Hmm... virus in Windows Explorer?

By john simpson ยท 16 replies
Sep 14, 2011
  1. Hi, I require help to find what the problem with my pc is.

    Whenever i do any related tasks with 'my documents' folder I get the message:

    "windows has encountered a problem and needs to close"

    My concern is that i have virus infected within my Windows Explorer?

    I do regular scans using MalwareBytes, Avira, Super-AntiSpyware an Spybot, and they always show my pc clean.

    Thanks for reading.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    John, the message you're getting can happen for a lot of reasons-having nothing to do with an infection in Windows Explorer.

    For one, unexplained crashes of Windows Explorer can be caused by having hidden files and folders showing. One way to check that is:

    Don't Show Hidden Folders/Files
    • Open My Computer.
      [*] Go to Tools > Folder Options.
      [*] Select the View tab.
      [*] Scroll down and check 'Don't show Hidden files and folders'.
      [*] Check Hide extensions of known file types.
      [*] Check Hide protected operating system files (Recommended).
      [*] Click OK.
      [*] Close My Computer.
    If you find those lines are the opposite of what I instructed, then you will have eliminated one cause of the message.
    But the only way we can 'see' what going on in the system is for you to please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
  3. john simpson

    john simpson TS Rookie Topic Starter Posts: 27

    Thanks for the reply.

    I looked at my hidden files folder boxes and the three are already checked.

    ill do the Preliminary Virus and Malware Removal steps. shall post back with results.
  4. john simpson

    john simpson TS Rookie Topic Starter Posts: 27

    Malwarebytes' Anti-Malware

    Database version: 7719

    Windows 5.1.2600 Service Pack 3, v.6055
    Internet Explorer 8.0.6001.18702

    15/09/2011 05:07:02
    mbam-log-2011-09-15 (05-07-02).txt

    Scan type: Quick scan
    Objects scanned: 176004
    Time elapsed: 4 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  5. john simpson

    john simpson TS Rookie Topic Starter Posts: 27

    GMER -
    Rootkit quick scan 2011-09-15 05:22:45
    Windows 5.1.2600 Service Pack 3, v.6055 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS728080PLAT20 rev.PF2OA21B
    Running: tvsefunc.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kxtdapow.sys

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xAF4407BC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xAF440A12]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    ---- EOF - GMER 1.0.15 ----
  6. john simpson

    john simpson TS Rookie Topic Starter Posts: 27

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by User at 5:46:32 on 2011-09-15
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2046.1543 [GMT 1:00]
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: COMODO Firewall *Disabled*
    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://
    uInternet Settings,ProxyOverride = local
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cfp.exe -h
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
    mPolicies-explorer: NoResolveTrack = 1 (0x1)
    mPolicies-explorer: NoFileAssociate = 0 (0x0)
    mPolicies-system: NoDispSettingsPage = 0 (0x0)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    Trusted Zone:\livefooty
    Trusted Zone:\*.update
    Trusted Zone:\update
    Trusted Zone:\windowsupdate
    Trusted Zone:\download
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://
    TCP: Interfaces\{97E83DB1-8361-4D47-9E36-53396AA240C3} : NameServer =,
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    ================= FIREFOX ===================
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\uzbz4xdf.default\
    FF - prefs.js: browser.startup.homepage -
    FF - plugin: c:\documents and settings\user\local settings\application data\google\update\\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-16 11608]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 239368]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 27576]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 67656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-16 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-16 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-16 66616]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-4-9 1771288]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 2010 advanced\DfSdkS.exe [2011-7-30 406016]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 12872]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-1-26 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    =============== Created Last 30 ================
    2011-09-15 03:57:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-15 03:57:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-11 17:08:19 -------- d-----w- c:\documents and settings\user\dwhelper
    ==================== Find3M ====================
    2011-09-12 20:30:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-29 02:21:03 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
    ============= FINISH: 5:47:18.73 ===============
  7. john simpson

    john simpson TS Rookie Topic Starter Posts: 27

    5 characters
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Okay, so far I'm not seeing any malware entries. I'd like to do the following 2 scans to see if they find anything:

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    I suspect this is going to be hardware related. There are error events for:

    Atapi - Event ID:11 - The driver detected a controller error on \Device\Ide\IdePort0. and same for \Device\Ide\IdePort1
    I see this being reported on SATA drives. We'll see what the new logs show. I may refer you to one of our other forums.
  9. john simpson

    john simpson TS Rookie Topic Starter Posts: 27

    Did an ESET online scan. No infections were found. No log was produced
  10. john simpson

    john simpson TS Rookie Topic Starter Posts: 27

    10 characters
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Okay, still looking pretty clean. I would like to check a few things:

