flopizzz
asked on
3 different errors: ntdll.dll (explorer.exe), drwtsn32.exe, STOP: 0x0000007F
Hi,
since yesterday, I get a lot of errors and I don't know why... Here's my config:
Intel 3.00Ghz
Windows XP Pro SP2
Radeon 9550 256mB
2x512mb 400mhz kingston RAM
Dvd-RW DL BenQ
And here are my problems:
1st problem: Appname: Explorer.EXE has an error when I try to open more than one explorer window at a time (or sometimes only when its the first..)AppVer: 6.0.2900.2180 modname: ntdll.dll Modver: 5.1.2600.2800 offset: 00018fea
2nd problem: This one usually happens after Explorer.exe problem...
drwtsn32.exe
Event type: BEX
P1:drwtsn32.exe P2: 5.1.2600.0 P3: 3b7d84a2 P4: dbghelp.dll
P5: 5.1.2600.2180 P6:412532dc P7: 0001295d P8: c0000409 P9: 00000000
3rd problem: When I use P2P programs such as Warez P2P and Kazaa Lite, after a little time onliune (like 5 minutes), my computer restarts automatically. I turned off the automatic restart function and get a blue error screen showing this:
If it is the first time you see this error... etc
Change graphics card blablabla etc
STOP: 0x0000007F (0x00000000, 0x00000000, 0x00000000, 0x00000000)
and I have to restart my computer.
I would really appreciate your help, I've been searching for a solution for like 10 hours!!
Thanks
since yesterday, I get a lot of errors and I don't know why... Here's my config:
Intel 3.00Ghz
Windows XP Pro SP2
Radeon 9550 256mB
2x512mb 400mhz kingston RAM
Dvd-RW DL BenQ
And here are my problems:
1st problem: Appname: Explorer.EXE has an error when I try to open more than one explorer window at a time (or sometimes only when its the first..)AppVer: 6.0.2900.2180 modname: ntdll.dll Modver: 5.1.2600.2800 offset: 00018fea
2nd problem: This one usually happens after Explorer.exe problem...
drwtsn32.exe
Event type: BEX
P1:drwtsn32.exe P2: 5.1.2600.0 P3: 3b7d84a2 P4: dbghelp.dll
P5: 5.1.2600.2180 P6:412532dc P7: 0001295d P8: c0000409 P9: 00000000
3rd problem: When I use P2P programs such as Warez P2P and Kazaa Lite, after a little time onliune (like 5 minutes), my computer restarts automatically. I turned off the automatic restart function and get a blue error screen showing this:
If it is the first time you see this error... etc
Change graphics card blablabla etc
STOP: 0x0000007F (0x00000000, 0x00000000, 0x00000000, 0x00000000)
and I have to restart my computer.
I would really appreciate your help, I've been searching for a solution for like 10 hours!!
Thanks
Do you install Zone Alarm at your windows?
ASKER
no, i'm using norton internet security and norton antivirus
If you do not install the most current version of Zone Alarm, attach Doctor Watson log and minidumps at any webspace.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
When Windows crashes with blue screen, it writes a system event 1001 and a minidump to the folder \windows\minidump. Check system event 1001 and it has the content of the blue screen
Event ID: 1001
Source: Save Dump
Description:
The computer has rebooted from a bugcheck.The bugcheck was : 0xc000000a (0xe1270188, 0x00000002, 0x00000000, 0x804032100).
Microsoft Windows..... A dump was saved in: .......
Control Panel -> Adminstrative Tools -> Event Viewer -> System -> Event 1001. Copy the content and paste it back here
Zip 5 to 6 minidumps and attach the zip files at any webspace. I will study the dump and find out the culprit.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
When Windows crashes with blue screen, it writes a system event 1001 and a minidump to the folder \windows\minidump. Check system event 1001 and it has the content of the blue screen
Event ID: 1001
Source: Save Dump
Description:
The computer has rebooted from a bugcheck.The bugcheck was : 0xc000000a (0xe1270188, 0x00000002, 0x00000000, 0x804032100).
Microsoft Windows..... A dump was saved in: .......
