[SOLVED] Explorer Shell Restarting Continuosly

Screwauger · 05-06-2008, 03:08 PM

I was unable to complete step one or two very well. The Panda scan froze twice at 40% and each time it took over four hours to get that far. Step one was not possible as I was unable to find/access the control panel.

My explorer shell started restarting this morning after I uninstalled AVG anti-virus 7.5 and installed AVG 8. Attempted two restores but no effect and the system does the same thing in safe mode. Explorer restarts every five or ten seconds. Was able to do some things through the Task Mgr and I can access the internet through same.

Below is my DSS scan and attached is my DSS Extra info. Not sure what else to do but I am seriously crippled here:

Deckard's System Scanner v20071014.68
Run by Steven on 2008-05-06 17:41:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
78: 2008-05-06 21:42:08 UTC - RP567 - Deckard's System Scanner Restore Point
77: 2008-05-06 14:38:36 UTC - RP566 - Last known good configuration
76: 2008-05-06 14:38:20 UTC - RP565 - Restore Operation
75: 2008-05-06 14:38:20 UTC - RP564 - Installed AVG 8.0
74: 2008-05-06 14:38:19 UTC - RP563 - Removed AVG 8.0

-- First Restore Point --
1: 2008-05-06 14:38:16 UTC - RP490 - Installed Microsoft Office Professional Edition 2003

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-06 17:47:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LexBceS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Lexpps.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Steven\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4F96CCB9-01EC-419E-AAEA-C2C913F2A236} - C:\WINDOWS\system32\xxyawvWq.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {CD7734B8-F5C9-4580-A778-8CE51E0D5B1D} - C:\WINDOWS\system32\qoMeCurO.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Steven\Desktop\New Folder\muBlinder.exe -startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://www.fileplanet.com (HKCU)
O15 - Trusted Zone: https://www.freewarepark.com (HKCU)
O15 - Trusted Zone: https://www.maine.gov (HKCU)
O15 - Trusted Zone: http://www.maine.gov (HKCU)
O15 - Trusted Zone: https://inet.state.me.us (HKCU)
O15 - Trusted Zone: https://portal.bisoe.state.me.us (HKCU)
O15 - Trusted Zone: https://portalxeis.bisoex.state.me.us (HKCU)
O15 - Trusted Zone: https://www.bdsnet.dbds.state.me.us (HKCU)
O15 - ProtocolDefaults: Unknown 'about' protocol is in Restricted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'mhtml' protocol is in Restricted Zone (HKLM)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} () - http://tmss.trendmicro.com/Dashboard...MSSReportW.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} () - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} () - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - http://www.computerandvideogames.com...der_v10_en.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} () - http://www.trueswitch.com/TrueInstall.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: xxyawvWq - C:\WINDOWS\system32\xxyawvWq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LexBceS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 9727 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.txt - txtfile - shell\open\command - Notepad.exe %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 Scap (SecureClient Application Policy Module) - c:\windows\system32\drivers\scap.sys <Not Verified; Check Point Software Technologies; desktop>
R2 VPN-1 (VPN-1 Module) - c:\windows\system32\drivers\vpn.sys <Not Verified; Check Point Software Technologies; vpn1>
R3 wlanndi5 (wlanndi5 NDIS Protocol Driver) - c:\windows\system32\wlanndi5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S1 EACMOS - c:\windows\system32\drivers\eacmos.sys (file missing)
S1 FreeTdi (Freedom Filter) - c:\windows\system32\drivers\freetdi.sys <Not Verified; Zero-Knowledge Systems Inc.; Freedom>
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 SR_Service (Check Point SecuRemote Service) - "c:\program files\checkpoint\securemote\bin\sr_service.exe" <Not Verified; Check Point Software Technologies; VPN-1 SecuRemote/SecureClient>
R2 SR_WatchDog (Check Point SecuRemote WatchDog) - "c:\program files\checkpoint\securemote\bin\sr_watchdog.exe" <Not Verified; Check Point Software Technologies; desktop>

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 wfxsvc (WinFax PRO) - c:\windows\system32\wfxsvc.exe <Not Verified; Symantec Corporation; Symantec WinFax PRO>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Logitech-compatible Mouse PS/2
Device ID: ACPI\PNP0F13\4&2EEFE43E&0
Manufacturer: Logitech
Name: Logitech-compatible Mouse PS/2
PNP Device ID: ACPI\PNP0F13\4&2EEFE43E&0
Service: i8042prt

