Vista - Windows Stops Locating/Running Programs?

**InvisGhost** · 07-05-2008

Okay. This one has me stumped. Ive been having this problem for about 4 days now and it is pissing me off

. I will just be minding my own business when randomly windows will stop locating things. I will get "The file cannot be located" error and when I try to open taskmgr it cant even find that! Ill press ctrl+alt+del and I get the crappy error, Ummm the one Scurity questions failure or whatever. Cant Remember what it said. Anyways heres my HijackThis log:

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:08 PM, on 7/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Windows folder: C:\Windows
System folder: C:\Windows\SYSTEM32
Hosts file: C:\Windows\System32\drivers\etc\hosts

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe - I cant stop this from loading
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Fraps\fraps.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [C:\Windows\system32\kdzpc.exe] C:\WINDOWS\System32\kdzpc.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\System32\kdbfs.exe] C:\WINDOWS\System32\kdbfs.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitLord\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O21 - SSODL: qegbdmwf - {DD94966C-072E-477A-97EE-E86A9F92FF24} - C:\Windows\qegbdmwf.dll
O22 - SharedTaskScheduler: Ave's ExplorerButtons - {E8C2E445-DF20-4BD5-A0B8-325AB2BB059F} - C:\Users\InvisGhost\Desktop\32bit (default)\32bits\AveExplorerButtons.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe - This one wont leave!
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6871 bytes

**Dzomlija** · 07-05-2008

Quote: Originally Posted by InvisGhost

Okay. This one has me stumped. Ive been having this problem for about 4 days now and it is pissing me off

. I will just be minding my own business when randomly windows will stop locating things. I will get "The file cannot be located" error and when I try to open taskmgr it cant even find that! Ill press ctrl+alt+del and I get the crappy error, Ummm the one Scurity questions failure or whatever.

Run a thorough disk check. The symptoms you describe could be a filesystem failure. Also, if possible, download and install the disk utilities from your hard disk manufacturer, which may or may not highlight pending problems on the hardware itself.

**InvisGhost** · 07-05-2008

When my computer starts doing this randomly the only way to fix it is to turn off the computer and turn it back on, then it does a startup restore which only does a sytem restore to when the computer was last restarted XD. Its a loop! But ill run a disk check again and see what it catches.

**Dzomlija** · 07-05-2008

Quote: Originally Posted by InvisGhost

When my computer starts doing this randomly the only way to fix it is to turn off the computer and turn it back on, then it does a startup restore which only does a sytem restore to when the computer was last restarted XD. Its a loop! But ill run a disk check again and see what it catches.

I had another look at you HijackThis! log, and the following two entries have caught my attention:

C:\hp\kbd\kbd.exe
This would appear to be something to do with your keyboard, right? Unless your keyboard has unique non-standard functions, you really do not need to run this.

C:\Program Files\Cyberlink\Shared files\RichVideo.exe
Have you tried using MSCONFIG to terminate this one? If it's not in the standard startup section, perhaps in services? Personally, I don't use Cyberlink Power DVD anymore, as Windows Media Player can play DVDs just as well. And even if PowerDVD is a legit program, the fact that it will not allow you to disable some functions is cause for concern. Get rid of it...

**sidney1st** · 07-05-2008

Hi,
First of all you do not run apparentely any AntiVirus software on your machine.
It looks like you are infected by a new malware.
First thing to do, install an antivirus and scan you drive. (some good antivirus are free, have a look here: Free Software List for Vista
Second, it looks like you installed some "new buttons" in your explorer, deinstall them.
Come back after with a new log.

**Dwarf** · 07-05-2008

Hi InvisGhost,

There are a number of suspicious entries in your HJT log. These are as follows in the order that they appear.

O4 - HKLM\..\Run: [C:\Windows\system32\kdzpc.exe] C:\WINDOWS\System32\kdzpc.exe

O4 - HKLM\..\Run: [C:\WINDOWS\System32\kdbfs.exe] C:\WINDOWS\System32\kdbfs.exe

Google has no information on the above items. This is suspicious.

