| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91754 | 2008-07-17 10:55:00 | Microsoft Visual C++ Runtime Library error | nofam (9009) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 689844 | 2008-07-17 10:55:00 | Got a friends PC to look at, which was running like a pig (limewire . . . :yuck: ) Ran Spyware Doctor which found around 19 trojans, and removed them . Now whenever I open a folder within another folder, or any drive within My Computer I get an error box labeled: Microsoft Visual C++ Runtime Library Runtime Error! Program: C:\WINDOWS\explorer . exe abnormal program termination Then explorer . exe crashes and restarts . Here's a HJT log: Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 10:03:31 p . m . , on 17/07/2008 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Adobe\Photoshop Elements 6 . 0\PhotoshopElementsFileAgent . exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe C:\PROGRA~1\AVG\AVG8\avgwdsvc . exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm . exe C:\WINDOWS\system32\slserv . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs . exe C:\PROGRA~1\AVG\AVG8\avgrsx . exe C:\PROGRA~1\AVG\AVG8\avgemc . exe C:\Program Files\Saitek\Software\SaiMfd . exe C:\WINDOWS\System32\svchost . exe C:\PROGRA~1\AVG\AVG8\avgtray . exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier . exe C:\WINDOWS\system32\msiexec . exe C:\WINDOWS\explorer . exe C:\PROGRA~1\FREEDO~1\fdm . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www . google . co . nz/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O1 - Hosts: 209 . 120 . 136 . 200 community . the-underdogs . info O1 - Hosts: 209 . 120 . 136 . 203 dfg . the-underdogs . info O1 - Hosts: 209 . 120 . 136 . 196 files . the-underdogs . info O1 - Hosts: 209 . 120 . 136 . 205 mac . the-underdogs . info O1 - Hosts: 209 . 120 . 136 . 197 old . the-underdogs . info O1 - Hosts: 209 . 120 . 136 . 207 ron . the-underdogs . info O1 - Hosts: 209 . 120 . 136 . 194 the-underdogs . info O1 - Hosts: 209 . 120 . 136 . 195 www . the-underdogs . info O1 - Hosts: 209 . 120 . 136 . 209 zzt . the-underdogs . info O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie . dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4 . dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3 . 0 . 1225 . 9868\s wg . dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks . dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4 . dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page . dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt . dll O4 - HKLM\ . . \Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx . exe O4 - HKLM\ . . \Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd . exe O4 - HKLM\ . . \Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB EP . EXE /FU "C:\WINDOWS\TEMP\E_SBE . tmp" /EF "HKLM" O4 - HKLM\ . . \Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray . exe O4 - HKCU\ . . \Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier . exe O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKUS\S-1-5-19\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\ . . \RunOnce: [RunNarrator] Narrator . exe (User 'SYSTEM') O4 - HKUS\ . DEFAULT\ . . \Run: [CTFMON . EXE] C:\WINDOWS\system32\CTFMON . EXE (User 'Default user') O4 - HKUS\ . DEFAULT\ . . \RunOnce: [RunNarrator] Narrator . exe (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall . htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected . htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink . htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O9 - Extra button: TestPokerStars . com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - C:\Program Files\PokerStars . TEST\PokerStarsUpdate . exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR . DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR . DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - . zone . msn . com/binary/msgrchkr . cab31267 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm . ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - . microsoft . com/fwlink/?linkid=39204" target="_blank">go . microsoft . com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - . zone . msn . com/binary/msgrchkr . cab56986 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper . dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - . zone . msn . com/binary/SolitaireShowdown . cab56986 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - . zone . msn . com/EN-NZ/a-UNO1/GAME_UNO1 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site . cab?1148794562671" target="_blank">update . microsoft . com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - . zone . msn . com/binary/MessengerStatsClient . cab31267 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - . groups . msn . com/controls/FileUC/MsnUpld . cab" target="_blank">sc . groups . msn . com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - . zone . msn . com/binary/MessengerStatsPAClient . cab56907 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper . ocx O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp . dll O20 - AppInit_DLLs: avgrsstx . dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6 . 0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6 . 0\PhotoshopElementsFileAgent . exe O23 - Service: Apple Mobile Device - Apple, Inc . - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc . - C:\WINDOWS\system32\Ati2evxx . exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag . exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s . r . o . - C:\PROGRA~1\AVG\AVG8\avgemc . exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s . r . o . - C:\PROGRA~1\AVG\AVG8\avgwdsvc . exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd . - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs . exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc . exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv . exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC . exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs . exe -- End of file - 9591 bytes Anyone struck this before? Cheers all!! |
nofam (9009) | ||
| 689845 | 2008-07-17 11:10:00 | Its probably the trojans that screwed everything up Tick these then tick fix checked Close browsers O1 - Hosts: 209.120.136.200 community.the-underdogs.info O1 - Hosts: 209.120.136.203 dfg.the-underdogs.info O1 - Hosts: 209.120.136.196 files.the-underdogs.info O1 - Hosts: 209.120.136.205 mac.the-underdogs.info O1 - Hosts: 209.120.136.197 old.the-underdogs.info O1 - Hosts: 209.120.136.207 ron.the-underdogs.info O1 - Hosts: 209.120.136.194 the-underdogs.info O1 - Hosts: 209.120.136.195 www.the-underdogs.info O1 - Hosts: 209.120.136.209 zzt.the-underdogs.info O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled Then get trojan remover (www.simplysup1.com), install it update it Then click on scan, select all options under utilities Then open my computer, right mouse on c and scan with trojan remover Dont put the log in a box it makes it harder to read |
Speedy Gonzales (78) | ||
| 689846 | 2008-07-19 03:56:00 | Thanks Speedy - all done, but PC is still showing error. TR did find a Windows Explorer policy in place which it's removed, but didn't find anything else. Kaspersky found nothing at all (PC did have AVG 8.0) Any suggestions as to what I should try next?? Will keep searching google in the meantime. Here's a screen shot (www.imagef1.net.nz) of the error when I tried to open the C:\ drive in My Computer. Thanks all |
nofam (9009) | ||
| 689847 | 2008-07-19 04:25:00 | Have a read of this (forums.microsoft.com) Uninstall Google toolbar |
Speedy Gonzales (78) | ||
| 689848 | 2008-07-19 06:12:00 | Yeah thanks again Speedy - also found some evidence of BHO's causing this, so I downloaded a BHO tool, disabled all of them and the problem went away!! Cheers for your help!! :thumbs: |
nofam (9009) | ||
| 689849 | 2008-07-19 06:13:00 | Cool ! | Speedy Gonzales (78) | ||
| 1 | |||||