Control Panel -> Adminstrative Tools -> Event Viewer -> System -> Event 1001. Copy the content and paste it back here
Zip 5 to 6 minidumps and attach the zip files at any webspace. I will study the dump and find out the culprit.
ASKER
The computer has rebooted from a bugcheck.The bugcheck was : 0x0000007f (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
I cant find a webspace to attach the minidump file.
And yes there is only one minidump file because I reinstalled windows and it only happened once since I tried this.
I cant find a webspace to attach the minidump file.
And yes there is only one minidump file because I reinstalled windows and it only happened once since I tried this.
ASKER
and the drwatson log file is 44 MB so i dont think I'll find a place to put it :S
ASKER
i took out the important information of the drwatson log file (just took from yesterday 00:02 until now) so its now only 801Kb... but i still dont know a place to attach it in a webspace.
Look at www.geocities.com, you can create a free mail account (for yahoo messenger etc.), you also get 5MB webspace.
ASKER
It crashes at IPVNMon.sys. Refer the following url
http://oca.microsoft.com/en/Response.aspx?SID=896
UNEXPECTED_KERNEL_MODE_TRA P (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000000, EXCEPTION_DIVIDED_BY_ZERO
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
Unable to load image IPVNMon.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for IPVNMon.sys
*** ERROR: Module load completed but symbols could not be loaded for IPVNMon.sys
BUGCHECK_STR: 0x7f_0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO
LAST_CONTROL_TRANSFER: from 851ac9e0 to f763adc4
TRAP_FRAME: 80555f74 -- (.trap ffffffff80555f74)
ErrCode = 00000000
eax=0000000f ebx=00000000 ecx=00000000 edx=00000000 esi=851ac9e0 edi=00000000
eip=f763adc4 esp=80555fe8 ebp=80556010 iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
IPVNMon+0x13dc4:
f763adc4 ?? ???
Resetting default scope
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
80555fe4 851ac9e0 00000000 f7639913 7639aa00 IPVNMon+0x13dc4
80556010 f762d350 36721b33 00002c99 00fa0927 0x851ac9e0
80556080 f76284cd 84fe6ae0 8607fa88 851aa650 IPVNMon+0x6350
805561e8 a2eeb5f8 a2f28698 00000000 85b23bd0 IPVNMon+0x14cd
80556234 a2eef247 02021c00 a2ee73dd 00000000 tcpip!SendACK+0x2d8
80556254 a2eef560 00000002 00000002 00000000 tcpip!ProcessPerCpuTCBDela yQ+0xc6
805562d0 a2ee73ec a2f2fae0 00000000 805563fc tcpip!TCBTimeout+0xba7
805562e0 804e2b4e a2f2faf0 a2f2fae0 02b78aea tcpip!TCBTimeoutdpc+0xf
805563fc 804e207d 80560f00 ffdff9c0 ffdff000 nt!KiTimerListExpire+0x14b
80556428 804dcd22 80561300 00000000 00100095 nt!KiTimerExpiration+0xb1
80556440 80560ca0 ffdffc50 00000000 80560ca0 nt!KiRetireDpcList+0x61
80556450 804dcc07 00000000 0000000e 00000000 nt!KiIdleThread0
FOLLOWUP_IP:
IPVNMon+13dc4
f763adc4 ?? ???
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: IPVNMon+13dc4
MODULE_NAME: IPVNMon
IMAGE_NAME: IPVNMon.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 3cc182ab
STACK_COMMAND: .trap ffffffff80555f74 ; kb
FAILURE_BUCKET_ID: 0x7f_0_IPVNMon+13dc4
BUCKET_ID: 0x7f_0_IPVNMon+13dc4
http://oca.microsoft.com/en/Response.aspx?SID=896
UNEXPECTED_KERNEL_MODE_TRA
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000000, EXCEPTION_DIVIDED_BY_ZERO
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
Unable to load image IPVNMon.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for IPVNMon.sys
*** ERROR: Module load completed but symbols could not be loaded for IPVNMon.sys
BUGCHECK_STR: 0x7f_0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO
LAST_CONTROL_TRANSFER: from 851ac9e0 to f763adc4
TRAP_FRAME: 80555f74 -- (.trap ffffffff80555f74)
ErrCode = 00000000
eax=0000000f ebx=00000000 ecx=00000000 edx=00000000 esi=851ac9e0 edi=00000000
eip=f763adc4 esp=80555fe8 ebp=80556010 iopl=0 nv up ei pl zr na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
IPVNMon+0x13dc4:
f763adc4 ?? ???