O21 - SSODL: qegbdmwf - {DD94966C-072E-477A-97EE-E86A9F92FF24} - C:\Windows\qegbdmwf.dll

A quick search of Google (CastleCops) links the above to malware, probably a trojan.

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

A quick search of Google reveals this file to be suspicious, possibly a variant of the 'Virtumonde' malware. It looks legitimate because it appears at first glance to be 'nvsvc.exe', a file included in the NVidia graphics drivers. Notice the extra 'v' in your filename. This is what gives the game away, and is a typical method of hiding files that malware writers use.

O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmd.exe
A quick search of Google (CastleCops) reveals this as suspicious.

You don't appear to be running any anti-virus which is not recommended, especially when using a torrent application such as 'BitComet'. Torrents are a common way that malware use to spread.
In view of the numerous suspicious entries in your HJT log, it might be worthwhile submitting it to one of the dedicated HJT forums for analysis. You will have to wait for their response. However, I would seriously consider a reinstallation of Vista with a FULL disk format at the appropriate point. Make sure that you obtain and use an anti-virus, and I strongly recommend that you avoid torrent applications.
Dwarf

**sidney1st** · 07-05-2008

Hi Dwarf, i think i can analyse here his log as i do on specialized forums

I am waiting a reply from Invisghost regarding the AV software as the fashion recently is to install an AV which is a big Virus itself like AV 2008 PRO....
Today even on some specialized sites they are not aware of some very new malwares and googling for some exe or dlls gives no response or very few.
But for sure, surfing today without protection is a kind of suicide and i won't help anymore without a prior virus scan with a real tool.

**InvisGhost** · 07-05-2008

I am running norton 360. I have just removed it from the log. And the new explorer buttons are http://mpj.tomaatnet.nl/vista/explorerbuttons.html . So thats not the case. The disk check reveiled nothing, other then the fact that I have to much crap on my computer. The only things I was able to write down before I fell asleep were that it found 5 unindexed files, and 91 reparse files. I do have special buttons on my keyboard so i do need kbd.

**johngalt** · 07-05-2008

When posting HiJackTHis logs ***DO NOT EDIT THEM***

**InvisGhost** · 07-05-2008

Quote: Originally Posted by sidney1st

Hi Dwarf, i think i can analyse here his log as i do on specialized forums

I am waiting a reply from Invisghost regarding the AV software as the fashion recently is to install an AV which is a big Virus itself like AV 2008 PRO....
Today even on some specialized sites they are not aware of some very new malwares and googling for some exe or dlls gives no response or very few.
But for sure, surfing today without protection is a kind of suicide and i won't help anymore without a prior virus scan with a real tool.

The AV software i have no idea what you mean by that. Do you mean the AVE buttons and thumbnail things? Those are all from Ave's Vista Apps And he is a really good programmer. It doesnt change anything just are addons. I have uninstalled them but I would like to know if I could add them back. The problem is still happening.

07-05-2008	#1 (permalink)
InvisGhost Vista Home Premium 32bit 27 posts	Windows Stops Locating/Running Programs? Okay. This one has me stumped. Ive been having this problem for about 4 days now and it is pissing me off . I will just be minding my own business when randomly windows will stop locating things. I will get "The file cannot be located" error and when I try to open taskmgr it cant even find that! Ill press ctrl+alt+del and I get the crappy error, Ummm the one Scurity questions failure or whatever. Cant Remember what it said. Anyways heres my HijackThis log: Quote: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:38:08 PM, on 7/4/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Windows folder: C:\Windows System folder: C:\Windows\SYSTEM32 Hosts file: C:\Windows\System32\drivers\etc\hosts Running processes: C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe - I cant stop this from loading C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\Fraps\fraps.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\hp\kbd\kbd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Notepad++\notepad++.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [C:\Windows\system32\kdzpc.exe] C:\WINDOWS\System32\kdzpc.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [C:\WINDOWS\System32\kdbfs.exe] C:\WINDOWS\System32\kdbfs.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitLord\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O13 - Gopher Prefix: O21 - SSODL: qegbdmwf - {DD94966C-072E-477A-97EE-E86A9F92FF24} - C:\Windows\qegbdmwf.dll O22 - SharedTaskScheduler: Ave's ExplorerButtons - {E8C2E445-DF20-4BD5-A0B8-325AB2BB059F} - C:\Users\InvisGhost\Desktop\32bit (default)\32bits\AveExplorerButtons.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe - This one wont leave!* O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6871 bytes
My System Specs

