DaniWeb IT Discussion Community
1 2
Show 40 post(s) from this thread on one page

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   explorer.exe problem - Keeps restarting (http://www.daniweb.com/forums/thread76982.html)

raven3961 Apr 30th, 2007 7:06 pm
explorer.exe problem - Keeps restarting
 
Ok, I dunno how it started, but it just did as most things do.

When i boot up the pc, explorer.exe is there, but after a few seconds, it dissapears, then comes back, then goes. It does this continually. I had to end the explorer.exe process for it to stop. As far as I know, everything else works. IE, firefox, X-fire, MSN, the lot. I've ran 2 anti virus programs (Avast, and AVG) 1 online virus scanner (TrendMicro), Adaware, spyware S&D, and every other little one I could find, but still to no avail. I wanted to try and use System Restore, but that decided that it doesnt want to work. That, I can fix, but that would mean getting rid of all previous restore points. I just need to fix the explorer.exe problem.

Heres a HJT log; Thanks for any help in advance!

Logfile of HijackThis v1.99.1
Scan saved at 23:00:56, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Applications\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\Applications\Mozilla Firefox\firefox.exe
G:\Program Files\Applications\LimeWire\LimeWire.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\hijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 69.80.225.31 nprotect.ryl.com.my
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {69DC2C3D-BE96-4FEF-9878-E037F4090FB3} - C:\WINDOWS\system32\tjffrcyb.dll
O2 - BHO: (no name) - {721E3FFB-25B3-4CF7-A5DF-53D14BAE4183} - C:\WINDOWS\system32\vtsqr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {B572F27E-E372-4C72-B3FB-11F376E21785} - C:\WINDOWS\system32\cbxwvtu.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\owpkhdgg.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\xsapvtde.dll",realset
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\-Raven-\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxwvtu - C:\WINDOWS\SYSTEM32\cbxwvtu.dll
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winclk32 - winclk32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Applications\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

raven3961 Apr 30th, 2007 7:37 pm
Re: explorer.exe problem - Keeps restarting
 
I was looking round other forums, and found that some post suggested running VundoFix for other problems, I thought I'd give it a shot, and guess what, it worked. The Explorer problem is now gone.

But if you do look over my HJT log, and find something wrong, please let me know about it!

Here's an updated HJT log;

Logfile of HijackThis v1.99.1
Scan saved at 23:32:46, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Applications\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Xfire\Xfire.exe
G:\Program Files\Applications\Mozilla Firefox\firefox.exe
C:\Program Files\hijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 69.80.225.31 nprotect.ryl.com.my
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {69DC2C3D-BE96-4FEF-9878-E037F4090FB3} - C:\WINDOWS\system32\tjffrcyb.dll
O2 - BHO: (no name) - {721E3FFB-25B3-4CF7-A5DF-53D14BAE4183} - C:\WINDOWS\system32\vtsqr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {B572F27E-E372-4C72-B3FB-11F376E21785} - C:\WINDOWS\system32\cbxwvtu.dll (file missing)
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\xsapvtde.dll",realset
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\-Raven-\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winclk32 - winclk32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Applications\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

gerbil May 1st, 2007 12:34 am
Re: explorer.exe problem - Keeps restarting
 
I'm not sure we should encourage self-help..tsk... we'll be outta business. Nice work... :). Now get this combofix n run it also...
http://download.bleepingcomputer.com...a/ComboFix.exe
-- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

raven3961 May 2nd, 2007 7:40 am
Re: explorer.exe problem - Keeps restarting
 
Ok, here it is, sorry it took a while, I read the post, got the program, then completely forgot about it :P

"raven3961" - 07-05-02 11:19:44 Service Pack 2
ComboFix 07-04-28.V - Running from: "Area 51? =P"