Resetting default scope
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
80555fe4 851ac9e0 00000000 f7639913 7639aa00 IPVNMon+0x13dc4
80556010 f762d350 36721b33 00002c99 00fa0927 0x851ac9e0
80556080 f76284cd 84fe6ae0 8607fa88 851aa650 IPVNMon+0x6350
805561e8 a2eeb5f8 a2f28698 00000000 85b23bd0 IPVNMon+0x14cd
80556234 a2eef247 02021c00 a2ee73dd 00000000 tcpip!SendACK+0x2d8
80556254 a2eef560 00000002 00000002 00000000 tcpip!ProcessPerCpuTCBDela
805562d0 a2ee73ec a2f2fae0 00000000 805563fc tcpip!TCBTimeout+0xba7
805562e0 804e2b4e a2f2faf0 a2f2fae0 02b78aea tcpip!TCBTimeoutdpc+0xf
805563fc 804e207d 80560f00 ffdff9c0 ffdff000 nt!KiTimerListExpire+0x14b
80556428 804dcd22 80561300 00000000 00100095 nt!KiTimerExpiration+0xb1
80556440 80560ca0 ffdffc50 00000000 80560ca0 nt!KiRetireDpcList+0x61
80556450 804dcc07 00000000 0000000e 00000000 nt!KiIdleThread0
FOLLOWUP_IP:
IPVNMon+13dc4
f763adc4 ?? ???
SYMBOL_STACK_INDEX: 0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: IPVNMon+13dc4
MODULE_NAME: IPVNMon
IMAGE_NAME: IPVNMon.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
STACK_COMMAND: .trap ffffffff80555f74 ; kb
FAILURE_BUCKET_ID: 0x7f_0_IPVNMon+13dc4
BUCKET_ID: 0x7f_0_IPVNMon+13dc4
ASKER
thank you so much! i hope this will solve my problem! I feel so lame... these codes are like chinese to me !!! anyways, do you think you know something about what's causing the 2 other bugs (explorer.exe and drwatson) or do they all come from the same source?
Thanks
Thanks
From your DrWatson log, I find several access violation and the culprit is iMesh.exe
http://www.kayodeok.btinternet.co.uk/favorites/kbwinxpthirdparty.htm
*** WARNING: Unable to verify checksum for C:\Program Files\iMesh\iMesh5\iMesh.e xe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\iMesh\iMesh5\iMesh.e xe -
fonction : iMesh
30007861 30c7 xor bh,al
30007863 40 inc eax
30007864 0494 add al,0x94
30007866 2f das
30007867 26308bf0eb0233 xor es:[ebx+0x3302ebf0],cl
3000786e f63b idiv byte ptr [ebx]
30007870 f37425 rep jz iMesh+0x7898 (30007898)
30007873 895e10 mov [esi+0x10],ebx
30007876 895e0c mov [esi+0xc],ebx
30007879 e8f79dffff call iMesh+0x1675 (30001675)
FAUTE ->3000787e 8b10 mov edx,[eax] ds:0023:00000000=????????