    Regarding the above, has anything changed? Still crashing? Please tell me what the 'related tasks'- are specifically.
    There are some drivers on the system with question marks. They were set several years ago. are you still using the following:
    1. SIS VGA driver: Related processes:
    'keyhook.exe> "Super VGA Keyboard Daemon" - hooks into the keyboard processing chain in order to enable hotkey settings from 2004-05-12
    sistray.exe Related to System_Tray icon for SiS based graphic 2008
    2. Hotspot Shield Monitoring Servicee- no date
    Related processes, Combofix deleted one of them:
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll>> The file was deleted in Combofix
    Hotspot Shield Monitoring Service
    The above is found to be a threat by some AV programs, of the Trojan Family and/or a 'potentially unwanted program' or PUP:

    3. Windows Remote Management : 2008
    If you are actively using the and need it to run< leave it. But if it is noT being used by you, it should be disaBleS. See the MS info HERE.
    I advise you to remove All of the following domains from the Trusted Zone:
    Nothing needs to be in the Trusted Zone. The security is lower there and presents a risk to your system.
    Depending on the browser you use< follow any path similar to the one bElow for IE:
    Open Internet Options through the Control PaneL ot Tools in IE> Security tab> Trusted Sites> Sites. Look for the following and highlight these domains> Remove:
    A disclaimer you may not have noticed on the LiveFooty site:: All streams that we put up on LiveFooty are form P2P applications and programs. (I think that is suppose to read 'from-not form).NO streams are created or produced by LiveFooty[/B]. Our job on LiveFooty is to provide simple and easy guidance for users to find P2P channels and programs. We DO NOT create the streams here![/QUOTE]
    Simply said, it means the stream you get is through file sharing- also known as peer-to-peer or P2P. While these streams my be very enjoyable< you should know of the possible risks;
    About P2P or 'file sharing'
    • Even if you are using a "safe" P2P program, it is only the program that is safe.
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    And by putting this site in the Trusted Zone< you have allowed access with a lower security level.

    Please read the information on P2P Warning to help you better understand these dangers.
    I note you have SuperantiSpyware on the system. Please update it and run a scan. Be sure to check the line for removal of the entries. You may be able to reset the Cookies to better protect the system. Leave the log in your next reply.
  12. john simpson

    john simpson TS Rookie Topic Starter Posts: 27

    I regard to the 'my documents'..To be specific...

    i remember a few years back installing a 2nd HD, as a storage device, on the pic. Thats when i initially noticed the 'windows has encountered a problem' crash. This would happen when id attempt to move files across to it. (I figured it was a problem with the harddisk so i took it out.)

    A few days back, attempting to move a file to a usb stick, i would get the same crash.This happpens frequently
    I think this all directly relates to what you noticed in your earlier post: -

    "Atapi - Event ID:11 - The driver detected a controller error on \Device\Ide\IdePort0. and same for \Device\Ide\IdePort1
    I see this being reported on SATA drives. We'll see what the new logs show. I may refer you to one of our other forum"
  13. john simpson

    john simpson TS Rookie Topic Starter Posts: 27

    SIS VGA driver: I dont know if im still using it, i think it was preinstalled on my pc. (as ive never installed it) should i delete the prog? disable from start up?

    Hotspot: I installed Hotspot. I use it from time to time. Should i delete it?

    Windows Remote Management: I do no intend to use it. How do i go about disabling it?

    Removed all the domains from 'trusted zones' from IE.
  14. john simpson

    john simpson TS Rookie Topic Starter Posts: 27

    SUPERAntiSpyware Scan Log

    Generated 09/16/2011 at 11:11 PM

    Application Version : 5.0.1118

    Core Rules Database Version : 3661
    Trace Rules Database Version: 1641

    Scan type : Complete Scan
    Total Scan Time : 00:09:54

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3, v.6055 (Build 5.01.2600)

    Memory items scanned : 445
    Memory threats detected : 0
    Registry items scanned : 31846
    Registry threats detected : 0
    File items scanned : 4452
    File threats detected : 0
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    :grinthumb Congratulations! This is the first SAS log I've even seen that is totally clean!

    Sorry about the misplaced upper case letters such as in here:
    My right shift key has gotten 'spongy' and occasionally pops one in. No matter how hard I look, I miss some of them!

    Give me some info on system performance now. The logs are coming up clean- that's a good thing. I'm not going to make any changes on the processes I asked you about.
  16. john simpson

    john simpson TS Rookie Topic Starter Posts: 27

    Thanks. Much appreciated for all your help. And dont worry about those mispelt words, Im like that too. lol

    Cool so i leave the Win Remote Mangment enabled?

    Also the programs: Gmer, ComboFix and DDS should i uninstall them now? how do i do it.

    I now that sounds silly but i just want to make sure i do it correctly and not just drag the icon to Recycle Bin. lol
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You're very welcome. It was a great pleasure to see clean logs for a change! Yes, leave WRM like it is.

    Since you are perking along now with a clean system and everything working, we can clean up:

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    Empty the Recycle Bin
    You can download and scan with Malwarebytes occasionally- just remember to check the line for removal of entries..

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...