/wow section not completed

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\osbvsbti.dll
C:\WINDOWS\system32\tjffrcyb.dll
C:\WINDOWS\system32\tqkmfytk.dll
C:\WINDOWS\system32\xoxefjxh.dll
C:\WINDOWS\system32\ylrtaaee.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\14_43260.dll
C:\WINDOWS\system32\28_83260.dll
C:\Program Files\msmovies\p.zip
C:\Program Files\winupdates\a.zip
C:\WINDOWS\system32\nvs2.inf
C:\Program Files\msmovies
C:\Program Files\winupdates
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\nvzrbgi_navps.dat
C:\WINDOWS\system32\nvzrbgi.exe
C:\WINDOWS\system32\nvzrbgi.dat


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm
-------\sfsync02


((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 ))))))))))))))))))))))))))))))))))


2007-05-02 11:24 0 --a------ C:\WINDOWS\SYSTEM32\sfsync02.dll
2007-04-30 23:16 <DIR> d-------- C:\VundoFix Backups
2007-04-30 22:56 284,244 ---hs---- C:\WINDOWS\SYSTEM32\vtsqo.dll
2007-04-30 22:45 <DIR> d-------- C:\Program Files\CCleaner
2007-04-26 21:54 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-04-26 16:39 939,829 ---hs---- C:\WINDOWS\SYSTEM32\qqstv.ini2
2007-04-25 05:32 <DIR> d-------- C:\Program Files\MDM
2007-04-25 05:25 581,632 --a------ C:\kjhgc.exe
2007-04-25 05:08 <DIR> d-------- C:\Install
2007-04-25 05:05 256 ---hs---- C:\SYSJR22.SYS
2007-04-25 05:03 <DIR> d-------- C:\New Folder (2)
2007-04-25 04:58 29,184 --a------ C:\WINDOWS\SYSTEM32\jesterrun.dll
2007-04-25 04:55 <DIR> d-------- C:\Program Files\FlashJester
2007-04-25 04:40 1,236,540 --a------ C:\Interface.exe
2007-04-25 04:37 <DIR> d-------- C:\Program Files\Screenweaver 3 OS
2007-04-25 04:33 86,016 --a------ C:\ncstart.exe
2007-04-25 04:33 1,731,960 --a------ C:\ChatRoom.exe
2007-04-25 04:25 <DIR> d-------- C:\Program Files\Goldshell
2007-04-25 04:19 21,504 --a------ C:\WINDOWS\jestertb.dll
2007-04-25 03:41 <DIR> d-------- C:\DOCUME~1\-Raven-\APPLIC~1\Axialis
2007-04-23 02:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-04-22 19:10 57,344 --a------ C:\WINDOWS\SYSTEM32\WNASPINT.DLL
2007-04-22 12:18 262,144 --a------ C:\WINDOWS\SYSTEM32\default_user_class.dat
2007-04-22 00:28 <DIR> d-------- C:\Program Files\Dance eJay 2.0 Demo
2007-04-22 00:27 <DIR> d-------- C:\DOCUME~1\-Raven-\APPLIC~1\GetRightToGo
2007-04-21 22:10 <DIR> d-------- C:\DOCUME~1\-Raven-\APPLIC~1\Ahead
2007-04-21 22:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero
2007-04-21 22:00 <DIR> d-------- C:\New Folder
2007-04-20 18:08 <DIR> d-------- C:\Program Files\The Creative Assembly
2007-04-20 10:51 248,988 --a------ C:\WINDOWS\SYSTEM32\nvzrbgi_nav.dat
2007-04-13 08:13 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-10 19:22 796,672 --a------ C:\WINDOWS\GPInstall.exe
2007-04-10 15:10 111,227 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dump_wmimmc.sys
2007-04-07 10:55 <DIR> d-------- C:\Program Files\HHVcdV7Sys
2007-04-06 03:00 <DIR> d-------- C:\WINDOWS\PixArt
2007-04-06 03:00 <DIR> d-------- C:\Program Files\PC Camera
2007-04-06 03:00 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2007-04-04 23:48 53,248 --a------ C:\WINDOWS\SYSTEM32\PAStiSvc.exe
2007-04-03 05:19 <DIR> d-------- C:\Program Files\MsoSetup
2007-04-02 11:21 <DIR> d-------- C:\DOCUME~1\-Raven-\APPLIC~1\Caphyon
2007-04-02 11:20 <DIR> d-------- C:\Program Files\Caphyon