07-05-2008	#2 (permalink)
Dzomlija Windows Vista x64 Ultimate 2,217 posts	Re: Windows Stops Locating/Running Programs? Quote: Originally Posted by InvisGhost Okay. This one has me stumped. Ive been having this problem for about 4 days now and it is pissing me off . I will just be minding my own business when randomly windows will stop locating things. I will get "The file cannot be located" error and when I try to open taskmgr it cant even find that! Ill press ctrl+alt+del and I get the crappy error, Ummm the one Scurity questions failure or whatever. Run a thorough disk check. The symptoms you describe could be a filesystem failure. Also, if possible, download and install the disk utilities from your hard disk manufacturer, which may or may not highlight pending problems on the hardware itself.
My System Specs

07-05-2008	#3 (permalink)
InvisGhost Vista Home Premium 32bit 27 posts	Re: Windows Stops Locating/Running Programs? When my computer starts doing this randomly the only way to fix it is to turn off the computer and turn it back on, then it does a startup restore which only does a sytem restore to when the computer was last restarted XD. Its a loop! But ill run a disk check again and see what it catches.
My System Specs

07-05-2008	#4 (permalink)
Dzomlija Windows Vista x64 Ultimate 2,217 posts	Re: Windows Stops Locating/Running Programs? Quote: Originally Posted by InvisGhost When my computer starts doing this randomly the only way to fix it is to turn off the computer and turn it back on, then it does a startup restore which only does a sytem restore to when the computer was last restarted XD. Its a loop! But ill run a disk check again and see what it catches. I had another look at you HijackThis! log, and the following two entries have caught my attention: C:\hp\kbd\kbd.exe This would appear to be something to do with your keyboard, right? Unless your keyboard has unique non-standard functions, you really do not need to run this. C:\Program Files\Cyberlink\Shared files\RichVideo.exe Have you tried using MSCONFIG to terminate this one? If it's not in the standard startup section, perhaps in services? Personally, I don't use Cyberlink Power DVD anymore, as Windows Media Player can play DVDs just as well. And even if PowerDVD is a legit program, the fact that it will not allow you to disable some functions is cause for concern. Get rid of it...
My System Specs

07-05-2008	#5 (permalink)
sidney1st Ultimate SP1 x64 & x86 971 posts	Re: Windows Stops Locating/Running Programs? Hi, First of all you do not run apparentely any AntiVirus software on your machine. It looks like you are infected by a new malware. First thing to do, install an antivirus and scan you drive. (some good antivirus are free, have a look here: Free Software List for Vista Second, it looks like you installed some "new buttons" in your explorer, deinstall them. Come back after with a new log.
My System Specs