-- Scheduled Tasks -------------------------------------------------------------

2008-05-06 15:00:06 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-30 20:38:03 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-20 22:00:18 478 --a----c- C:\WINDOWS\Tasks\SmartDefrag.job

-- Files created between 2008-04-06 and 2008-05-06 -----------------------------

2008-05-06 13:46:00 0 d-------- C:\Program Files\ExplorerXP
2008-05-06 11:50:18 0 d-------- C:\ie-spyad_zo
2008-05-06 11:44:44 0 d-------- C:\Program Files\SpywareBlaster
2008-05-06 11:34:58 0 d-------- C:\Program Files\Panda Security
2008-05-06 10:31:40 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-06 10:31:26 0 dr-h----- C:\Documents and Settings\Steven\Recent
2008-05-06 09:12:22 0 d-------- C:\Program Files\AVG
2008-05-06 09:12:21 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-06 09:12:16 12999 --ahs---- C:\WINDOWS\system32\OruCeMoq.ini2
2008-05-06 09:11:58 281088 --a------ C:\WINDOWS\system32\qoMeCurO.dll
2008-05-06 09

53 44544 --a------ C:\WINDOWS\system32\xxyawvWq.dll
2008-04-10 20:31:59 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-10 20:31:20 0 --a----c- C:\WINDOWS\ativpsrm.bin
2008-04-10 20:26:08 12533760 --a------ C:\Documents and Settings\Steven\ntuser.dat
2008-04-10 20:25:04 593920 -------c- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-04-10 20:24:28 0 d-------- C:\Program Files\ATI Technologies
2008-04-08 23:27:26 0 d-------- C:\Program Files\Karen's Power Tools
2008-04-08 23:27:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
2008-04-08 23:20:00 0 d-------- C:\Widget
2008-04-07 18:56:51 0 d-------- C:\Program Files\Any FLV Player
2008-04-06 15:48:29 0 d-------- C:\Program Files\Winamp
2008-04-06 15:48:29 0 d-------- C:\Documents and Settings\Steven\Application Data\Winamp

-- Find3M Report ---------------------------------------------------------------

2008-05-06 17:13:30 0 d-------- C:\Program Files\DAP
2008-05-06 10:31:59 0 d-------- C:\Documents and Settings\Steven\Application Data\DNA
2008-05-06 09

03 0 d-------- C:\Documents and Settings\Steven\Application Data\BitTorrent
2008-04-03 09:04:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-03 08:53:57 0 d-------- C:\Program Files\Common Files
2008-04-02 22:49:59 0 d-------- C:\Documents and Settings\Steven\Application Data\Adobe
2008-04-02 16:31:46 0 d-------- C:\Program Files\Acro Software
2008-04-02 07:45:47 0 d-------- C:\Program Files\EA SPORTS
2008-04-01 23:29:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 21:59:18 0 d-------- C:\Program Files\InterActual
2008-04-01 21:55:39 0 d-------- C:\Program Files\Roxio
2008-04-01 21:30:01 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-01 21:29:57 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-01 21:24:51 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-01 19:34:56 0 d-------- C:\Program Files\Compaq SoftPaqs
2008-04-01 19:22:37 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-31 23:17:13 0 d-------- C:\Documents and Settings\Steven\Application Data\Roxio
2008-03-31 21:30:51 0 d-------- C:\Program Files\Common Files\SightSpeed
2008-03-31 21:28:30 0 d-------- C:\Program Files\DivX
2008-03-31 09:44:29 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-30 17:47:22 0 d-------- C:\Documents and Settings\Steven\Application Data\Ahead
2008-03-30 14:38:25 0 d-------- C:\Program Files\Nero
2008-03-29 20:59:47 0 d-------- C:\Program Files\Windows Desktop Search
2008-03-29 17:51:54 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-29 15:45:22 0 d-------- C:\Program Files\Microsoft Works
2008-03-29 15:44:52 0 d-------- C:\Program Files\MSBuild
2008-03-29 15:41:52 0 d-------- C:\Program Files\Microsoft.NET
2008-03-29 15:25:35 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-26 13:45:51 0 d-------- C:\Documents and Settings\Steven\Application Data\Juniper Networks
2008-03-26 07:31:47 0 d-------- C:\Program Files\Java
2008-03-24 09:58:31 0 dr-h----- C:\Documents and Settings\Steven\Application Data\SecuROM
2008-03-24 08:22:32 0 d-------- C:\Documents and Settings\Steven\Application Data\DAEMON Tools
2008-03-24 07:15:32 0 d-------- C:\Documents and Settings\Steven\Application Data\DAEMON Tools Pro
2008-03-24 07:02:50 0 d-------- C:\Program Files\XP Codec Pack
2008-03-23 10:22:44 7460 --a----c- C:\Documents and Settings\Steven\Application Data\ViewerApp.dat
2008-03-22 20:29:56 0 d-------- C:\Program Files\DNA
2008-03-16 09