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-02 11:19 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\azureus
2007-05-02 11:15 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\xfire
2007-04-30 23:57 -------- d---s---- C:\Program Files\xfire
2007-04-30 22:22 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\limewire
2007-04-27 23:17 -------- d-------- C:\Program Files\gamespy arcade
2007-04-25 05:13 -------- d--h----- C:\Program Files\installshield installation information
2007-04-22 00:28 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\getrighttogo
2007-04-21 22:01 -------- d-------- C:\Program Files\sony setup
2007-04-21 20:57 -------- d-------- C:\Program Files\tuneup utilities 2006
2007-04-21 20:50 -------- d-------- C:\Program Files\ahead
2007-04-20 18:35 286720 --a------ C:\WINDOWS\iun506.exe
2007-04-18 17:16 733824 --a------ C:\WINDOWS\SYSTEM32\aswboot.exe
2007-04-18 17:12 94552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2007-04-18 17:12 85952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2007-04-18 17:10 23416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2007-04-18 17:09 43176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2007-04-18 17:07 26888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2007-04-18 17:06 90112 --a------ C:\WINDOWS\SYSTEM32\avastss.scr
2007-04-13 11:04 5071 --a------ C:\WINDOWS\mozver.dat
2007-04-12 21:41 4212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2007-04-11 16:52 -------- d-------- C:\Program Files\yahoo!
2007-04-10 10:40 -------- d-------- C:\Program Files\steam
2007-04-10 06:52 -------- d-------- C:\Program Files\xfire plus
2007-04-10 06:51 -------- d-------- C:\Program Files\winmx
2007-04-10 06:51 -------- d-------- C:\Program Files\voicemaskpro
2007-04-10 06:51 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-04-10 06:48 -------- d-------- C:\Program Files\shareaza
2007-04-10 06:30 -------- d-------- C:\Program Files\tortuga - pirates of the new world
2007-04-10 06:30 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\coreftp
2007-04-06 03:46 -------- d-------- C:\Program Files\smartftp client 2.0
2007-04-02 11:21 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\caphyon
2007-04-01 04:00 -------- d-------- C:\Program Files\bearshare applications
2007-04-01 03:16 -------- d-------- C:\Program Files\microsoft games
2007-03-29 01:26 -------- d-------- C:\Program Files\samp keybinds
2007-03-26 13:45 -------- d-------- C:\Program Files\azureus ultra accelerator
2007-03-26 13:45 -------- d-------- C:\Program Files\azureus speedup pro
2007-03-26 13:44 -------- d-------- C:\Program Files\webteh
2007-03-26 13:44 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\bsplayer
2007-03-26 01:05 646392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
2007-03-21 20:56 -------- d-------- C:\Program Files\rockstar games
2007-03-21 20:37 98304 --a------ C:\WINDOWS\SYSTEM32\cmdlineext.dll
2007-03-21 13:36 -------- d-------- C:\Program Files\nvidia corporation
2007-03-21 13:36 -------- d-------- C:\Program Files\Common Files\nvidia shared
2007-03-20 19:43 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\xfire plus
2007-03-20 19:38 -------- d-------- C:\Program Files\teamspeak2_rc2
2007-03-18 09:34 -------- d-------- C:\Program Files\msn messenger
2007-03-18 09:34 -------- d-------- C:\Program Files\messenger plus! live
2007-03-18 09:34 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\screenshot sender
2007-03-17 14:53 61 --a------ C:\WINDOWS\SYSTEM32\sysvcpdrv.sys
2007-03-17 14:50 -------- d-------- C:\Program Files\blaze audio
2007-03-17 14:43 292864 --a------ C:\WINDOWS\SYSTEM32\winsrv.dll
2007-03-17 12:50 28 --a------ C:\WINDOWS\SYSTEM32\srss.dat
2007-03-16 12:15 -------- d-------- C:\Program Files\ventsrv
2007-03-16 04:01 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\screaming bee
2007-03-16 03:57 -------- d-------- C:\Program Files\screaming bee
2007-03-16 01:47 73216 --a------ C:\WINDOWS\st6unst.exe
2007-03-16 01:47 286720 --------- C:\WINDOWS\setup1.exe
2007-03-14 19:27 972336 --a------ C:\WINDOWS\unrecode.exe
2007-03-14 19:20 133168 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\imagesrv.sys
2007-03-14 19:20 11568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\imagedrv.sys
2007-03-14 19:19 972336 --a------ C:\WINDOWS\unnerobackitup.exe
2007-03-14 19:19 95864 --a------ C:\WINDOWS\SYSTEM32\neroco.dll
2007-03-12 13:51 972336 --a------ C:\WINDOWS\unneromediahome.exe
2007-03-11 12:03 -------- d-------- C:\Program Files\aaresoft
2007-03-11 11:53 -------- d-------- C:\Program Files\avex
2007-03-10 07:15 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\motive
2007-03-10 05:53 34816 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSHDRV5C.sys
2007-03-09 04:07 -------- dr-h----- C:\DOCUME~1\-Raven-\APPLIC~1\yahoo!
2007-03-08 20:20 -------- d-------- C:\DOCUME~1\-Raven-\APPLIC~1\coolisoseek
2007-03-08 19:25 -------- d-------- C:\Program Files\bt home hub
2007-03-08 19:25 -------- d-------- C:\Program Files\bt broadband talk softphone
2007-03-08 19:19 -------- d-------- C:\Program Files\Common Files\motive
2007-03-08 19:19 -------- d-------- C:\Program Files\btbb_wcm
