Desktop flashing on and off (2009)

Hello All,

I am new to this board but decided to join based on the helpful information I’ve seen posted here! My problem does not appear to be a new one however, since it’s been almost a year since I’ve seen this problem diagnosed on the forum I thought that there my be a new solution available. My desktop (taskbar & icons) is flashing and will not stop for the last 2 days. I have run superantispyware and malwarebytes to no avail. Can someone please recommend a solution for this problem?

I am running windows xp sp2.

Thanks in advance

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. (you have already run this) Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Disable System Restore and then reenable it again.
  7. Immunize your system with SpywareBlaster.
  8. Check if you have insecure applications with Secunia Software Inspector.

Any other security program that could interfere? Firewall?

Thanks so much, Tech. Unfortunately, the scans have not yielded any promising results. There were viruses removed however, the explorer.exe restart issue persists. I would like to ask that someone would help me by taking a look at my Hijack this log file and advise if there is anything that appears to need fixing/removal. Your assistance is greatly appreciated!

Hijack This Log File:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:57, on 5/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\verclsid.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
O2 - BHO: (no name) - {15179F4E-737C-4262-BACF-BD0D5F84B02A} - C:\WINDOWS\system32\ssqOFUNf.dll (file missing)
O2 - BHO: (no name) - {6F33950C-0F84-45FF-B534-4230ECCC1436} - C:\WINDOWS\system32\xxyxXPFY.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7BB789EA-3FE5-488B-9825-1315BC0EED51} - C:\WINDOWS\system32\awtsRiig.dll (file missing)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM..\Run: [HPBootOp] “C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe” /run
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19..\Run: [vajofuzene] Rundll32.exe “C:\WINDOWS\system32\mezutilo.dll”,s (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [vajofuzene] Rundll32.exe “C:\WINDOWS\system32\mezutilo.dll”,s (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [msiexec.exe] msiconf.exe (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [msiexec.exe] msiconf.exe (User ‘Default user’)
O4 - HKUS.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User ‘Default user’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra ‘Tools’ menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://E:\setup\RiffLick.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176064491828
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: cmsinn.dll C:\WINDOWS\system32\hofalobu.dll kzwmvb.dll reprll.dll hpvmwt.dll obogip.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll (file missing)
O20 - Winlogon Notify: khfccba - khfccba.dll (file missing)
O23 - Service: AST Service (astcc) - Unknown owner - C:\WINDOWS\SYSTEM32\astsrv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Error Reporting Service ERSvcNVSvc (ERSvcNVSvc) - Unknown owner - C:\WINDOWS
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Server lanmanserverW32Time (lanmanserverW32Time) - Unknown owner - C:\WINDOWS
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Network DDE NetDDENetman (NetDDENetman) - Unknown owner - C:\WINDOWS
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine oseHidServ (oseHidServ) - Unknown owner - C:\WINDOWS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


End of file - 9245 bytes

Windows XP Has Service Pack 3 out already, you only have service pack 2, download it.

SuperAntiSpyware should get this one. Have you updated recently? Are you able to update?

http://www.superantispyware.com/malwarefiles/MEZUTILO.DLL.html

Thank you John2009 but, the SP3 update failed to complete. Thanks FreewheelinFrank but, I’ve removed “mezutillo.dll” however explorer.exe continues to restart. Can anyone offer some suggestions into how I may correct this issue?

Thanks in advance!

Try booting into Safe Mode and deleting these files.

O20 - AppInit_DLLs: cmsinn.dll C:\WINDOWS\system32\hofalobu.dll kzwmvb.dll reprll.dll hpvmwt.dll obogip.dll

Better still, boot from a Linux LiveCD and do it from there.

EDIT:

This one too:

O4 - HKUS.DEFAULT..\Run: [msiexec.exe] msiconf.exe (User ‘Default user’)

Run HijackThis! again. Close all other windows including this browser. Tick the following entries then click ‘Fix’. Reboot into Safe Mode and delete any of the files you can find. (Quite a few to search for!)
Reboot and post a fresh HijackThis! log.

O2 - BHO: (no name) - {15179F4E-737C-4262-BACF-BD0D5F84B02A} - C:\WINDOWS\system32\ssqOFUNf.dll (file missing)
O2 - BHO: (no name) - {6F33950C-0F84-45FF-B534-4230ECCC1436} - C:\WINDOWS\system32\xxyxXPFY.dll (file missing)
O2 - BHO: (no name) - {7BB789EA-3FE5-488B-9825-1315BC0EED51} - C:\WINDOWS\system32\awtsRiig.dll (file missing)
O4 - HKUS\S-1-5-19\..\Run: [vajofuzene] Rundll32.exe "C:\WINDOWS\system32\mezutilo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vajofuzene] Rundll32.exe "C:\WINDOWS\system32\mezutilo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
O20 - AppInit_DLLs: cmsinn.dll C:\WINDOWS\system32\hofalobu.dll kzwmvb.dll reprll.dll hpvmwt.dll obogip.dll
O20 - Winlogon Notify: jkhhh - C:\WINDOWS\system32\jkhhh.dll (file missing)
O20 - Winlogon Notify: khfccba - khfccba.dll (file missing)

What are your database versions for MBAM and SAS, becuase these programs should be picking up these infections?

If they are out of date, download the latest versions here. You may need to do this on another computer.

http://www.superantispyware.com/definitions.html

http://www.malwarebytes.org/mbam/database/mbam-rules.exe

You have some out-of-date and insecure software on your computer that is allowing these infections. (Java, Flash.)

Scan for insecure software using Secunia:

http://secunia.com/vulnerability_scanning/

remember to disable the system restore, to remove any infected file there

Thanks FreewheelinFrank. All my definitions are up to date however and I’ve done as you’ve recommended however the explorer.exe restart problem persists. At this point, the scans are not yielding any virus results? Thanks also calcu007! FreewheelinFrank, as per your instruction I am now posting again my HijackThis! log in the hopes that it will reveal something to your trained eyes. Thanks so much for all your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:16:50, on 6/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM..\Run: [HPBootOp] “C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe” /run
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User ‘Default user’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra ‘Tools’ menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://E:\setup\RiffLick.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243795339765
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176064491828
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5014/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AST Service (astcc) - Unknown owner - C:\WINDOWS\SYSTEM32\astsrv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Error Reporting Service ERSvcNVSvc (ERSvcNVSvc) - Unknown owner - C:\WINDOWS
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Server lanmanserverW32Time (lanmanserverW32Time) - Unknown owner - C:\WINDOWS
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Network DDE NetDDENetman (NetDDENetman) - Unknown owner - C:\WINDOWS
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine oseHidServ (oseHidServ) - Unknown owner - C:\WINDOWS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


End of file - 8448 bytes

Don’t forget the SP3 update, your computer is missing a lot of patches including the Conficker worm patch

Thanks, John2009! At this point, I have a serious belief that my PC is experiencing problems due to an incomplete Microsoft automatic update. I attempted to update to SP3 and it would not complete installation. Can anyone advise how best to prepare to do this to ensure complete installation? Seems like my last resort since all other avenues have proven to be inaffective.

Thanks in advance

I notice you have some Symantec components still installed.

For a clean install, uninstall avast! and reboot.

Run the Symantec removal tool and reboot.

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

Reinstall avast!

What exactly are the symptoms of the “explorer.exe restart problem”?

Will do Freewheelinfrank! Been trying to get Symantec off my PC for quite some time now. Thanks a lot! The explorer.exe problem consists of my desktop and taskbar disappearing and reappearing every 3 seconds or so. This is the major problem I am attempting to solve.

Thanks again for providing such thoughtful commentary regarding my problem. Any additional assistance you can provide will be greatly appreciated!

You’re welcome.

I think this might cure the flashing:

After you log on to your computer and your icons/taskbar disappear do Ctr + Alt + Del and then click File -> New Task and when prompted type in regedit.exe. A new window will open up and you will need to go to the folder that says HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows NT -> Current Version -> just click on winlogon once, do not expand it.

Then you will need to locate Shell on the right hand side. Right click on Shell and change its value to explorer.exe if it isn’t already. Mine was already explorer.exe but I retyped it and entered it and it works now.

As Robert said originally, the reason this happens is the computer is having a hard time finding explorer.exe so changing this value, even if it looks correct, can help because sometimes there are hidden characters in typing that you cannot see.

http://www.askageek.com/2007/11/28/desktop-icons-and-taskbar-disappear/


An analysis of your last HJT log :

A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft’s windowsupdate site to download the newest version of the service pack.

C:\Program Files\Viewpoint\Common\ViewpointService.exe
Possibly BAD. Check if you know this process and arrange a viruscheck where required. Related to viewpoint which is usually considered foistware, usually installed with AOL.

O23 - Service: AST Service (astcc) - Unknown owner - C:\WINDOWS\SYSTEM32\astsrv.exe (file missing)
astsrv.exe is a process from Nalpeiron Highend Service by Nalpeiron Ltd. and part of Nalpeiron Support File. If you are no longer using this service (file missing), this entry can be fixed. It should not hurt to leave it if you so desire.
http://www.backgroundtask.eu/Systeemtaken/Taakinfo.php?ID=15159
This executable is related to Software Copy Protection, Digital Rights Management, and Electronic Software Licensing.
http://www.nalpeiron.com/ and http://www.nalpeiron.com/products/

There were a few other questionable entries but they should be ok and no files were missing.

Overview of running tasks :

smss.exe
System task
Session Manager Subsystem

winlogon.exe
System task
Microsoft Windows Logon Process

services.exe
System task
Windows Service Controller

lsass.exe
System task
Local Security Authority Service

svchost.exe
System task
Microsoft Service Host Process

aswUpdSv.exe
Virusscan
Avast Anti-Virus Component

ashServ.exe
Virusscan
Avast

spoolsv.exe
System task
Microsoft Printer Spooler Service

IntuitUpdateService.exe
Unknown task
Unknown task
http://www.pcpitstop.com/libraries/process/i/IntuitUpdateService.exe.html

MDM.EXE
Backgroundtask
Machine Debug Manager

NBService.exe
Backgroundtask
Nero BackItUp

NBService.exe
Backgroundtask
Nero BackItUp

nvsvc32.exe
Application
NVIDIA Driver Helper Service

svchost.exe
System task
Microsoft Service Host Process

ViewpointService.exe
Backgroundtask
View Manager Service

ashMaiSv.exe
Virusscan
Avast Anti-Virus Component

ashWebSv.exe
Virusscan
avast! Web Scanner

ctfmon.exe
System task
Alternative User Input Services

SUPERAntiSpyware.exe
Anti Add/Spyware software
SUPERAntiSpyware

svchost.exe
System task
Microsoft Service Host Process

HijackThis.exe
Application
Merijn Hijackthis

taskmgr.exe
System task
The Windows Task Manager.

explorer.exe
System task
Microsoft Windows Explorer


Thanks so much everyone that provided such valuable information to me in my desperate hours! It appears that the source of my explorer.exe problem was due to out of date Microsoft XP updates. Running Secunia and installing the latest updates (still not SP3, yet!) seems to have solved my PC problem (touch wood). I would recommend running Secunia and updating to latest Windows updates (if not all up to date) in addition to your virus scans for anyone that encounters a similar issue.

Thanks again!
Raja


Yes, we advocate the above all the time here on the forum … keep everything up-to-date and use Secunia PSI.