a101fac3@0023d4a9e78f                                  

                                                   0x5F 0x25 0x35 0x2B ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT 
\Parameters\Keys\904ce5fa4793 (not active ControlSet)                       


Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)  


Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                             

                                                             C:\Program Files  
(x86)\DAEMON Tools Lite\
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                             

                                                             0x00 0x00 0x00 0x00 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                             

                                                             0
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                        

                                                               0x0C 0x23 0x7C 0xDD ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active  
ControlSet)                                                                                        

Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0              

                                                                   0x20 0x01 0x00 0x00  
...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12         

                                                                     0xE0 0x1E 0x14  
0xAA ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not  
active ControlSet)                                                                              

Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC 
\00000001\gdq0@hdf12                                                                    

     0x9D 0x36 0x87 0xFC ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not  
active ControlSet)                                                                              

Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC 
\00000001\gdq1@hdf12                                                                    

     0x30 0x9C 0x77 0x3F ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not  
active ControlSet)                                                                              

Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC 
\00000001\gdq2@hdf12                                                                    

     0xC5 0x43 0x29 0x86 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not  
active ControlSet)                                                                              

Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg 
\14919EA49A8F3B4AA3CF1058D9A64CEC 
\00000001\gdq3@hdf12                                                                    

     0x5E 0xAD 0xDA 0x6A ...

---- Files - GMER 1.0.15 ----

File  C:\Torrents\Completed Torrents\Windows Smart Phone  Mobile  
Applications And Games\Applications\Applications 2\Adisasta  
wmZip v3.1.2.Build.3125.XScale.Smartphone200x.Incl.Keygen- 
SyMPDA 
\Adisasta.wmZip.v3.1.2.Build.3125.XScale.Smartphone200x.Incl.Key 
gen-SyMPDA\file_id.diz  336 bytes
File  C:\Torrents\Completed Torrents\Windows Smart Phone  Mobile  
Applications And Games\Applications\Applications 2\Adisasta  
wmZip v3.1.2.Build.3125.XScale.Smartphone200x.Incl.Keygen- 
SyMPDA 
\Adisasta.wmZip.v3.1.2.Build.3125.XScale.Smartphone200x.Incl.Key 
gen-SyMPDA\Keygen.exe   34816 bytes executable
File  C:\Torrents\Completed Torrents\Windows Smart Phone  Mobile  
Applications And Games\Applications\Applications 2\Adisasta  
wmZip v3.1.2.Build.3125.XScale.Smartphone200x.Incl.Keygen- 
SyMPDA 
\Adisasta.wmZip.v3.1.2.Build.3125.XScale.Smartphone200x.Incl.Key 
gen-SyMPDA\sympda.nfo   16461 bytes
File  C:\Users\Xuyuan\AppData\Local\Google\Chrome\User Data 
\Default\Cookies-journal                                                                    

                        0 bytes

---- EOF - GMER 1.0.15 ----

MBAM 

Found nothing.

Malwarebytes' Anti-Malware 1.51.1.1800
[url]www.malwarebytes.org[/url]

Database version: 7300

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/07/2011 23:19:21
mbam-log-2011-07-27 (23-19-21).txt

Scan type: Quick scan
Objects scanned: 190929
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