30007880 8bc8 mov ecx,eax
30007882 ff5204 call dword ptr [edx+0x4]
30007885 8b10 mov edx,[eax]
30007887 56 push esi
30007888 6a02 push 0x2
3000788a 6a07 push 0x7
3000788c 8bc8 mov ecx,eax
3000788e ff520c call dword ptr [edx+0xc]
30007891 8b06 mov eax,[esi]
30007893 8bce mov ecx,esi
ChildEBP RetAddr Args to Child
0012fa48 73d21eb6 00367870 00367870 001536b0 iMesh+0x787e
0012fac0 73d21b9b 00000002 00000000 302628c0 MFC42!Ordinal5163+0x2f4
0012fae0 73d21b05 00000002 00000000 00000000 MFC42!Ordinal6374+0x24
0012fb40 73d21a58 00367870 00000000 00000002 MFC42!Ordinal1109+0x91
0012fb60 73db847d 00060c72 00000002 00000000 MFC42!Ordinal1578+0x36
0012fb8c 77d18709 00060c72 00000002 00000000 MFC42!Ordinal1579+0x39
0012fbb8 77d187eb 73db8444 00060c72 00000002 USER32!GetDC+0x72
0012fc20 77d1b368 00000000 73db8444 00060c72 USER32!GetDC+0x154
0012fc74 77d1b3b4 0068c758 00000002 00000000 USER32!DefWindowProcW+0x18 3
0012fc9c 7c91eae3 0012fcac 00000018 0068c758 USER32!DefWindowProcW+0x1c f
0012fd1c 73d2f33e 00153638 00367870 31000000 ntdll!KiUserCallbackDispat cher+0x13
0012fd90 30004ca3 302df828 302df828 ffffffff MFC42!Ordinal2168+0x27
0012ff00 73d2cf74 00320035 0015233a 00000000 iMesh+0x4ca3
0012ffc0 7c816d4f 00320035 00320032 7ffd7000 MFC42!Ordinal1576+0x49
0012fff0 00000000 30187b3c 00000000 78746341 kernel32!RegisterWaitForIn putIdle+0x 49
http://www.kayodeok.btinternet.co.uk/favorites/kbwinxpthirdparty.htm
*** WARNING: Unable to verify checksum for C:\Program Files\iMesh\iMesh5\iMesh.e
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\iMesh\iMesh5\iMesh.e
fonction : iMesh
30007861 30c7 xor bh,al
30007863 40 inc eax
30007864 0494 add al,0x94
30007866 2f das
30007867 26308bf0eb0233 xor es:[ebx+0x3302ebf0],cl
3000786e f63b idiv byte ptr [ebx]
30007870 f37425 rep jz iMesh+0x7898 (30007898)
30007873 895e10 mov [esi+0x10],ebx
30007876 895e0c mov [esi+0xc],ebx
30007879 e8f79dffff call iMesh+0x1675 (30001675)
FAUTE ->3000787e 8b10 mov edx,[eax] ds:0023:00000000=????????
30007880 8bc8 mov ecx,eax
30007882 ff5204 call dword ptr [edx+0x4]
30007885 8b10 mov edx,[eax]
30007887 56 push esi
30007888 6a02 push 0x2
3000788a 6a07 push 0x7
3000788c 8bc8 mov ecx,eax
3000788e ff520c call dword ptr [edx+0xc]
30007891 8b06 mov eax,[esi]
30007893 8bce mov ecx,esi
ChildEBP RetAddr Args to Child
0012fa48 73d21eb6 00367870 00367870 001536b0 iMesh+0x787e
0012fac0 73d21b9b 00000002 00000000 302628c0 MFC42!Ordinal5163+0x2f4
0012fae0 73d21b05 00000002 00000000 00000000 MFC42!Ordinal6374+0x24
0012fb40 73d21a58 00367870 00000000 00000002 MFC42!Ordinal1109+0x91
0012fb60 73db847d 00060c72 00000002 00000000 MFC42!Ordinal1578+0x36
0012fb8c 77d18709 00060c72 00000002 00000000 MFC42!Ordinal1579+0x39
0012fbb8 77d187eb 73db8444 00060c72 00000002 USER32!GetDC+0x72
0012fc20 77d1b368 00000000 73db8444 00060c72 USER32!GetDC+0x154
0012fc74 77d1b3b4 0068c758 00000002 00000000 USER32!DefWindowProcW+0x18
0012fc9c 7c91eae3 0012fcac 00000018 0068c758 USER32!DefWindowProcW+0x1c
0012fd1c 73d2f33e 00153638 00367870 31000000 ntdll!KiUserCallbackDispat
0012fd90 30004ca3 302df828 302df828 ffffffff MFC42!Ordinal2168+0x27
0012ff00 73d2cf74 00320035 0015233a 00000000 iMesh+0x4ca3
0012ffc0 7c816d4f 00320035 00320032 7ffd7000 MFC42!Ordinal1576+0x49
0012fff0 00000000 30187b3c 00000000 78746341 kernel32!RegisterWaitForIn
One of your minidump is inaccessible and it is the symptom of hardware error. Can you attach more minidump here? I want to confirm whether it is really hardware error at your PC.
