Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
[SOLVED] Explorer Shell Restarting Continuosly [SOLVED] Explorer Shell Restarting Continuosly
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Closed Thread
 
Thread Tools
Old 05-06-2008, 03:08 PM   #1 (permalink)
Registered User
 
Screwauger's Avatar
 
Join Date: Jul 2006
Posts: 46
OS: Win ME


[SOLVED] Explorer Shell Restarting Continuosly
I was unable to complete step one or two very well. The Panda scan froze twice at 40% and each time it took over four hours to get that far. Step one was not possible as I was unable to find/access the control panel.

My explorer shell started restarting this morning after I uninstalled AVG anti-virus 7.5 and installed AVG 8. Attempted two restores but no effect and the system does the same thing in safe mode. Explorer restarts every five or ten seconds. Was able to do some things through the Task Mgr and I can access the internet through same.

Below is my DSS scan and attached is my DSS Extra info. Not sure what else to do but I am seriously crippled here:

Deckard's System Scanner v20071014.68
Run by Steven on 2008-05-06 17:41:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
78: 2008-05-06 21:42:08 UTC - RP567 - Deckard's System Scanner Restore Point
77: 2008-05-06 14:38:36 UTC - RP566 - Last known good configuration
76: 2008-05-06 14:38:20 UTC - RP565 - Restore Operation
75: 2008-05-06 14:38:20 UTC - RP564 - Installed AVG 8.0
74: 2008-05-06 14:38:19 UTC - RP563 - Removed AVG 8.0


-- First Restore Point --
1: 2008-05-06 14:38:16 UTC - RP490 - Installed Microsoft Office Professional Edition 2003


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-06 17:47:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LexBceS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Lexpps.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Steven\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} - C:\WINDOWS\system32\xxyawvWq.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {CD7734B8-F5C9-4580-A778-8CE51E0D5B1D} - C:\WINDOWS\system32\qoMeCurO.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Steven\Desktop\New Folder\muBlinder.exe -startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://www.fileplanet.com (HKCU)
O15 - Trusted Zone: https://www.freewarepark.com (HKCU)
O15 - Trusted Zone: https://www.maine.gov (HKCU)
O15 - Trusted Zone: http://www.maine.gov (HKCU)
O15 - Trusted Zone: https://inet.state.me.us (HKCU)
O15 - Trusted Zone: https://portal.bisoe.state.me.us (HKCU)
O15 - Trusted Zone: https://portalxeis.bisoex.state.me.us (HKCU)
O15 - Trusted Zone: https://www.bdsnet.dbds.state.me.us (HKCU)
O15 - ProtocolDefaults: Unknown 'about' protocol is in Restricted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'mhtml' protocol is in Restricted Zone (HKLM)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} () - http://tmss.trendmicro.com/Dashboard...MSSReportW.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} () - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} () - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - http://www.computerandvideogames.com...der_v10_en.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} () - http://www.trueswitch.com/TrueInstall.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: xxyawvWq - C:\WINDOWS\system32\xxyawvWq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LexBceS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE


--
End of file - 9727 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.txt - txtfile - shell\open\command - Notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 Scap (SecureClient Application Policy Module) - c:\windows\system32\drivers\scap.sys <Not Verified; Check Point Software Technologies; desktop>
R2 VPN-1 (VPN-1 Module) - c:\windows\system32\drivers\vpn.sys <Not Verified; Check Point Software Technologies; vpn1>
R3 wlanndi5 (wlanndi5 NDIS Protocol Driver) - c:\windows\system32\wlanndi5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S1 EACMOS - c:\windows\system32\drivers\eacmos.sys (file missing)
S1 FreeTdi (Freedom Filter) - c:\windows\system32\drivers\freetdi.sys <Not Verified; Zero-Knowledge Systems Inc.; Freedom>
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 SR_Service (Check Point SecuRemote Service) - "c:\program files\checkpoint\securemote\bin\sr_service.exe" <Not Verified; Check Point Software Technologies; VPN-1 SecuRemote/SecureClient>
R2 SR_WatchDog (Check Point SecuRemote WatchDog) - "c:\program files\checkpoint\securemote\bin\sr_watchdog.exe" <Not Verified; Check Point Software Technologies; desktop>