.
DDS (Ver_2011-06-23.01) - NTFSAMD64 
Internet Explorer: 8.0.7600.16385
Run by Xuyuan at 23:20:45 on 2011-07-27
Microsoft Windows 7 Ultimate    
6.1.7600.0.950.886.1033.18.3838.1107 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated*  
{9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36 
-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F- 
4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2 
-AA01-20A2-213B-0B8EB45B02E8}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260- 
56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository 
\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection 
\Smc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared 
\ccSvcHst.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k  
LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED 
\IMEDICTUPDATE.EXE
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp  
4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\PC Tools\sMonitor 
\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort 
\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection 
\Rtvscan.exe
C:\Program Files (x86)\TeamViewer 
\Version5\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live 
\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live 
\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection 
\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection 
\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components 
\scheduler\STService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Users\Xuyuan\AppData\Local\Google\Update 
\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\InstallShield\UpdateService 
\issch.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Google\Google Desktop Search 
\GoogleDesktop.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Inventec\Dreye\DreyeMT\DreyeIMplugin.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor 
\SSDMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF 
\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Program Files\Common Files\Microsoft Shared 
\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k  
NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Users\Xuyuan\AppData\Local\Google\Google Talk Plugin 
\googletalkplugin.exe
C:\Users\Xuyuan\AppData\Local\Google\Chrome\Application 
\chrome.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uDefault_Page_URL = hxxp://www.bing.com
uInternet Settings,ProxyOverride = localhost, 127.0.0.1,  
hxxp://gaeapanda.dyndns.org:8888/cgi-bin/html/login.html
uInternet Settings,ProxyServer = http= 195.37.16.152:3128
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09- 
768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart  
Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596- 
fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe 
\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644- 
206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C: 
\Program Files (x86)\Microsoft\Search Enhancement Pack\Search  
Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9- 
0bbc1d38a37e} - C: 
\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf- 
8ecc-5164760863c6} - C:\Program Files (x86)\Common Files 
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FAIESSO Helper Object: {a2f122da-055f-4df7-8f24- 
7354dbdba85b} - FAIESSOHelper Class
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861- 
484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files 
\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22 
-42b3008e02ff} - C: 
\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74- 
9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077}  
- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX 
\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856}  
- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing 
\hpswp_BHO.dll
TB: Dr.eye WebPage Translation: {92b255fe-94e2-4bca-958d- 
3926ce38913f} - C:\Program Files (x86)\Inventec\Dreye\DreyeMT 
\DreyeIEBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C: 
\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX 
\AcroIEFavClient.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395- 
cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart  
Web Printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON  
Tools Lite\DTLite.exe" -autorun
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD 
\AnyDVD.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [ISUSPM Startup] C: 
\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe - 
startup
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search  
& Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Xuyuan\AppData\Local\Google 
\Update\GoogleUpdate.exe" /c
uRun: [DfMarshal] regsvr32 /s /u "C:\Users\Xuyuan\AppData\Local 
\DfMarshal\DfMarshal.dll"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe  
/autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe"  
/nosplash /minimized
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files 
\InstallShield\UpdateService\issch.exe" -start
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec  
Shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files  
(x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe 
\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office 
\Office14\BCSSync.exe" /DelayServices
mRun: [IME14 CHT Setup] C: 
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED 
\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [IME14 JPN Setup] C: 
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED 
\IMEKLMG.EXE /SetPreload /JPN /Log
mRun: [IME14 KOR Setup] C: 
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED 
\IMEKLMG.EXE /SetPreload /KOR /Log
mRun: [IME14 CHS Setup] C: 
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED 
\IMEKLMG.EXE /SetPreload /CHS /Log
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google 
\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software  
Update\HPWuSchd2.exe
mRun: [IMDreyePlugin] "C:\Program Files (x86)\Inventec\Dreye 
\DreyeMT\DreyeIMplugin.exe" /h
mRun: [AdobeCS5ServiceManager] "C:\Program Files  
(x86)\Common Files\Adobe\CS5ServiceManager 
\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files  
(x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe 
\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool 
\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC  
Tools\sMonitor\SSDMonitor.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime 
\QTTask.exe" -atboottime
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local  
Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Xuyuan\AppData\Roaming 
\MICROS~1\Windows\STARTM~1\Programs\Startup 
\JACQUI~1.LNK - C:\Program Files (x86)\Jacquie Lawson Advent  
Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent  
Calendar.exe
StartupFolder: C:\Users\Xuyuan\AppData\Roaming 
\MICROS~1\Windows\STARTM~1\Programs\Startup 
\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office 
\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows 
\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files  
(x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files  
(x86)\Common Files\Adobe\Acrobat\ActiveX 
\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files 
\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files  
(x86)\Common Files\Adobe\Acrobat\ActiveX 
\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files 
\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C: 
\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: English<->German - C:\Program Files (x86)\LingvoSoft 
\LingvoSoft Talking Dictionary 2007 (English-German) for  
Windows\Plugins\IE.htm
IE: Se&nd to OneNote - C: 
\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files 
\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files 
\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700}
IE: {9A64FC4B-7139-594F-BB95-62943D7D7F03}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program  
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "C:\Program  
Files (x86)\ProxyPick\ProxyPick.exe"
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267 
-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files  
(x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304- 
E1D6-4330-914C-F5F514E3486C} - C:\Program Files  
(x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0 
-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile 
\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0 
-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile 
\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614 
-B694-4AE6-AB38-5D6374584B52} - C:\Program Files  
(x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865- 
83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP 
\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962- 
6F74-2D53-2644-206D7942484F} - C: 
\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -  
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows- 
i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -  
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows- 
i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -  
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows- 
i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -  
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swfla 
sh.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0FD62F36-7FDC-432B-BECB-9177DAE12814} :  
NameServer = 192.168.1.1
TCP: Interfaces\{433D458E-DFE2-4BE2-927C-D4C328319872} :  
DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F1396390-F8D4-4C88-BF17-837BD9474AB1} :  
DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F1396390-F8D4-4C88-BF17- 
837BD9474AB1}\244584F6D65684572623D275937425 :  
DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F1396390-F8D4-4C88-BF17- 
837BD9474AB1}\94F454C49424 : NameServer =  
168.95.1.1,192.168.4.254
TCP: Interfaces\{F1396390-F8D4-4C88-BF17- 
837BD9474AB1}\94F454C49424 : DhcpNameServer =  
140.109.128.5 140.109.129.5 140.109.1.10
TCP: Interfaces\{F1396390-F8D4-4C88-BF17- 
837BD9474AB1}\D4541444F475 : DhcpNameServer =  
212.74.112.66 212.74.112.67
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  
C:\Program Files (x86)\Common Files\microsoft shared 
\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  
C:\Program Files (x86)\Windows Live\Photo Gallery 
\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: acaptuser32.dll C:\PROGRA~2\Google 
\GOOGLE~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420- 
b3ba-52453494e6cd} - C: 
\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09- 
768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart  
Web Printing\hpswp_printenhancer.dll
BHO-X64:     HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596 
-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe 
\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644 
-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F- 
B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search  
Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64:     Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22- 
B7F9-0BBC1D38A37E} - C: 
\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02- 
4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common  
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} -  
FAIESSOHelper Class
BHO-X64:     FAIESSO Helper Object - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045- 
E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common  
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21- 
4959-BA22-42B3008E02FF} - C: 
\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445- 
435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin 
\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964- 
665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe 
\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64:     SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2- 
0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart  
Web Printing\hpswp_BHO.dll
BHO-X64:     HP Smart BHO Class - No File
TB-X64: Dr.eye WebPage Translation: {92B255FE-94E2-4BCA- 
958D-3926CE38913F} - C:\Program Files (x86)\Inventec\Dreye 
\DreyeMT\DreyeIEBar.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8- 
0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe 
\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files 
\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files 
\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files  
(x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files 
\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office 
\Office14\BCSSync.exe" /DelayServices
mRun-x64: [IME14 CHT Setup] C: 
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED 
\IMEKLMG.EXE /SetPreload /CHT /Log
mRun-x64: [IME14 JPN Setup] C: 
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED 
\IMEKLMG.EXE /SetPreload /JPN /Log
mRun-x64: [IME14 KOR Setup] C: 
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED 
\IMEKLMG.EXE /SetPreload /KOR /Log
mRun-x64: [IME14 CHS Setup] C: 
\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED 
\IMEKLMG.EXE /SetPreload /CHS /Log
mRun-x64: [Google Desktop Search] "C:\Program Files  
(x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP  
Software Update\HPWuSchd2.exe
mRun-x64: [IMDreyePlugin] "C:\Program Files (x86)\Inventec 
\Dreye\DreyeMT\DreyeIMplugin.exe" /h
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files  
(x86)\Common Files\Adobe\CS5ServiceManager 
\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files  
(x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe 
\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool 
\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC  
Tools\sMonitor\SSDMonitor.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime 
\QTTask.exe" -atboottime
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe  
Local Backup\Components\scheduler\Launcher.exe
IE-X64: {612F6E5C-B314-4bab-93D1-D266AAFBE700}
IE-X64: {9A64FC4B-7139-594F-BB95-62943D7D7F03}
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c: 
\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "C: 
\Program Files (x86)\ProxyPick\ProxyPick.exe"
AppInit_DLLs-X64: acaptuser32.dll C:\PROGRA~2\Google 
\GOOGLE~1\GO36F4~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6- 
4420-B3BA-52453494E6CD} - C: 
\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1    [url]www.spywareinfo.com[/url]
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Xuyuan\AppData\Roaming\Mozilla 
\Firefox\Profiles\409nch2r.default\
FF - prefs.js: browser.startup.homepage -  
hxxps://www.google.com/accounts/ServiceLogin? 
service=mail&passive=true&rm=false&continue=https%3A%2F 
%2Fmail.google.com%2Fmail%2F%3Faccount_id 
%3Dmstanleybaker%40gmail.com%26zx%3D162r7o244df 
%26shva%3D1%26ui%3Dhtml%26zy 
%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=googlemail
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.http -  195.37.16.152
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR 
\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight 
\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins 
\npdjvu.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery 
\NPWLPG.dll
FF - plugin: C:\Users\Xuyuan\AppData\Local\Google\Update 
\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Xuyuan\AppData\Roaming\Mozilla\plugins 
\npgoogletalk.dll
FF - plugin: C:\Users\Xuyuan\AppData\Roaming\Mozilla\plugins 
\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash 
\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 bftpdskc64;BUFFALO TurboPC Cache Filter;C:\Windows 
\system32\drivers\bftpdskc64.sys --> C:\Windows\system32\drivers 
\bftpdskc64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C: 
\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys  
--> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows 
\system32\DRIVERS\vwififlt.sys --> C:\Windows 
\system32\DRIVERS\vwififlt.sys [?]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy  
service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe  
[2010-9-29 67584]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell 
\DellDock\DockLogin.exe [2009-6-9 155648]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C: 
\Program Files\Common Files\Microsoft Shared\IME14\SHARED 
\IMEDICTUPDATE.EXE [2010-1-21 83312]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown  
Monitor service;C:\Program Files (x86)\Common Files\PC Tools 
\sMonitor\StartManSvc.exe [2011-7-23 632792]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program  
Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-29  
1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell  
DataSafe Local Backup\SftService.exe [2010-1-22 689472]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program  
Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe  
[2009-9-17 2477304]
R2 TeamViewer5;TeamViewer 5;C:\Program Files  
(x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-12-1  
2011944]
R3 bautpw64;BUFFALO eco manager for HD Filter;C:\Windows 
\system32\drivers\bautpw64.sys --> C:\Windows\system32\drivers 
\bautpw64.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows 
\system32\DRIVERS\bcmvwl64.sys --> C:\Windows 
\system32\DRIVERS\bcmvwl64.sys [?]
R3 bftpusbx64;BUFFALO TurboPC USB Filter;C:\Windows 
\system32\drivers\bftpusbx64.sys --> C:\Windows\system32\drivers 
\bftpusbx64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows 
\system32\DRIVERS\CtClsFlt.sys --> C:\Windows 
\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files  
(x86)\Common Files\Symantec Shared\EENGINE 
\EraserUtilRebootDrv.sys [2011-7-20 136824]
R3 itecir;ITECIR Infrared Receiver;C:\Windows 
\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS 
\itecir.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C: 
\Windows\system32\drivers\nvhda64v.sys --> C:\Windows 
\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files 
\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform 
\OSPPSVC.EXE [2010-1-9 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC 
{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service  
Helper Driver;C:\Program Files\Dell Support Center 
\pcdsrvc_x64.pkms [2010-11-18 25072]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows 
\system32\DRIVERS\vwifimp.sys --> C:\Windows 
\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework  
NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework 
\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework  
NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET 
\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers 
\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows 
\system32\DRIVERS\btwl2cap.sys --> C:\Windows 
\system32\DRIVERS\btwl2cap.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files  
(x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C: 
\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe  
[2010-8-21 25832]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows 
\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS 
\facap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C: 
\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files  
(x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop  
Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google  
Desktop Search\GoogleDesktop.exe [2010-11-15 30192]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows 
\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS 
\ivusb.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C: 
\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-8- 
12 2146496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files  
(x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 17152]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows 
\system32\E400.tmp --> C:\Windows\system32\E400.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft  
SharePoint Workspace Audit Service;C:\Program Files  
(x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25  
30969208]
S3 sprtsvc_DellComms;SupportSoft Sprocket Service  
(DellComms);C:\Program Files (x86)\Dell\DellComms\bin 
\sprtsvc.exe [2009-5-5 206064]
S3 WatAdminSvc;Windows Activation Technologies Service;C: 
\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows 
\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows 
\system32\DRIVERS\WSDPrint.sys --> C:\Windows 
\system32\DRIVERS\WSDPrint.sys [?]
S4 McProxy;McAfee Proxy Service;C:\Program Files (x86)\Common  
Files\McAfee\McProxy\McProxy.exe [2010-1-22 359952]
.
=============== Created Last 30 ================
.
2011-07-24 01:13:12 --------    d-----w-    C:\Users\Xuyuan 
\AppData\Roaming\Registry Mechanic
2011-07-23 08:13:26 880640  ----a-w-    C:\Windows 
\SysWow64\UniBox10.ocx
2011-07-23 08:13:26 506368  ----a-w-    C:\Windows 
\SysWow64\msxml.dll
2011-07-23 08:13:26 40408   ----a-w-    C:\Windows 
\System32\CleanMFT64.exe
2011-07-23 08:13:26 212992  ----a-w-    C:\Windows 
\SysWow64\UniBoxVB12.ocx
2011-07-23 08:13:26 1101824 ----a-w-    C:\Windows 
\SysWow64\UniBox210.ocx
2011-07-23 08:13:23 --------    d-----w-    C:\Program Files  
(x86)\Common Files\PC Tools
2011-07-23 06:43:56 404640  ----a-w-    C:\Windows 
\SysWow64\FlashPlayerCPLApp.cpl
2011-07-20 19:54:30 --------    d-----w-    C:\ProgramData\DivX
2011-07-20 12:26:10 80384   ----a-w-    C:\Windows 
\System32\drivers\BTHUSB.SYS
2011-07-20 12:26:10 552448  ----a-w-    C:\Windows 
\System32\drivers\bthport.sys
2011-07-19 15:12:13 2106216 ----a-w-    C:\Program Files  
(x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-19 15:12:13 1998168 ----a-w-    C:\Program Files  
(x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-19 14:24:40 759296  ----a-w-    C:\Program Files  
(x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-19 14:24:40 1110528 ----a-w-    C:\Program Files 
\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-18 21:05:41 157696  ----a-w-    C:\Windows 
\System32\drivers\mrxsmb.sys
2011-07-18 21:05:41 126464  ----a-w-    C:\Windows 
\System32\drivers\mrxsmb20.sys
2011-07-18 21:05:40 287744  ----a-w-    C:\Windows 
\System32\drivers\mrxsmb10.sys
2011-07-18 21:03:03 161792  ----a-w-    C:\Windows 
\SysWow64\d3d10_1.dll
2011-07-18 21:03:02 197120  ----a-w-    C:\Windows 
\System32\d3d10_1.dll
2011-07-18 21:01:56 3134464 ----a-w-    C:\Windows 
\System32\win32k.sys
2011-07-18 20:36:43 5509504 ----a-w-    C:\Windows 
\System32\ntoskrnl.exe
2011-07-18 20:36:41 3957632 ----a-w-    C:\Windows 
\SysWow64\ntkrnlpa.exe
2011-07-18 20:36:40 3901824 ----a-w-    C:\Windows 
\SysWow64\ntoskrnl.exe
2011-07-18 20:36:30 2870272 ----a-w-    C:\Windows\explorer.exe
2011-07-18 20:36:29 2614784 ----a-w-    C:\Windows 
\SysWow64\explorer.exe
2011-07-18 20:36:17 142336  ----a-w-    C:\Windows 
\System32\poqexec.exe
2011-07-18 20:36:17 123904  ----a-w-    C:\Windows 
\SysWow64\poqexec.exe
2011-07-18 20:36:08 662528  ----a-w-    C:\Windows 
\System32\XpsPrint.dll
2011-07-18 20:36:08 442880  ----a-w-    C:\Windows 
\SysWow64\XpsPrint.dll
2011-07-18 20:34:12 31232   ----a-w-    C:\Windows 
\SysWow64\prevhost.exe
2011-07-18 20:34:12 31232   ----a-w-    C:\Windows 
\System32\prevhost.exe
2011-07-18 20:19:49 7844688 ----a-w-    C:\ProgramData 
\Microsoft\Windows Defender\Definition Updates\{2AAB4CFD- 
5DB0-43E3-BE37-9C02D8C825BB}\mpengine.dll
2011-07-13 16:54:29 404992  ----a-w-    C:\Windows 
\System32\umpnpmgr.dll
2011-07-13 16:54:28 64512   ----a-w-    C:\Windows 
\SysWow64\devobj.dll
2011-07-13 16:54:28 44544   ----a-w-    C:\Windows 
\SysWow64\devrtl.dll
2011-07-13 16:54:28 252928  ----a-w-    C:\Windows 
\SysWow64\drvinst.exe
2011-07-13 16:54:28 145920  ----a-w-    C:\Windows 
\SysWow64\cfgmgr32.dll
2011-07-10 12:03:50 --------    d-----w-    C:\Users\Xuyuan 
\AppData\Roaming\DisneyInteractiveStudios
2011-07-09 23:22:05 --------    d-----w-    C:\Program Files  
(x86)\Disney Interactive Studios
.
==================== Find3M  ====================
.
2011-07-27 12:25:32 17408   ----a-w-    C:\Windows 
\System32\rpcnetp.exe
2011-07-27 12:25:29 58288   ----a-w-    C:\Windows 
\SysWow64\rpcnet.dll
2011-07-06 17:52:42 41272   ----a-w-    C:\Windows 
\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 17:52:42 25912   ----a-w-    C:\Windows 
\System32\drivers\mbam.sys
2011-06-02 06:45:22 362496  ----a-w-    C:\Windows 
\System32\wow64win.dll
2011-06-02 06:45:22 243200  ----a-w-    C:\Windows 
\System32\wow64.dll
2011-06-02 06:45:22 13312   ----a-w-    C:\Windows 
\System32\wow64cpu.dll
2011-06-02 06:44:54 214528  ----a-w-    C:\Windows 
\System32\winsrv.dll
2011-06-02 06:42:37 16384   ----a-w-    C:\Windows 
\System32\ntvdm64.dll
2011-06-02 06:39:54 422400  ----a-w-    C:\Windows 
\System32\KernelBase.dll
2011-06-02 06:35:56 338944  ----a-w-    C:\Windows 
\System32\conhost.exe
2011-06-02 05:59:44 14336   ----a-w-    C:\Windows 
\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032   ----a-w-    C:\Windows\apppatch 
\acwow64.dll
2011-06-02 05:56:06 25600   ----a-w-    C:\Windows 
\SysWow64\setup16.exe
2011-06-02 05:54:51 5120    ----a-w-    C:\Windows 
\SysWow64\wow32.dll
2011-06-02 05:54:50 272384  ----a-w-    C:\Windows 
\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680    ----a-w-    C:\Windows 
\SysWow64\instnm.exe
2011-06-02 03:50:59 2048    ----a-w-    C:\Windows 
\SysWow64\user.exe
2011-06-02 03:45:49 6144    ---ha-w-    C:\Windows 
\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608    ---ha-w-    C:\Windows 
\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584    ---ha-w-    C:\Windows 
\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072    ---ha-w-    C:\Windows 
\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w-    C:\Windows 
\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w-    C:\Windows 
\SysWow64\mshtml.tlb
2011-05-04 05:30:38 2326016 ----a-w-    C:\Windows 
\System32\tquery.dll
2011-05-04 05:28:07 779264  ----a-w-    C:\Windows 
\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w-    C:\Windows 
\System32\mssrch.dll
2011-05-04 05:28:06 75264   ----a-w-    C:\Windows 
\System32\msscntrs.dll
2011-05-04 05:28:06 491520  ----a-w-    C:\Windows 
\System32\mssph.dll
2011-05-04 05:28:06 288256  ----a-w-    C:\Windows 
\System32\mssphtb.dll
2011-05-04 05:24:09 593408  ----a-w-    C:\Windows 
\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856  ----a-w-    C:\Windows 
\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664  ----a-w-    C:\Windows 
\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w-    C:\Windows 
\SysWow64\tquery.dll
2011-05-04 04:52:59 666624  ----a-w-    C:\Windows 
\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392   ----a-w-    C:\Windows 
\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408  ----a-w-    C:\Windows 
\SysWow64\mssph.dll
2011-05-04 04:52:59 197120  ----a-w-    C:\Windows 
\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w-    C:\Windows 
\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528   ----a-w-    C:\Windows 
\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032  ----a-w-    C:\Windows 
\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352  ----a-w-    C:\Windows 
\SysWow64\SearchProtocolHost.exe
2011-05-03 05:21:22 976896  ----a-w-    C:\Windows 
\System32\inetcomm.dll
2011-05-03 04:50:29 740864  ----a-w-    C:\Windows 
\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312  ----a-w-    C:\Windows 
\System32\drivers\srv.sys
2011-04-29 03:12:54 399872  ----a-w-    C:\Windows 
\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792  ----a-w-    C:\Windows 
\System32\drivers\srvnet.sys
.
============= FINISH: 23:22:26.30 ===============

windows-vista-7-8

Edited 11 Years Ago by mike_2000_17 because: Fixed formatting

5 Contributors
11 Replies
936 Views
2 Years Discussion Span
Latest Post 10 Years Ago Latest Post by JohnKing420

jingda 135 Industrious Poster

13 Years Ago

Don't access the links first. Other experts in the Virus Area will help you.

jingda 135 Industrious Poster

13 Years Ago

Try backing up your data on a external hard disk first in case you loose all your work. See this too

http://answers.microsoft.com/en-us/windows/forum/windows_7-system/problem-with-explorerexe-in-windows-7/41ae6113-974b-4ba8-985e-f710260396e5

jingda 135 Industrious Poster

13 Years Ago

I think you better take your laptop for a repair. Let an expert to closely look at it. You can try reformat your computer first.

Edited 13 Years Ago by jingda because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

biggeo65 -4 Newbie Poster · Answer 1 · 2011-07-29T01:08:08+00:00

Maybe something in context menu (right click menu) crash explorer ?
If i read it right, the problem is only with the files.
If you right click on a folder explorer work fine.

Download from hereShellexView, and from hereshellMenuview

First run ShellMenu.exe and disable evrything you find suspicious.

Then run the ShellexView and do the same.
To disable an item just select it with your mouse and then click the red button on the uper left corner of the Window.

You may need to disable them all and enable them one at the time, to find what cause the problem.

Michael_SB 0 Newbie Poster · Answer 2 · 2011-07-29T14:57:12+00:00

Thanks biggeo65 and Jingda. Jingda, I didn't see your post earlier, so I tried using both softwares. I disabled first half of everything in ShellMenu and no result. I then re-enabled and disabled the other half. No dice.
ShellexView was more complicated, as some Windows Office softwares are connected to the system(?) and I was told disabling them could prevent me starting up again. So I disabled everything I could that was either created or modified on or since the time of crash. No results, right-click still crashed explorer.
I don't know if I was using the software correctly - was I supposed to reboot each time after disabling something?

@Jingda - thanks. This thread is in Windows - should I somehow repost it to viruses?

thomas_symantec 0 Newbie Poster · Answer 3 · 2011-07-29T20:17:30+00:00

Hi Michael,

It appears you are running Symantec Endpoint Protection. There are a couple tools that we provide, that may help find and remove hard to discover threats.

First is the Power Eraser tool, found in the SEP support tool. Run this first and see if anything gets picked up.

http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US

The second utility is also found within the SEP support tool.
Run the Load Point Analysis utility to help troubleshoot your system and determine if your system is infected.

http://www.symantec.com/business/support/index?page=content&id=TECH96291&locale=en_US

I hope this information is helpful to you.

Best,
Thomas (Symantec)

Michael_SB 0 Newbie Poster · Answer 4 · 2011-07-31T17:46:03+00:00

Dear Thomas;

Thank you but this also produced no results.

Michael_SB 0 Newbie Poster · Answer 5 · 2011-08-01T01:09:23+00:00

I've further found that certain clicks in the Control Panel (such as managing backups) also causes explorer to fail.
In addition, my computer just spontaneously crashed tonight, with no warning - just froze for 10 minutes and then rebooted. It went through a self disk-check, but only found one .tmp file that it associated with a directory.
This is getting dangerous! I'm worried about losing work. I don't believe there's a disk problem, since the Disk Check didn't find anything - but I'm open to investigating. However, I think the issue of explorer.exe closing spontaneously is a soft error. What to do???

Michael_SB 0 Newbie Poster · Answer 6 · 2011-08-01T14:34:17+00:00

When explorer resets, it also tries to send a file back to Windows. It's called WER64D1.tmp.hdmp Is that useful for anyone for analysis?

Michael_SB 0 Newbie Poster · Answer 7 · 2011-08-02T13:37:41+00:00

Michael_SB 0 Newbie Poster

13 Years Ago

Thanks. I have backed up.

I ran the sfc scan, and it didn't solve the problem. But it produced the attached report - is it helpful? It was originally titled CBS.log, I've renamed it to CBS.log.txt for uploading.

Many thanks for your help!

Michael

CBS.log_.txt (874.69 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

2011-08-02 07:37:57, Info                  CBS    Starting TrustedInstaller initialization.
2011-08-02 07:37:57, Info                  CBS    Loaded Servicing Stack v6.1.7601.17592 with Core: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dll
2011-08-02 07:38:00, Info                  CSI    00000001@2011/8/2:05:38:00.161 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fee893f0ad @0x7fee9959849 @0x7fee99234e3 @0xfff8e97c @0xfff8d799 @0xfff8db2f)
2011-08-02 07:38:00, Info                  CSI    00000002@2011/8/2:05:38:00.508 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fee893f0ad @0x7fee99a6816 @0x7fee9972aac @0x7fee99235b9 @0xfff8e97c @0xfff8d799)
2011-08-02 07:38:00, Info                  CSI    00000003@2011/8/2:05:38:00.568 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fee893f0ad @0x7feee748738 @0x7feee748866 @0xfff8e474 @0xfff8d7de @0xfff8db2f)
2011-08-02 07:38:00, Info                  CBS    Ending TrustedInstaller initialization.
2011-08-02 07:38:00, Info                  CBS    Starting the TrustedInstaller main loop.
2011-08-02 07:38:00, Info                  CBS    TrustedInstaller service starts successfully.
2011-08-02 07:38:00, Info                  CBS    SQM: Initializing online with Windows opt-in: False
2011-08-02 07:38:00, Info                  CBS    SQM: Cleaning up report files older than 10 days.
2011-08-02 07:38:00, Info                  CBS    SQM: Requesting upload of all unsent reports.
2011-08-02 07:38:00, Info                  CBS    SQM: Failed to start upload with file pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2011-08-02 07:38:00, Info                  CBS    SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2011-08-02 07:38:00, Info                  CBS    SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6
2011-08-02 07:38:00, Info                  CBS    SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2011-08-02 07:38:00, Info                  CBS    No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2011-08-02 07:38:00, Info                  CBS    NonStart: Checking to ensure startup processing was not required.
2011-08-02 07:38:00, Info                  CSI    00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0x118f6e0
2011-08-02 07:38:00, Info                  CSI    00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2011-08-02 07:38:00, Info                  CSI    00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x254
2011-08-02 07:38:00, Info                  CSI    00000007@2011/8/2:05:38:00.907 CSI perf trace:
CSIPERF:TXCOMMIT;1006
2011-08-02 07:38:00, Info                  CBS    NonStart: Success, startup processing not required as expected.
2011-08-02 07:38:00, Info                  CBS    Startup processing thread terminated normally
2011-08-02 07:38:01, Info                  CSI    00000008 CSI Store 4488704 (0x0000000000447e00) initialized
2011-08-02 07:38:03, Info                  CBS    Archived backup log: C:\Windows\Logs\CBS\CbsPersist_20110802053757.cab.
2011-08-02 07:38:08, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2011-08-02 07:38:08, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2011-08-02 07:38:13, Info                  CSI    0000000b Repair results created:
POQ 0 starts:
 