37 0 d-------- C:\Documents and Settings\Steven\Application Data\skypePM
2008-03-06 11:29:44 962560 --a----c- C:\WINDOWS\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-02-15 15:48:27 664 --a----c- C:\WINDOWS\system32\d3d9caps.dat
2008-02-15 13:16:28 2210 --a----c- C:\WINDOWS\system32\tmp.reg
2008-02-15 11:46:49 3444 --a----c- C:\WINDOWS\unins000.dat
2008-02-15 11:46:07 691545 --a----c- C:\WINDOWS\unins000.exe
2008-02-09 00:55:49 85504 --a----c- C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-08 11:37:47 82432 --a----c- C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}]
05/06/2008 09:06 AM 44544 --a------ C:\WINDOWS\system32\xxyawvWq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD7734B8-F5C9-4580-A778-8CE51E0D5B1D}]
05/06/2008 09:12 AM 281088 --a------ C:\WINDOWS\system32\qoMeCurO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [01/09/2001 12:47 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 10:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 06:20 PM]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [10/29/2007 04:43 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 02:30 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [07/31/2006 09:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [01/08/2008 12:29 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/06/2008 09:12 AM]
"muBlinder"="C:\Documents and Settings\Steven\Desktop\New Folder\muBlinder.exe" [03/27/2008 07:29 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [06/07/2004 04:53 PM]
"MCW Startup"="C:\Program Files\Monitor Calibration Wizard\MCW.exe" [12/20/2002 05:06 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/10/2008 08:19 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"ClearRecentDocsOnExit"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsNetHood"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoUserNameInStartMenu"=1 (0x1)
"NoInstrumentation"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"NoSharedDocuments"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [07/27/1998 05:54 AM 38400]
"{4F96CCB9-01EC-419E-AAEA-C2C913F2A236}"= C:\WINDOWS\system32\xxyawvWq.dll [05/06/2008 09:06 AM 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 03/01/2005 07:49 PM 24672 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyawvWq]
xxyawvWq.dll 05/06/2008 09:06 AM 44544 C:\WINDOWS\system32\xxyawvWq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMeCurO

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LIMExplorer Patch15.exe]
backup=C:\WINDOWS\pss\LIMExplorer Patch15.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Steven^Start Menu^Programs^Startup^Vista sidebar.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQU]
C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cleanup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQEASYACC]
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iconcache]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCW Startup]
"C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mousotron]
C:\Program Files\Mousotron\Mousotron.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
"C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startemdoit]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinOverBoost]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)
"wfxsvc"=2 (0x2)
"TapiSrv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"iPod Service"=3 (0x3)
"helpsvc"=2 (0x2)
"WinDefend"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WINDVDPatch"=CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

-- End of Deckard's System Scanner: finished at 2008-05-06 17:49:46 ------------

**Pancake** · 05-08-2008, 08:34 PM

Do you still require help ?.I can see malware in your log.If so,do this.

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

05-08-2008, 08:34 PM	#2 (permalink)
Pancake Security Team (ret.) Join Date: Nov 2003 Location: Victoria.Australia Posts: 7,405 OS: XP Pro SP3	Re: [SOLVED] Explorer Shell Restarting Continuosly Do you still require help ?.I can see malware in your log.If so,do this. Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer. Please visit this webpage for download links, and instructions for running ComboFix When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know. __________________ An Australian Member of Eddy