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 wfxsvc (WinFax PRO) - c:\windows\system32\wfxsvc.exe <Not Verified; Symantec Corporation; Symantec WinFax PRO>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Logitech-compatible Mouse PS/2
Device ID: ACPI\PNP0F13\4&2EEFE43E&0
Manufacturer: Logitech
Name: Logitech-compatible Mouse PS/2
PNP Device ID: ACPI\PNP0F13\4&2EEFE43E&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-05-06 15:00:06 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-30 20:38:03 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-20 22:00:18 478 --a----c- C:\WINDOWS\Tasks\SmartDefrag.job


-- Files created between 2008-04-06 and 2008-05-06 -----------------------------

2008-05-06 13:46:00 0 d-------- C:\Program Files\ExplorerXP
2008-05-06 11:50:18 0 d-------- C:\ie-spyad_zo
2008-05-06 11:44:44 0 d-------- C:\Program Files\SpywareBlaster
2008-05-06 11:34:58 0 d-------- C:\Program Files\Panda Security
2008-05-06 10:31:40 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-06 10:31:26 0 dr-h----- C:\Documents and Settings\Steven\Recent
2008-05-06 09:12:22 0 d-------- C:\Program Files\AVG
2008-05-06 09:12:21 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-06 09:12:16 12999 --ahs---- C:\WINDOWS\system32\OruCeMoq.ini2
2008-05-06 09:11:58 281088 --a------ C:\WINDOWS\system32\qoMeCurO.dll
2008-05-06 0953 44544 --a------ C:\WINDOWS\system32\xxyawvWq.dll
2008-04-10 20:31:59 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-10 20:31:20 0 --a----c- C:\WINDOWS\ativpsrm.bin
2008-04-10 20:26:08 12533760 --a------ C:\Documents and Settings\Steven\ntuser.dat
2008-04-10 20:25:04 593920 -------c- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-04-10 20:24:28 0 d-------- C:\Program Files\ATI Technologies
2008-04-08 23:27:26 0 d-------- C:\Program Files\Karen's Power Tools
2008-04-08 23:27:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
2008-04-08 23:20:00 0 d-------- C:\Widget
2008-04-07 18:56:51 0 d-------- C:\Program Files\Any FLV Player
2008-04-06 15:48:29 0 d-------- C:\Program Files\Winamp
2008-04-06 15:48:29 0 d-------- C:\Documents and Settings\Steven\Application Data\Winamp