2007-03-08 16:36 577536 --a------ C:\WINDOWS\SYSTEM32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2007-03-08 16:00 -------- d-------- C:\Program Files\coolisoseek
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\SYSTEM32\win32k.sys
2007-03-05 13:55 -------- d-------- C:\Program Files\microsoft application compatibility toolkit 5
2007-03-05 01:10 147138 --a------ C:\DOCUME~1\-Raven-\APPLIC~1\cosmos prefs
2007-02-28 20:53 972336 --a------ C:\WINDOWS\unnerovision.exe
2007-02-28 15:41 972336 --a------ C:\WINDOWS\unneroshowtime.exe
2007-02-24 06:39 2318976 --a------ C:\WINDOWS\SYSTEM32\tukernel.exe
2007-02-20 13:31 2673 --a------ C:\WINDOWS\SYSTEM32\sdbackup.reg
2007-02-19 20:02 288 --a------ C:\WINDOWS\SYSTEM32\dvcstatebkp-{00000001-00000000-00000009-00001102-00000002-80611102}.dat
2007-02-19 20:02 288 --a------ C:\WINDOWS\SYSTEM32\dvcstate-{00000001-00000000-00000009-00001102-00000002-80611102}.dat
2007-02-14 01:49 2348 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-02-13 22:27 22016 --a------ C:\WINDOWS\SYSTEM32\partizan.exe
2007-02-05 21:17 185344 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll
2007-02-02 00:22 58880 --a------ C:\WINDOWS\SYSTEM32\vgzcepj.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"="C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"avast!"="G:\\PROGRA~1\\APPLIC~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"GSICONEXE"="gsicon.exe"
"DSLAGENTEXE"="dslagent.exe"
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=dword:00000001
"StartMenuLogOff"=dword:00000001
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{e57ce738-33e8-4c51-8354-bb4de9d215d1}"="C:\WINDOWS\system32\upnpui.dll"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winclk32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"FreeRAM XP"="\"C:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"eyeBeam SIP Client"="\"C:\\Program Files\\BT Broadband Talk Softphone\\BTSoftphone.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"
"VC7Player"="C:\\Program Files\\HHVcdV7Sys\\VC7Play.exe"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~1.DLL,ClientStartup -s"
"TQ566808"="\"D:\\Setup.exe\""
"EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P26 \"EPSON Stylus CX3600 Series\" /O6 \"USB001\" /M \"Stylus CX3600\""
"\\\\Office\\EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P35 \"\\\\Office\\EPSON Stylus CX3600 Series\" /O6 \"USB001\" /M \"Stylus CX3600\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Computer Alarm Clock"="C:\\Program Files\\Computer Alarm Clock\\cac.exe"
"LWBMOUSE"="C:\\Program Files\\PERFECT SERIES\\Optical MOUSE\\4.0\\MOUSE32A.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"CTHelper"="CTHELPER.EXE"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"atwtusb"="atwtusb.exe beta"
"Motive SmartBridge"="C:\\PROGRA~1\\BTHOME~1\\Help\\SMARTB~1\\BTHelpNotifier.exe"
"StartBitsReadmeBias"="C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Interatomstartbits\\File Mags.exe"
"btbb_wcm_McciTrayApp"="C:\\Program Files\\btbb_wcm\\McciTrayApp.exe"
"XFP: Multi-IM"="\"C:\\Program Files\\Xfire Plus\\Multi-IM\\MultiIM.exe\""
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^-Raven-^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\-Raven-\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^-Raven-^Start Menu^Programs^Startup^MetaCafe.lnk]
"path"="C:\\Documents and Settings\\-Raven-\\Start Menu\\Programs\\Startup\\MetaCafe.lnk"
"backup"="C:\\WINDOWS\\pss\\MetaCafe.lnkStartup"
"location"="Startup"
"command"="G:\\PROGRA~1\\Metacafe\\METACA~1.EXE /startup"
"item"="MetaCafe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="G:\\PROGRA~1\\APPLIC~1\\ACROBA~1\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\BT Broadband Desktop Help.lnk"
"backup"="C:\\WINDOWS\\pss\\BT Broadband Desktop Help.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BTHOME~1\\Help\\bin\\matcli.exe -boot"
"item"="BT Broadband Desktop Help"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MetaCafe.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\MetaCafe.lnk"
"backup"="C:\\WINDOWS\\pss\\MetaCafe.lnkCommon Startup"
"location"="Common Startup"
"command"="G:\\PROGRA~1\\Metacafe\\METACA~1.EXE /startup"
"item"="MetaCafe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dslagent"
"hkey"="HKLM"
"command"="dslagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ClientGW"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\eSnips\\ClientGW.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="C:\\Program Files\\Steam\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ulead Systems\\AutoDetector\\monitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zango"
"hkey"="HKLM"
"command"="\"c:\\program files\\zango\\zango.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Zboard"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ideazon\\ZEngine\\Zboard.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="\"G:\\Program Files\\Applications\\ZoneAlarm\\zlclient.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-02 11:29:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-02 11:31:32 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-02 11:31