07-05-2008	#6 (permalink)
Dwarf Vista Home Premium 32-bit & Vista Ultimate 64-bit both Service Pack 2 W7 Pro RTM 7600 32 & 64 2,185 posts	Re: Windows Stops Locating/Running Programs? Hi InvisGhost, There are a number of suspicious entries in your HJT log. These are as follows in the order that they appear. O4 - HKLM\..\Run: [C:\Windows\system32\kdzpc.exe] C:\WINDOWS\System32\kdzpc.exe O4 - HKLM\..\Run: [C:\WINDOWS\System32\kdbfs.exe] C:\WINDOWS\System32\kdbfs.exe Google has no information on the above items. This is suspicious. O21 - SSODL: qegbdmwf - {DD94966C-072E-477A-97EE-E86A9F92FF24} - C:\Windows\qegbdmwf.dll A quick search of Google (CastleCops) links the above to malware, probably a trojan. O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe A quick search of Google reveals this file to be suspicious, possibly a variant of the 'Virtumonde' malware. It looks legitimate because it appears at first glance to be 'nvsvc.exe', a file included in the NVidia graphics drivers. Notice the extra 'v' in your filename. This is what gives the game away, and is a typical method of hiding files that malware writers use. O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmd.exe A quick search of Google (CastleCops) reveals this as suspicious. You don't appear to be running any anti-virus which is not recommended, especially when using a torrent application such as 'BitComet'. Torrents are a common way that malware use to spread. In view of the numerous suspicious entries in your HJT log, it might be worthwhile submitting it to one of the dedicated HJT forums for analysis. You will have to wait for their response. However, I would seriously consider a reinstallation of Vista with a FULL disk format at the appropriate point. Make sure that you obtain and use an anti-virus, and I strongly recommend that you avoid torrent applications. Dwarf
My System Specs

07-05-2008	#7 (permalink)
sidney1st Ultimate SP1 x64 & x86 971 posts	Re: Windows Stops Locating/Running Programs? Hi Dwarf, i think i can analyse here his log as i do on specialized forums I am waiting a reply from Invisghost regarding the AV software as the fashion recently is to install an AV which is a big Virus itself like AV 2008 PRO.... Today even on some specialized sites they are not aware of some very new malwares and googling for some exe or dlls gives no response or very few. But for sure, surfing today without protection is a kind of suicide and i won't help anymore without a prior virus scan with a real tool.
My System Specs

07-05-2008	#8 (permalink)
InvisGhost Vista Home Premium 32bit 27 posts	Re: Windows Stops Locating/Running Programs? I am running norton 360. I have just removed it from the log. And the new explorer buttons are http://mpj.tomaatnet.nl/vista/explorerbuttons.html . So thats not the case. The disk check reveiled nothing, other then the fact that I have to much crap on my computer. The only things I was able to write down before I fell asleep were that it found 5 unindexed files, and 91 reparse files. I do have special buttons on my keyboard so i do need kbd. Last edited by InvisGhost; 07-05-2008 at 04:10 PM.. Reason: Had to add more stuff
My System Specs

07-05-2008	#9 (permalink)
johngalt Vista Ultimate x64 MAK, OpenSolaris 5, Gentoo 2008.1.... 3,848 posts	Re: Windows Stops Locating/Running Programs? When posting HiJackTHis logs *DO NOT EDIT THEM*
My System Specs

07-05-2008	#10 (permalink)
InvisGhost Vista Home Premium 32bit 27 posts	Re: Windows Stops Locating/Running Programs? Quote: Originally Posted by sidney1st Hi Dwarf, i think i can analyse here his log as i do on specialized forums I am waiting a reply from Invisghost regarding the AV software as the fashion recently is to install an AV which is a big Virus itself like AV 2008 PRO.... Today even on some specialized sites they are not aware of some very new malwares and googling for some exe or dlls gives no response or very few. But for sure, surfing today without protection is a kind of suicide and i won't help anymore without a prior virus scan with a real tool. The AV software i have no idea what you mean by that. Do you mean the AVE buttons and thumbnail things? Those are all from Ave's Vista Apps And he is a really good programmer. It doesnt change anything just are addons. I have uninstalled them but I would like to know if I could add them back. The problem is still happening.
My System Specs

Similar Threads
Thread	Forum
Windows Live Mail stops running on it's own	Vista mail
running more then 3 programs on windows vista	Vista installation & setup
Windows Easy Transfer Stops Running or Hangs	Vista installation & setup
Stops locating networks, after being used continually or idled	Vista networking & sharing
Windows calendar stops running	Vista General