ASKER
Mmmmh... I would like to but as I said before, I tried to repair these errors by backing up all system files of windows from the cd (well... autorun, then press repair :S) and all other miidump files were deleted. For this problem if the cause is iMesh, well no problem I'll uninstall it, I don't care. For the hardware, I'm a bit skeptic cuz I just bought this computer last september so it's not old! For the moment I would just like to fix the bug in Explorer cuz it's really annoying when I can't get in my folders. Is there an error log report on anything I could send you that could help in solving this problem?
DrWatson log and hijackthis log are the most useful debugging information of your explorer problem
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
ASKER
Ok so i tried to upload both of the files, but it was impossible for the log :S cuz it is 48MB big
You can use this one I sent before, but it is not complete.
http://test497.741.com/moki/drwatsonedited.txt
And the other file:
http://test497.741.com/user.dmp
and as I read other threads and tried to find out by myself, I found out that this is something that could maybe be useful to you:
Logfile of HijackThis v1.99.1
Scan saved at 19:25:23, on 2005-08-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\System32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\brsvc0 1a.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\brss01 a.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\driver s\KodakCCS .exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RioMSC .exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\srxTit an.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.ex e
C:\WINDOWS\system32\RunDll 32.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\MUSICM~1\MUSIC M~1\MMDiag .exe
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP. exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Musicmatch\Musicmatc h Jukebox\mim.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rea lsched.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Musicmatch\Musicmatc h Jukebox\mmjb.exe
C:\Program Files\Musicmatch\Musicmatc h Jukebox\mm_director.exe
C:\PROGRA~1\MUSICM~1\MUSIC M~1\MM_TDM ~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll 32.exe
C:\WINDOWS\PCHealth\HelpCt r\Binaries \MSConfig. exe
C:\Documents and Settings\Mathieu Charbonneau\Bureau\HijackT his.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll /INTEGRATI ON_BAND_SE ARCHBAR_HT ML
R0 - HKCU\Software\Microsoft\In ternet Explorer\Toolbar,LinksFold erName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0 A63660E0FE 3} - C:\PROGRA~1\COPERN~1\COPER N~1.DLL
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D- 331FD39AC9 59} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-2 99F523A95F 1} - C:\WINDOWS\pxwma.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D 426709BBFE B} - C:\PROGRA~1\SPYWAR~2\tools \iesdsg.dl l
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-2 98DDF1699E 1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt .dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-1 7DF180C71A C} - C:\PROGRA~1\SPYWAR~2\tools \iesdpb.dl l
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EC24370B-A8FD-DAA5-0B44-1 147F24FFDB 3} - C:\DOCUME~1\MATHIE~1\APPLI C~1\CashFa st\Openpro xy.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A 37C9A5676A 7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt .dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-3 42DD80FA53 E} - C:\PROGRA~1\COPERN~1\COPER N~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSIC M~1\mimboo t.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCh eck.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe " /tray
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo n.exe /Consumer
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP. exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IM JPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IME KRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PI NTLGNT\ImS cInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TI NTLGNT\TIN TSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TI NTLGNT\TIN TSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\rea lsched.exe " -osboot
O4 - HKLM\..\RunOnce: [iMeshBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe " -n=200
O4 - HKCU\..\Run: [surffork] C:\DOCUME~1\MATHIE~1\APPLI C~1\DEBUGM ~1\Idle Itch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \Office10\ EXCEL.EXE/ 3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll /INTEGRATI ON_MENU_SE ARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_02\bin \npjpi150_ 02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_02\bin \npjpi150_ 02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8 D3605EFC08 4} - C:\PROGRA~1\COPERN~1\COPER N~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8 D3605EFC08 4} - C:\PROGRA~1\COPERN~1\COPER N~1.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4 C56B4E14E8 4} - C:\PROGRA~1\SPYWAR~2\tools \iesdpb.dl l
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-4 45F4F58CE6 E} - C:\PROGRA~1\COPERN~1\COPER N~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A 7ADCBF9BD0 2} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-4 94B6333150 B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D 5BFB4F7D88 6} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2 D05CB95953 7} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0 050DA18DE7 1} (RdxIE Class) - http://software-dl.real.com/03653d77204b16498103/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122830962234
O16 - DPF: {8E0D4DE5-3180-4024-A327-4 DFAD1796A8 D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5 95F0A5519F F} (MsnMessengerSetupDownload Control Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: FolderGuard - C:\Program Files\Folder Guard Pro XP\FGuard32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2ev xx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sg ag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc0 1a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\driver s\KodakCCS .exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC .exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMAN T~1\SCRIPT ~1\SBServ. exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Titan FTP Server Daemon (SRTSERVERDAEMON) - Unknown owner - C:\WINDOWS\system32\srxTit an.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.ex e
thanks again
You can use this one I sent before, but it is not complete.
http://test497.741.com/moki/drwatsonedited.txt
And the other file:
http://test497.741.com/user.dmp
and as I read other threads and tried to find out by myself, I found out that this is something that could maybe be useful to you:
Logfile of HijackThis v1.99.1
Scan saved at 19:25:23, on 2005-08-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\System32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\brsvc0
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\brss01
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\driver
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\RioMSC
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\srxTit
C:\WINDOWS\system32\svchos
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\system32\RunDll
C:\WINDOWS\system32\Ati2ev
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\MUSICM~1\MUSIC
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Musicmatch\Musicmatc
C:\Program Files\Fichiers communs\Real\Update_OB\rea
C:\WINDOWS\system32\ctfmon
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Musicmatch\Musicmatc
C:\Program Files\Musicmatch\Musicmatc
C:\PROGRA~1\MUSICM~1\MUSIC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll
C:\WINDOWS\PCHealth\HelpCt
C:\Documents and Settings\Mathieu Charbonneau\Bureau\HijackT
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-2
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-2
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-1
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {EC24370B-A8FD-DAA5-0B44-1
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-3
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSIC
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IM
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IME
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PI
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TI
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TI
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\rea
O4 - HKLM\..\RunOnce: [iMeshBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe
O4 - HKCU\..\Run: [surffork] C:\DOCUME~1\MATHIE~1\APPLI
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-4
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {04E214E5-63AF-4236-83C6-A
O16 - DPF: {2917297F-F02B-4B9D-81DF-4
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {8E0D4DE5-3180-4024-A327-4
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-5
O20 - Winlogon Notify: FolderGuard - C:\Program Files\Folder Guard Pro XP\FGuard32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sg
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc0
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\driver
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMAN
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Titan FTP Server Daemon (SRTSERVERDAEMON) - Unknown owner - C:\WINDOWS\system32\srxTit
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.ex
thanks again
ASKER
oh and I just uninstalled iMesh and still get explorer.exe bugs from ntdll.dll
The analyze report of your hijackthis report url
http://www.hijackthis.de/logfiles/4c417bd90e8cb6ba1e57c99ae935a234.html
You have to get rid of the following unknown process
c:\WINDOWS\system32\RioMSC .exe
C:\WINDOWS\system32\srxTit an.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Musicmatch\Musicmatc h Jukebox\mim.exe
C:\PROGRA~1\MUSICM~1\MUSIC M~1\MM_TDM ~1.EXE
C:\WINDOWS\pxwma.dll
C:\DOCUME~1\MATHIE~1\APPLI C~1\CashFa st\Openpro xy.exe
C:\PROGRA~1\MUSICM~1\MUSIC M~1\mimboo t.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe " -n=200
C:\DOCUME~1\MATHIE~1\APPLI C~1\DEBUGM ~1\Idle Itch.exe
C:\PROGRA~1\COPERN~1\COPER N~1.EXE
BTW do you delete IPVNMon?
C:\Program Files\Folder Guard Pro XP\FGuard32.dll
C:\WINDOWS\system32\srxTit an.exe
http://www.hijackthis.de/logfiles/4c417bd90e8cb6ba1e57c99ae935a234.html
You have to get rid of the following unknown process
c:\WINDOWS\system32\RioMSC
C:\WINDOWS\system32\srxTit
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\Musicmatch\Musicmatc
C:\PROGRA~1\MUSICM~1\MUSIC
C:\WINDOWS\pxwma.dll
C:\DOCUME~1\MATHIE~1\APPLI
C:\PROGRA~1\MUSICM~1\MUSIC
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe
C:\DOCUME~1\MATHIE~1\APPLI
C:\PROGRA~1\COPERN~1\COPER
BTW do you delete IPVNMon?
C:\Program Files\Folder Guard Pro XP\FGuard32.dll
C:\WINDOWS\system32\srxTit
ASKER
Ok so I deleted all those and I still get the error. For IPVNMON, I really don't know what you are talking about so I'd say I didn't delete it. It seems to me that nothing will solve my problem and that I'll have to format my HD... :(. I'll explain once more what errors I get and in what circumstances and if you can do nothing, well you already helped me a lot so you'll have the points and I'll format.
Here's the problem:
EXACTLY 1 time on 2, when I open a folder, I get the Explorer.exe bug. Even if there's no other explorer window open, I get it. It gets really annoying cuz I can't move files from a folder to another, nor can I use my computer like I used to.
Appname: Explorer.exe
AppVer: 6.0.2900.2180
modname: ntdll.dll
Modver: 5.1.2600.2800
offset: 00018fea
After about 5 time I get the Explorer problem (this one varies... sometimes 6, 10, 3, 7, etc) I get the Dr Watson error. This bug makes all clicking impossible and I can't use my keyboard anymore (so there's nothing I can do). I have to turn off my computer, then open it back.
drwtsn32.exe
Event type: BEX
P1:drwtsn32.exe P2: 5.1.2600.0 P3: 3b7d84a2 P4: dbghelp.dll
P5: 5.1.2600.2180 P6:412532dc P7: 0001295d P8: c0000409 P9: 00000000
I would really appreciate if anyone could help because I really don't want to format my HD.
Thank you.
Here's the problem:
EXACTLY 1 time on 2, when I open a folder, I get the Explorer.exe bug. Even if there's no other explorer window open, I get it. It gets really annoying cuz I can't move files from a folder to another, nor can I use my computer like I used to.
Appname: Explorer.exe
AppVer: 6.0.2900.2180
modname: ntdll.dll
Modver: 5.1.2600.2800
offset: 00018fea
After about 5 time I get the Explorer problem (this one varies... sometimes 6, 10, 3, 7, etc) I get the Dr Watson error. This bug makes all clicking impossible and I can't use my keyboard anymore (so there's nothing I can do). I have to turn off my computer, then open it back.
drwtsn32.exe
Event type: BEX
P1:drwtsn32.exe P2: 5.1.2600.0 P3: 3b7d84a2 P4: dbghelp.dll
P5: 5.1.2600.2180 P6:412532dc P7: 0001295d P8: c0000409 P9: 00000000
I would really appreciate if anyone could help because I really don't want to format my HD.
Thank you.
Run a new hijackthis and post the URL to the analyzed log here.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok I did so, took off one of my 2 memory sticks, it worked well. Then I closed the CPU, put the other one instead and restarted my cpu. Nothin but the fan that started and then stopped really quickly. So I put back the other one (only the one that worked well) and restarted the computer to see if I still got the errors. I thought it would be ok because I took out the one that didn't work. What surprise then when I see again this explorer bug, followed by drwatson when I opened the second explorer window. That makes me angry! I bought this computer 11 months ago and have a warantee of 1 year so i'll send it back and let them see if there's something they can do about it (and they'll probably replace the memory stick.... well I hope).