HJT Log of Captainbarred(Dr Watson issue)

[captainbarred]

this thread continued from http://techsupportforum.com/showthread.php?t=61010

Hey Guys, think you can help me out please?

Some guys in the XP forum looked at this, told me to come here and run HJT.

I ran adaware and then the online virus scan, the virus scan could not clean everything, it left these:
Results:
We have detected 2 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix

Important This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes.;The vulnerability is caused by an unchecked buffer in the Microsoft Office WordPerfect Converter.

http://www.trendmicro.com/en/securit...s/MS04-027.htm

Critical This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes.

http://www.trendmicro.com/en/securit...s/MS04-028.htm

I am about to run the HJT and the analyzer, will post the log in a few minutes...

[captainbarred]

Logfile of HijackThis v1.99.1
Scan saved at 7:34:45 PM, on 7/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E80892B-187B-4250-9490-4EC7EDB9FC63}: NameServer = 207.69.188.185,207.69.188.186,207.69.188.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{4E80892B-187B-4250-9490-4EC7EDB9FC63}: NameServer = 207.69.188.185,207.69.188.186,207.69.188.187
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

this didnt work exactly like the thing in the read this first thread said, but im allowing that its due to updates. I selected run this and create a log file and this popped right up...
I copied then closed out of the program and pasted here.

[phaenilda]

Edit:Read my other post Please refrain from answering anymore logs

[captainbarred]

O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
Steam, the program that runs HL2 and all the valve games

one says nero-check, i have nero....

I have Creative audio drivers...

[Lobos]

Hello, phaenilda and Welcome to TSF.

I'm sure you have the best intentions, but please refrain from offering advice to users in our HJT forum.

Please see this thread:

Who Is Helping You?

If you have interest in helping folks in our HJT forum, please register and join our Academy to learn the proper malware fighting techniques. This takes a certain level of commitment, but if this sort of thing interests you, please do it the correct way. We'd love to have you join us.

This is serious stuff, and doing the wrong thing can permanently mess up someones computer.

Thank you.

Sincerely,

Lobos

[Lobos]

Hello Captainbarred

Someone will be by to help you. Im working on something right now, but if your still have not been helped when i check back i will answer your log for you

Lobos

[skate_punk_21]

Ahoy Capitan,
unfortunately all those things you discussed with the other user are legit and likely necessary. Furthermore, i hate to tell you, but your log is clean!

so in such case, lets try some other things alright?

1.
Further Scanning
Please run a Scan at the Following site
Panda ActiveScan
When the scan is finished you will be given the option to save a log of the scan, SAVE THAT LOG and post its results here for analysis.


2.
Please empty any Quarantine folder in your antivirus programS and purge all recovery items in the Spybot program (if you use it) before running this tool.
Download the Mwav Virus Checker (Use Link 3)


Boot Into Safe Mode
Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

1. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
2. Put a check next to the below items before scanning:

• Memory
  
• Startup Folders
  
• Drive - All Local Drives
  
• Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  
• Registry
  
• System Folders
  
• Services
  
• Include Sub-Directory
  
• Scan All Files

3. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
4. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file, reboot back to normal mode, highlight the text and copy it here.
Skate_Punk_21

[captainbarred]

ok, number 1, nothing was found, it did not give me an option to save a log as nothing was found...

I have to get up early tomorow so i might do the second step tomorow after work, thanks for the help, ill get back to you ASAP! :)

[captainbarred]

A guy I work with thought it might be my mouse, as the initial problem was right-clicking. I have a logitech, but am using the basic mouse dirvers, I have not installed the specific drivers for this mouse.

I do not believe it is the issue though as 1) it also freezes when I hit the delete key on my keyboard and 2) I can right-click and delete items on a removable thumb drive...

I will be going through the second step above in a few hours when I get home...

[captainbarred]

Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\CTDetect.cpl". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{29FF67FF-8050-480f-9F30-CC41635F2F9D}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{70B51430-B6CA-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8298d101-f992-43b7-8eca-5052d885b995}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A9E69612-B80D-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{f612954d-3b0b-4c56-9563-227b7be624b4}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.
File C:\DOCUME~1\Tim\LOCALS~1\Temp\tmp-2.xpi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Tim\Local Settings\Temp\tmp-2.xpi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\AIM\Unwise32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Call of Duty\Uninstall\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Creative\SBAudigy2ZS\Program\WDM\COMMON\killapps.exe tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.
File C:\Program Files\EA GAMES\Battlefield 2 Demo\Redist\ArcadeInstallBATTLEFIELD2_20.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Valve\Steam\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.
File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\Temp\CRF000\creaf_ms.cab tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.
File C:\WINDOWS\Temp\CRF000\Drivers\WDM\COMMON\killapps.exe tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.
File C:\WINDOWS\Temp\CTZAPXX\Drivers\WDM\Common\killapps.exe tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.
File E:\BitTorrent-4.0.1.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
File E:\program downloads\aaw6.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\program downloads\aawsepersonal.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\program downloads\BitTorrent-4.0.2.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken.
File E:\program downloads\mirc614.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken.
File E:\program downloads\sysreset253.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken.
File E:\System Volume Information\_restore{1DCD929A-D5B9-4DB7-B1D1-F11F830ADFA9}\RP44\A0000718.exe infected by "Backdoor.Win32.Delf.bz" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{1DCD929A-D5B9-4DB7-B1D1-F11F830ADFA9}\RP88\A0008827.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\System Volume Information\_restore{1DCD929A-D5B9-4DB7-B1D1-F11F830ADFA9}\RP88\A0008830.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\System Volume Information\_restore{1DCD929A-D5B9-4DB7-B1D1-F11F830ADFA9}\RP88\A0008831.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\System Volume Information\_restore{1DCD929A-D5B9-4DB7-B1D1-F11F830ADFA9}\RP88\A0008832.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\System Volume Information\_restore{1DCD929A-D5B9-4DB7-B1D1-F11F830ADFA9}\RP88\A0008835.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\System Volume Information\_restore{AAC25452-B7B0-48B2-8337-937FD0788B6F}\RP141\A0061108.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\System Volume Information\_restore{AAC25452-B7B0-48B2-8337-937FD0788B6F}\RP90\A0014363.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File E:\System Volume Information\_restore{AAC25452-B7B0-48B2-8337-937FD0788B6F}\RP90\A0014365.exe tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\Documents and Settings\Tim\Local Settings\Temp\tmp-2.xpi tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\AIM\Unwise32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Call of Duty\Uninstall\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Creative\SBAudigy2ZS\Program\WDM\COMMON\killapps.exe tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.
File C:\Program Files\EA GAMES\Battlefield 2 Demo\Redist\ArcadeInstallBATTLEFIELD2_20.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Valve\Steam\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.
File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\Temp\CRF000\creaf_ms.cab tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.
File C:\WINDOWS\Temp\CRF000\Drivers\WDM\COMMON\killapps.exe tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.
File C:\WINDOWS\Temp\CTZAPXX\Drivers\WDM\Common\killapps.exe tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.

there it is, good luck

[captainbarred]

3rd page thread bump...

[MicroBell]

Few Items...

First, download and install CleanUp! but do not run it yet.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups


Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
  [X]Scan local drives for temporary files (Please uncheck this option)
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

That will take care of the files in your TEMP folder.

Second.... Disable DrWatson. This debugger tool is useless to the average user as it's used for programmers to get the code from whatever issue the OC is having. It's just not needed for the average user.

How to disable it....
http://www.windowsnetworking.com/kba.../DrWatson.html

Third...

Those 2 vulnerability's that TrendMicro found can be patched. It even listed the MS Update articals with links to the microsoft sites patchs. Visit windows update page and make sure XP and IE is patched.

MS04-027
MS04-028

I don't see any virus/adware in the logs..other then some old registy entrys that can be cleared with a registry cleaner.

[captainbarred]

OK,
I ran cleanup, I disabled Drwatson, I made sure I had all the updates...

still no luck, I am now getting this error:
http://photobucket.com/albums/b58/ca...rent=error.jpg

this happens when i hit the delete key or right-click on anything on my local drives.

I can view all files fine...

when the error comes up I hit ok, explorer.exe closes then reopens(I lose the startbar/icons and then they come back in a few seconds.

If I hit cancel the mouse pointer becomes the hour glass and nothing happens for several minutes then I get it back.

Any more ideas? Or do I have to blow it away??

[MicroBell]

Please check event viewer in your Admin control panel and see what programs are erroring and if they all list this same "Memory Location" error. The "error message" is a windows error which I think is unrelated to spyware.

Did your run sfc /scannow and check for missing/corrupt windows files?

Also run Memtest88 on your systems memory and see if it picks up any errors.

[captainbarred]

I ran the scannow, everything seemed fine, I have 2 - 512 sticks in my pc, im gunna trying pulling 1 then the other and run on one stick and see if that resolves anything, if it doesnt I will then run memtest, I just hate running that cause it takes so long!!

Ill update later, I will also run some of the prior scans and see if those security issues were cleared up...

[captainbarred]

I cant find a program called MemTest88, I ran a memtest a while back, I do not recall which one, can you someone hook me up with a link for one of the better ones???

[captainbarred]

ok, running memtest86.

yup, it looks live my memory is corupt.

what should i note once its complete and what should i post here?

or should I just get new ram and if that solves the problem call it a day?

[MicroBell]

You don't need to post anything. Your issue is hardware related and there's nothing we can do to fix this issue. You will need to replace the defective RAM in the system.

[captainbarred]

ok, well thanks to everyone involved, I really appreciate it, if its not the Ram I'll probly just blow the sucker away! hopefully it is...