-- Find3M Report ---------------------------------------------------------------

2008-05-06 17:13:30 0 d-------- C:\Program Files\DAP
2008-05-06 10:31:59 0 d-------- C:\Documents and Settings\Steven\Application Data\DNA
2008-05-06 0903 0 d-------- C:\Documents and Settings\Steven\Application Data\BitTorrent
2008-04-03 09:04:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-03 08:53:57 0 d-------- C:\Program Files\Common Files
2008-04-02 22:49:59 0 d-------- C:\Documents and Settings\Steven\Application Data\Adobe
2008-04-02 16:31:46 0 d-------- C:\Program Files\Acro Software
2008-04-02 07:45:47 0 d-------- C:\Program Files\EA SPORTS
2008-04-01 23:29:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 21:59:18 0 d-------- C:\Program Files\InterActual
2008-04-01 21:55:39 0 d-------- C:\Program Files\Roxio
2008-04-01 21:30:01 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-01 21:29:57 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-01 21:24:51 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-01 19:34:56 0 d-------- C:\Program Files\Compaq SoftPaqs
2008-04-01 19:22:37 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-31 23:17:13 0 d-------- C:\Documents and Settings\Steven\Application Data\Roxio
2008-03-31 21:30:51 0 d-------- C:\Program Files\Common Files\SightSpeed
2008-03-31 21:28:30 0 d-------- C:\Program Files\DivX
2008-03-31 09:44:29 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-30 17:47:22 0 d-------- C:\Documents and Settings\Steven\Application Data\Ahead
2008-03-30 14:38:25 0 d-------- C:\Program Files\Nero
2008-03-29 20:59:47 0 d-------- C:\Program Files\Windows Desktop Search
2008-03-29 17:51:54 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-29 15:45:22 0 d-------- C:\Program Files\Microsoft Works
2008-03-29 15:44:52 0 d-------- C:\Program Files\MSBuild
2008-03-29 15:41:52 0 d-------- C:\Program Files\Microsoft.NET
2008-03-29 15:25:35 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-26 13:45:51 0 d-------- C:\Documents and Settings\Steven\Application Data\Juniper Networks
2008-03-26 07:31:47 0 d-------- C:\Program Files\Java
2008-03-24 09:58:31 0 dr-h----- C:\Documents and Settings\Steven\Application Data\SecuROM
2008-03-24 08:22:32 0 d-------- C:\Documents and Settings\Steven\Application Data\DAEMON Tools
2008-03-24 07:15:32 0 d-------- C:\Documents and Settings\Steven\Application Data\DAEMON Tools Pro
2008-03-24 07:02:50 0 d-------- C:\Program Files\XP Codec Pack
2008-03-23 10:22:44 7460 --a----c- C:\Documents and Settings\Steven\Application Data\ViewerApp.dat
2008-03-22 20:29:56 0 d-------- C:\Program Files\DNA
2008-03-16 0937 0 d-------- C:\Documents and Settings\Steven\Application Data\skypePM
2008-03-06 11:29:44 962560 --a----c- C:\WINDOWS\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-02-15 15:48:27 664 --a----c- C:\WINDOWS\system32\d3d9caps.dat
2008-02-15 13:16:28 2210 --a----c- C:\WINDOWS\system32\tmp.reg
2008-02-15 11:46:49 3444 --a----c- C:\WINDOWS\unins000.dat
2008-02-15 11:46:07 691545 --a----c- C:\WINDOWS\unins000.exe
2008-02-09 00:55:49 85504 --a----c- C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-08 11:37:47 82432 --a----c- C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}]
05/06/2008 09:06 AM 44544 --a------ C:\WINDOWS\system32\xxyawvWq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD7734B8-F5C9-4580-A778-8CE51E0D5B1D}]
05/06/2008 09:12 AM 281088 --a------ C:\WINDOWS\system32\qoMeCurO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [01/09/2001 12:47 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 10:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [10/29/2007 04:43 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 02:30 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [07/31/2006 09:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [01/08/2008 12:29 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/06/2008 09:12 AM]
"muBlinder"="C:\Documents and Settings\Steven\Desktop\New Folder\muBlinder.exe" [03/27/2008 07:29 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [06/07/2004 04:53 PM]
"MCW Startup"="C:\Program Files\Monitor Calibration Wizard\MCW.exe" [12/20/2002 05:06 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/10/2008 08:19 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"ClearRecentDocsOnExit"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoUserNameInStartMenu"=1 (0x1)
"NoInstrumentation"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"NoSharedDocuments"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [07/27/1998 05:54 AM 38400]
"{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}"= C:\WINDOWS\system32\xxyawvWq.dll [05/06/2008 09:06 AM 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 03/01/2005 07:49 PM 24672 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyawvWq]
xxyawvWq.dll 05/06/2008 09:06 AM 44544 C:\WINDOWS\system32\xxyawvWq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMeCurO

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LIMExplorer Patch15.exe]
backup=C:\WINDOWS\pss\LIMExplorer Patch15.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Steven^Start Menu^Programs^Startup^Vista sidebar.lnk]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQU]
C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cleanup]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQEASYACC]
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iconcache]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCW Startup]
"C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mousotron]
C:\Program Files\Mousotron\Mousotron.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
"C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startemdoit]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinOverBoost]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)
"wfxsvc"=2 (0x2)
"TapiSrv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"helpsvc"=2 (0x2)
"WinDefend"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WINDVDPatch"=CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k




-- End of Deckard's System Scanner: finished at 2008-05-06 17:49:46 ------------
Attached Files
File Type: txt extra.txt (25.6 KB, 0 views)
Screwauger is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-08-2008, 08:34 PM   #2 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3


Re: [SOLVED] Explorer Shell Restarting Continuosly
Do you still require help ?.I can see malware in your log.If so,do this.

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
__________________
An Australian Member of



Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Closed Thread

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:22 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82