POQ 0 ends.
2011-08-02 07:38:13, Info                  CSI    0000000c [SR] Verify complete
2011-08-02 07:38:13, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2011-08-02 07:38:13, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2011-08-02 07:38:20, Info                  CSI    0000000f Repair results created:
POQ 1 starts:
 
POQ 1 ends.
2011-08-02 07:38:20, Info                  CSI    00000010 [SR] Verify complete
2011-08-02 07:38:20, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2011-08-02 07:38:20, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2011-08-02 07:38:27, Info                  CSI    00000013 Repair results created:
POQ 2 starts:
 
POQ 2 ends.
2011-08-02 07:38:27, Info                  CSI    00000014 [SR] Verify complete
2011-08-02 07:38:28, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2011-08-02 07:38:28, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2011-08-02 07:38:36, Info                  CSI    00000017 Repair results created:
POQ 3 starts:
 
POQ 3 ends.
2011-08-02 07:38:36, Info                  CSI    00000018 [SR] Verify complete
2011-08-02 07:38:36, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2011-08-02 07:38:36, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2011-08-02 07:38:42, Info                  CSI    0000001b Repair results created:
POQ 4 starts:
 
POQ 4 ends.
2011-08-02 07:38:42, Info                  CSI    0000001c [SR] Verify complete
2011-08-02 07:38:42, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2011-08-02 07:38:42, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2011-08-02 07:38:48, Info                  CSI    0000001f Repair results created:
POQ 5 starts:
 
POQ 5 ends.
2011-08-02 07:38:48, Info                  CSI    00000020 [SR] Verify complete
2011-08-02 07:38:48, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2011-08-02 07:38:48, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2011-08-02 07:38:53, Info                  CSI    00000023 Repair results created:
POQ 6 starts:
 
POQ 6 ends.
2011-08-02 07:38:53, Info                  CSI    00000024 [SR] Verify complete
2011-08-02 07:38:53, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2011-08-02 07:38:53, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2011-08-02 07:38:59, Info                  CSI    00000027 Repair results created:
POQ 7 starts:
 
POQ 7 ends.
2011-08-02 07:38:59, Info                  CSI    00000028 [SR] Verify complete
2011-08-02 07:38:59, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2011-08-02 07:38:59, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2011-08-02 07:39:05, Info                  CSI    0000002b Repair results created:
POQ 8 starts:
 
POQ 8 ends.
2011-08-02 07:39:05, Info                  CSI    0000002c [SR] Verify complete
2011-08-02 07:39:06, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2011-08-02 07:39:06, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2011-08-02 07:39:11, Info                  CSI    0000002f Repair results created:
POQ 9 starts:
 
POQ 9 ends.
2011-08-02 07:39:11, Info                  CSI    00000030 [SR] Verify complete
2011-08-02 07:39:11, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2011-08-02 07:39:11, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2011-08-02 07:39:14, Info                  CSI    00000033 Repair results created:
POQ 10 starts:
 
POQ 10 ends.
2011-08-02 07:39:14, Info                  CSI    00000034 [SR] Verify complete
2011-08-02 07:39:15, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2011-08-02 07:39:15, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2011-08-02 07:39:23, Info                  CSI    00000037 Repair results created:
POQ 11 starts:
     0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\70ac2488d650cc01b20400001810e80b._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
    1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\40192988d650cc01b30400001810e80b.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
    2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\50753588d650cc01b40400001810e80b.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
    3: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\90823888d650cc01b50400001810e80b.$$_system32_logfiles_ait_5b4995189d2e6c55.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_logfiles_ait_5b4995189d2e6c55.cdf-ms"
    4: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\00053c88d650cc01b60400001810e80b.programdata_microsoft_windows_ait_140a03828e6ffe97.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_windows_ait_140a03828e6ffe97.cdf-ms"
    5: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\c07f4c88d650cc01b70400001810e80b.$$_help_windows_ja-jp_bf14e4c265261fbe.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_help_windows_ja-jp_bf14e4c265261fbe.cdf-ms"
    6: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\008d4f88d650cc01b80400001810e80b.$$_help_help_ja-jp_9132a6bb9c317c46.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_help_help_ja-jp_9132a6bb9c317c46.cdf-ms"
    7: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\105a5e88d650cc01b90400001810e80b.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_diagnostic

JohnKing420 0 Newbie Poster · Answer 8 · 2014-01-31T06:18:10+00:00

Well, you need to do some scan and repair of your system files & settings. Why dont try Reginout? If it fails, do system restore.