Enjoy

gerbil May 2nd, 2007 8:13 am
Re: explorer.exe problem - Keeps restarting
 
Please rename hijackthis.exe to imabunny.exe, start it, do a Scan only and place checkmarks against the following for fixing, and press Fix Checked.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {69DC2C3D-BE96-4FEF-9878-E037F4090FB3} - C:\WINDOWS\system32\tjffrcyb.dll
O2 - BHO: (no name) - {721E3FFB-25B3-4CF7-A5DF-53D14BAE4183} - C:\WINDOWS\system32\vtsqr.dll (file missing)
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\xsapvtde.dll",realset
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\-Raven-\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O20 - Winlogon Notify: winclk32 - winclk32.dll (file missing)

Post a new HijackThis log. While I enjoy scanning your combofix log. Cynical swine.
-actually, these are my "crossword puzzles"

-could I see your old vundofix log also, please... combofix shows some files as once being there.. i cannot tell if they are still there without your log.

gerbil May 2nd, 2007 9:07 am
Re: explorer.exe problem - Keeps restarting
 
..and do a search for this file, pls [it is referenced in reg..]
winclk32.dll - i suspect it is/was in system32 - if you find it give me the path.

raven3961 May 2nd, 2007 4:45 pm
Re: explorer.exe problem - Keeps restarting
 
Okey dokey, I did the HJT thing, renamed the exe, ran it, did a scan, removed what you said o, then rescanned and got a log, here it is;

