Cannot open My Computer

larrys32 · 04-19-2009, 04:20 PM

I cannot open My computer. It gives a blank window and freezes the system. I am not able to End Task. I am running XP.
The requested files are attached and copied below.
Larry

DDS file:
DDS (Ver_09-03-16.01) - NTFSx86
Run by saturn at 12:00:18.36 on Sun 04/19/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2897 [GMT -7:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\D4\D4.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
C:\Documents and Settings\saturn.KDNA0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\saturn.KDNA0\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://dna.kdna.ucla.edu/simpsonlab
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [folderclone] c:\program files\folderclone\folderclone.exe
uRun: [Google Update] "c:\documents and settings\saturn.kdna0\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [VistaStartMenu] "c:\program files\vista start menu\VistaStartMenu.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [FileZilla Server Interface] "c:\program files\filezilla server\FileZilla Server Interface.exe"
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Dimension4] c:\program files\d4\D4.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SDActiveMonitor] c:\program files\spywaredetector\SDActiveMonitor.exe -AUTO
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
StartupFolder: c:\docume~1\saturn~1.kdn\startm~1\programs\startup\hypers~1.lnk - c:\program files\hypersnap 6\HprSnap6.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237410254152
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {2E991904-EB1E-4CA1-A4C3-500E19AA9C3D} = 164.67.82.55,164.67.7.17
Handler: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - c:\program files\invitrogen\vector nti advance 10\Ncbi.dll
Notify: SDNotify - c:\program files\spywaredetector\SDNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\saturn~1.kdn\applic~1\mozilla\firefox\profiles\8iishntw.default\
FF - prefs.js: browser.startup.homepage - hxxp://dna.kdna.ucla.edu/simpsonlab
FF - component: c:\documents and settings\saturn.kdna0\application data\mozilla\firefox\profiles\8iishntw.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayAccessService.dll
FF - component: c:\documents and settings\saturn.kdna0\application data\mozilla\firefox\profiles\8iishntw.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayFormSubmitObserver.dll
FF - component: c:\documents and settings\saturn.kdna0\application data\mozilla\firefox\profiles\8iishntw.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\saturn.kdna0\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\saturn.kdna0\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-8-18 34312]
R1 SDManager;SDManager;c:\program files\spywaredetector\SDManager.sys [2009-4-19 13696]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-8-18 468224]
R2 SDService;SDService;c:\program files\spywaredetector\SDService.exe [2009-4-19 1720192]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-9-18 54960]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 gupdate1c987ec6f93c87c;Google Update Service (gupdate1c987ec6f93c87c);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
S3 SDActMon;SDActMon;c:\program files\spywaredetector\SDActMon.sys [2009-4-19 21888]

=============== Created Last 30 ================

2009-04-19 11:39 <DIR> --d----- c:\program files\hijackpro2
2009-04-19 11:27 <DIR> --d----- c:\program files\Trend Micro
2009-04-18 21:42 104 a------- c:\windows\system32\ProxySettings.ini
2009-04-18 21:42 13,776 a------- c:\windows\system32\SDEarlyDelete.exe
2009-04-18 21:42 110 a------- c:\windows\system32\SDEarlyDelete.ini
2009-04-18 21:42 1,060,864 a------- c:\windows\system32\CheckDll.dll
2009-04-17 17:02 <DIR> --d----- c:\program files\GSpot270a
2009-03-26 09:30 195,096 a------- c:\windows\system32\lvci11901262.dll
2009-03-25 12:39 13 ----h--- c:\docume~1\alluse~1\applic~1\˜113.›sys
2009-03-25 12:39 938,272 a------- c:\windows\system32\wodFtpDLX.OCX
2009-03-24 13:12 3,863,808 a------- c:\program files\SysInspector.exe
2009-03-23 11:29 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-22 20:18 <DIR> --d----- c:\docume~1\saturn~1.kdn\applic~1\Webcammax
2009-03-22 20:17 941,784 a------- c:\windows\system32\drivers\CAMTHWDM.sys
2009-03-22 20:05 <DIR> --d----- c:\docume~1\saturn~1.kdn\applic~1\ooVoo Details
2009-03-22 14:22 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-03-22 14:22 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-03-22 14:21 494,104 a------- c:\windows\system32\LVUI2.dll
2009-03-22 14:21 195,096 a------- c:\windows\system32\lvci11801048.dll
2009-03-22 14:21 6,364,440 a------- c:\windows\system32\drivers\lvuvc.sys
2009-03-22 14:21 432,664 a------- c:\windows\system32\LVUI2RC.dll
2009-03-22 14:21 416,280 a------- c:\windows\system32\lvcodec2.dll
2009-03-22 14:21 81,110 a------- c:\windows\system32\lvcoinst.ini
2009-03-22 14:21 41,752 a------- c:\windows\system32\drivers\LVUSBSta.sys
2009-03-22 14:21 768,024 a------- c:\windows\system32\drivers\lvrs.sys
2009-03-22 14:21 29,562 a------- c:\windows\system32\Repository.reg
2009-03-22 14:20 23,832 a------- c:\windows\system32\drivers\lvuvcflt.sys
2009-03-21 07:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-03-20 15:48 90,112 a------- c:\windows\unvise32.exe
2009-03-20 15:46 <DIR> --d----- c:\docume~1\saturn~1.kdn\applic~1\Vista Start Menu

==================== Find3M ====================

2009-04-18 21:50 1,984 a------- c:\windows\system32\d3d9caps.dat
2009-04-16 16:05 18,494 a------- c:\program files\esi-eula.txt
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 01:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 01:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-09 11:04 902 a------- c:\program files\AVS Registry Cleaner.lnk
2008-01-27 22:02 4,333,568 a------- c:\program files\mplayerc.exe
2006-06-27 15:20 2,245,120 a------- c:\program files\WinBoxer.exe
2004-07-01 16:21 208,896 a------- c:\program files\Filemon.exe
2004-03-31 09:42 98,304 a------- c:\program files\Tcpview.exe
2003-03-20 16:26 14,619 a------- c:\program files\FILEMON.HLP
2002-09-02 12:13 7,983 a------- c:\program files\TCPVIEW.HLP
2007-09-23 07:35 108 a--shr-- c:\windows\neoqaz2.dll

============= FINISH: 12:00:35.58 ===============

Ried · 04-22-2009, 10:16 PM

Hello Larry,

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

04-22-2009, 10:16 PM	#2 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,030 OS: WinXP and Vista	Re: Cannot open My Computer Hello Larry, Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on combofix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."