Logfile of HijackThis v1.99.1
Scan saved at 20:30:07, on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Applications\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Xfire\Xfire.exe
G:\Program Files\Applications\Mozilla Firefox\firefox.exe
C:\Program Files\hijackThis\imabunny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Applications\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Here is the old VundoFix log file(i think...it was called vundofix.txt, so i assume it is it);


VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 00:55:21 14/02/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 23:16:46 30/04/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\bdgadbid.dll
C:\WINDOWS\SYSTEM32\cbxwvtu.dll
C:\WINDOWS\SYSTEM32\ddahmhcv.dll
C:\WINDOWS\SYSTEM32\edtvpasx.ini
C:\WINDOWS\SYSTEM32\edtvpasx.ini2
C:\WINDOWS\SYSTEM32\edtvpasx.tmp
C:\WINDOWS\SYSTEM32\elqxpjaq.dll
C:\WINDOWS\system32\hnrejsyj.dll
C:\WINDOWS\SYSTEM32\iifdeca.dll
C:\WINDOWS\SYSTEM32\jagfomsp.dll
C:\WINDOWS\SYSTEM32\kkrtqhws.dll
C:\WINDOWS\SYSTEM32\kopphxfj.dll
C:\WINDOWS\SYSTEM32\lckepqmm.dll
C:\WINDOWS\SYSTEM32\lhthabkp.dll
C:\WINDOWS\SYSTEM32\njacadui.dll
C:\WINDOWS\SYSTEM32\owpkhdgg.dll
C:\WINDOWS\SYSTEM32\qnfmabwq.dll
C:\WINDOWS\SYSTEM32\rhltqnal.dll
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\SYSTEM32\teummyhu.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\SYSTEM32\wjtpflmh.dll
C:\WINDOWS\SYSTEM32\xsapvtde.dll
C:\WINDOWS\SYSTEM32\ykxwednd.dll
C:\WINDOWS\SYSTEM32\yohnkbbo.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\bdgadbid.dll
C:\WINDOWS\SYSTEM32\bdgadbid.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cbxwvtu.dll
C:\WINDOWS\SYSTEM32\cbxwvtu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ddahmhcv.dll
C:\WINDOWS\SYSTEM32\ddahmhcv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edtvpasx.ini
C:\WINDOWS\SYSTEM32\edtvpasx.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edtvpasx.ini2
C:\WINDOWS\SYSTEM32\edtvpasx.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edtvpasx.tmp
C:\WINDOWS\SYSTEM32\edtvpasx.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\elqxpjaq.dll
C:\WINDOWS\SYSTEM32\elqxpjaq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iifdeca.dll
C:\WINDOWS\SYSTEM32\iifdeca.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jagfomsp.dll
C:\WINDOWS\SYSTEM32\jagfomsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kkrtqhws.dll
C:\WINDOWS\SYSTEM32\kkrtqhws.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kopphxfj.dll
C:\WINDOWS\SYSTEM32\kopphxfj.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lckepqmm.dll
C:\WINDOWS\SYSTEM32\lckepqmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lhthabkp.dll
C:\WINDOWS\SYSTEM32\lhthabkp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\njacadui.dll
C:\WINDOWS\SYSTEM32\njacadui.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\owpkhdgg.dll
C:\WINDOWS\SYSTEM32\owpkhdgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qnfmabwq.dll
C:\WINDOWS\SYSTEM32\qnfmabwq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rhltqnal.dll
C:\WINDOWS\SYSTEM32\rhltqnal.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\rqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\teummyhu.dll
C:\WINDOWS\SYSTEM32\teummyhu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtsqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wjtpflmh.dll
C:\WINDOWS\SYSTEM32\wjtpflmh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xsapvtde.dll
C:\WINDOWS\SYSTEM32\xsapvtde.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ykxwednd.dll
C:\WINDOWS\SYSTEM32\ykxwednd.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yohnkbbo.dll
C:\WINDOWS\SYSTEM32\yohnkbbo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\cbxwvtu.dll
C:\WINDOWS\SYSTEM32\cbxwvtu.dll Has been deleted!

Performing Repairs to the registry.
Done!


And as for the file you wanted, i did a whole search onthe compuer, it isnt there. I dunno wether thats a good thing or not =P

gerbil May 3rd, 2007 2:39 am
Re: explorer.exe problem - Keeps restarting
 
Copy to notepad and save the lines between the stars as a file named wclkrem.reg to your desktop or C:\. Dclick it and answer Yes to merge it with your registry [it removes an entry to a malware file].
***********************************************
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winclk32]

***********************************************
Okay then.. moving on.... A point to make - I have included in the block of files to delete with Avenger one called partizan.exe: I can say that it is very doubtful..., but if you wish delete it from that list and instead go in to system32 and rename it to partizan.xbak [the x tells you it is an exe, right? if you need it back for a legit pgm..]

I don't know if you still have Vundofix [yours was the latest...] so here is the addy anyway.
[Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4 ]
Double-click VundoFix.exe to start it, click the Scan for Vundo button.
*****When the scan completes rclick inside the white text box, lclick the Addmore files? line, paste into the new window these two pathnames [one per line]:

C:\WINDOWS\SYSTEM32\vtsqo.dll
C:\WINNT\system32\oqstv.*

Click the Add Files button, and next the Remove Vundo button.*****

You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

You must be in an Administrator-privileged account to run this procedure...
==Download Avenger from http://swandog46.geekstogo.com/avenger.zip
-unzip it to your desktop and start it; select “Input script manually” and then click the magnifying glass icon. Paste into the box this line:-

Files to delete:
C:\WINDOWS\SYSTEM32\vtsqo.dll
C:\WINDOWS\SYSTEM32\qqstv.ini2
C:\kjhgc.exe
C:\WINDOWS\SYSTEM32\nvzrbgi_nav.dat
C:\WINDOWS\SYSTEM32\avastss.scr
C:\WINDOWS\SYSTEM32\tmp.reg
C:\WINDOWS\SYSTEM32\partizan.exe
C:\WINDOWS\SYSTEM32\vgzcepj.dll

...and click Done, and finally the green light.
Follow promps to reboot your machine.
[The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.]
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt

Please post that log file plus the contents of C:\vundofix.txt plus a new HijackThis log.

raven3961 May 3rd, 2007 8:31 am
Re: explorer.exe problem - Keeps restarting
 
Ok, here are the logs, but in terms of deleting Partizan, I left it alone because it is my rootkit killer. The program as it comes up on startup is called: Regrun Partizan Rootkit Killer by Greatis Software. I used it when I had a rootkit problem, and kept it ever since with no further infections.

I followed your instructions, and I think it went off without a hitch, but you can be the judge of that with your godly patience and logfile reading skills. Once again, thank you for your time with helping me, its been a great help, and I really do appreciate it.

(Log file title are in bold font for easier reading =)

Avenger log file:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gbbtmcuq

*******************

Script file located at: \??\C:\Program Files\jireyoba.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\SYSTEM32\vtsqo.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\vtsqo.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\vtsqo.dll
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\qqstv.ini2 deleted successfully.
File C:\kjhgc.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\nvzrbgi_nav.dat deleted successfully.
File C:\WINDOWS\SYSTEM32\avastss.scr deleted successfully.
File C:\WINDOWS\SYSTEM32\tmp.reg deleted successfully.
File C:\WINDOWS\SYSTEM32\vgzcepj.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Vundofix Log File:


VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 00:55:21 14/02/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 23:16:46 30/04/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\bdgadbid.dll
C:\WINDOWS\SYSTEM32\cbxwvtu.dll
C:\WINDOWS\SYSTEM32\ddahmhcv.dll
C:\WINDOWS\SYSTEM32\edtvpasx.ini
C:\WINDOWS\SYSTEM32\edtvpasx.ini2
C:\WINDOWS\SYSTEM32\edtvpasx.tmp
C:\WINDOWS\SYSTEM32\elqxpjaq.dll
C:\WINDOWS\system32\hnrejsyj.dll
C:\WINDOWS\SYSTEM32\iifdeca.dll
C:\WINDOWS\SYSTEM32\jagfomsp.dll
C:\WINDOWS\SYSTEM32\kkrtqhws.dll
C:\WINDOWS\SYSTEM32\kopphxfj.dll
C:\WINDOWS\SYSTEM32\lckepqmm.dll
C:\WINDOWS\SYSTEM32\lhthabkp.dll
C:\WINDOWS\SYSTEM32\njacadui.dll
C:\WINDOWS\SYSTEM32\owpkhdgg.dll
C:\WINDOWS\SYSTEM32\qnfmabwq.dll
C:\WINDOWS\SYSTEM32\rhltqnal.dll
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\SYSTEM32\teummyhu.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\SYSTEM32\wjtpflmh.dll
C:\WINDOWS\SYSTEM32\xsapvtde.dll
C:\WINDOWS\SYSTEM32\ykxwednd.dll
C:\WINDOWS\SYSTEM32\yohnkbbo.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\bdgadbid.dll
C:\WINDOWS\SYSTEM32\bdgadbid.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cbxwvtu.dll
C:\WINDOWS\SYSTEM32\cbxwvtu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ddahmhcv.dll
C:\WINDOWS\SYSTEM32\ddahmhcv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edtvpasx.ini
C:\WINDOWS\SYSTEM32\edtvpasx.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edtvpasx.ini2
C:\WINDOWS\SYSTEM32\edtvpasx.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\edtvpasx.tmp
C:\WINDOWS\SYSTEM32\edtvpasx.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\elqxpjaq.dll
C:\WINDOWS\SYSTEM32\elqxpjaq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iifdeca.dll
C:\WINDOWS\SYSTEM32\iifdeca.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jagfomsp.dll
C:\WINDOWS\SYSTEM32\jagfomsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kkrtqhws.dll
C:\WINDOWS\SYSTEM32\kkrtqhws.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\kopphxfj.dll
C:\WINDOWS\SYSTEM32\kopphxfj.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lckepqmm.dll
C:\WINDOWS\SYSTEM32\lckepqmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lhthabkp.dll
C:\WINDOWS\SYSTEM32\lhthabkp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\njacadui.dll
C:\WINDOWS\SYSTEM32\njacadui.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\owpkhdgg.dll
C:\WINDOWS\SYSTEM32\owpkhdgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qnfmabwq.dll
C:\WINDOWS\SYSTEM32\qnfmabwq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rhltqnal.dll
C:\WINDOWS\SYSTEM32\rhltqnal.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\rqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\teummyhu.dll
C:\WINDOWS\SYSTEM32\teummyhu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtsqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wjtpflmh.dll
C:\WINDOWS\SYSTEM32\wjtpflmh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xsapvtde.dll
C:\WINDOWS\SYSTEM32\xsapvtde.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ykxwednd.dll
C:\WINDOWS\SYSTEM32\ykxwednd.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yohnkbbo.dll
C:\WINDOWS\SYSTEM32\yohnkbbo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\cbxwvtu.dll
C:\WINDOWS\SYSTEM32\cbxwvtu.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.21

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 11:57:37 03/05/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\vtsqo.dll
C:\WINDOWS\SYSTEM32\vtsqo.dll Has been deleted!

Performing Repairs to the registry.
Done!

New HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:24:07, on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Applications\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\Applications\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijackThis\imabunny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\APPLIC~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Applications\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Applications\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Applications\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

gerbil May 3rd, 2007 10:07 am
Re: explorer.exe problem - Keeps restarting
 
Thank you very much for the detailed feedback; about the best i've received [some folks you have to pick up n shake to get responses...]. I don't see any problems left, fixes seem to have gone smoothly so if you are happy delete the avenger backup folder and the vundo text, and the tools... no sense keeping what will be out of date in a month or so.
Thanks for the info on Partizan.
How's the sys working now?
Remember to update Java from control panel entry; then use add/remove pgms to delete all old versions.


All times are GMT -4. The time now is 10:21 am.
1 2
Show 40 post(s) from this thread on one page

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC