|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
06-30-2008, 12:39 PM
|
#1 (permalink) |
|
Registered User
|
explorer.exe restarting.
I'm not entirely sure when it started, or what's causing it, but something is making explorer.exe constantly restart. It does this numerous times every 6-7 seconds until finally it stops and doesn't try starting again.
I can use the task manager to run explorer manually but it does the same thing. I hate to be so vague on things, but that's about all I can find out. Here's the DSS log, and the extra will be attached: Code:
Deckard's System Scanner v20071014.68
Run by Dillon on 2008-06-30 14:07:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
56: 2008-06-30 19:07:47 UTC - RP885 - Deckard's System Scanner Restore Point
55: 2008-06-30 01:21:48 UTC - RP884 - Last known good configuration
54: 2008-06-30 01:21:42 UTC - RP883 - Last known good configuration
53: 2008-06-30 01:21:42 UTC - RP882 - Configured Unreal Tournament 3
52: 2008-06-30 01:21:42 UTC - RP881 - Last known good configuration
-- First Restore Point --
1: 2008-06-30 01:21:40 UTC - RP830 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Dillon.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:32 PM, on 6/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\MMKeybd.exe
C:\Program Files\PC Tools Firewall Plus\PCTFW.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dillon\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dillon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\imapi.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {565E374A-23FD-4FA2-AED5-5209A37A544B} - C:\WINDOWS\system32\qoMgHyVP.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DE9B30E2-D9DC-417B-99B3-3201F95D780C} - C:\WINDOWS\system32\ljJbyWqO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [PCTools FW] C:\Program Files\PC Tools Firewall Plus\PCTFW.exe /s
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188426025515
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188426004234
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: qoMgHyVP - C:\WINDOWS\SYSTEM32\qoMgHyVP.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 13510 bytes
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.ini - inifile - DefaultIcon - C:\Documents and Settings\All Users\Application Data\IconTweaker\Themes\PixeloramaGR\Pixelorama GR\Pixelorama GR.icl,23
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 GBDevice - c:\windows\system32\drivers\gbdevice.sys <Not Verified; Symantec Corporation; Norton GoBack>
R0 GoBack2K - c:\windows\system32\drivers\goback2k.sys <Not Verified; Symantec Corporation; Norton GoBack>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 pctfw1 - c:\windows\system32\drivers\pctfw1.sys <Not Verified; PC Tools; PC Tools TDI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 GBFSHook - c:\windows\system32\drivers\gbfshook.sys <Not Verified; Symantec Corporation; Norton GoBack>
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R3 SFilter (PCTools Driver) - c:\windows\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 CEDRIVER53 - c:\program files\cheat engine\dbk32.sys
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys (file missing)
S3 npkcrypt - c:\program files\forsaken-ro\zenro\npkcrypt.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 RushTopDevice - c:\program files\msi\core center\rushtop.sys <Not Verified; MICRO-STAR INT'L CO., LTD.; MSI CoreCenter>
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Speed Disk service - c:\progra~1\norton~1\norton~3\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 CBWAttn - c:\progra~1\simply\cbwattn.exe (file missing)
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/1000 PL Network Connection
Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_158C1462&REV_00\4&522B953&0&00E4
Manufacturer: Intel
Name: Intel(R) PRO/1000 PL Network Connection
PNP Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_158C1462&REV_00\4&522B953&0&00E4
Service: e1express
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\CBCE9110DC00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\CBCE9110DC00
Service: NIC1394
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: System speaker
Device ID: ACPI\PNP0800\4&1E5E1293&0
Manufacturer: (Standard system devices)
Name: System speaker
PNP Device ID: ACPI\PNP0800\4&1E5E1293&0
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-06-30 13:46:48 300 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
2008-06-29 03:00:00 488 --a------ C:\WINDOWS\Tasks\AdwareBot Scheduled Scan.job
2008-06-29 00:00:00 316 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job
2008-06-28 21:35:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-27 20:00:00 556 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Mac Daddy.job
-- Files created between 2008-05-30 and 2008-06-30 -----------------------------
2008-06-30 14:10:16 0 d-------- C:\Program Files\Trend Micro
2008-06-29 20:21:29 657467 --ahs---- C:\WINDOWS\system32\OqWybJjl.ini2
2008-06-29 20:21:26 284672 --a------ C:\WINDOWS\system32\ljJbyWqO.dll
2008-06-29 17:21:40 0 dr-h----- C:\Documents and Settings\Dillon\Recent
2008-06-29 16:11:15 68096 --a------ C:\WINDOWS\zip.exe
2008-06-29 16:11:15 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-29 16:11:15 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-29 16:11:15 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-29 16:11:15 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-29 16:11:15 98816 --a------ C:\WINDOWS\sed.exe
2008-06-29 16:11:15 80412 --a------ C:\WINDOWS\grep.exe
2008-06-29 16:11:15 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-29 13:48:36 0 d-------- C:\Program Files\Panda Security
2008-06-29 13:30:37 0 d-------- C:\Documents and Settings\Dillon\.housecall6.6
2008-06-29 10:29:40 33280 --a------ C:\WINDOWS\system32\qoMgHyVP.dll
2008-06-29 10:02:15 0 d-------- C:\Unreal Tournament 3
2008-06-22 00:30:35 0 dr-h----- C:\Documents and Settings\Mac Daddy\Recent
2008-06-18 20:33:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-14 05:49:47 0 d-------- C:\Documents and Settings\Dillon\Application Data\OpenOffice.org2
2008-06-14 05:48:06 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-05 23:14:19 0 d-------- C:\Documents and Settings\Mac Daddy\Application Data\AdwareBot
2008-06-05 23:12:11 0 d-------- C:\Program Files\Lavasoft
2008-05-30 22:32:55 0 d-------- C:\Program Files\EasyPHP 2.0b1
-- Find3M Report ---------------------------------------------------------------
2008-06-30 13:46:46 0 d-------- C:\Program Files\Norton SystemWorks
2008-06-29 10:02:50 0 d-------- C:\Program Files\AGEIA Technologies
2008-06-29 10:02:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 23:40:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-20 00:14:24 0 d-------- C:\Program Files\FlashGet
2008-06-18 20:35:16 0 d-------- C:\Program Files\QuickTime
2008-06-18 20:33:34 0 d-------- C:\Program Files\Apple Software Update
2008-06-18 10:41:35 0 d-------- C:\Program Files\BitComet
2008-06-18 10:35:49 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-06-17 04:39:36 0 d-------- C:\Program Files\Winamp
2008-06-14 05:47:48 0 d-------- C:\Program Files\Java
2008-06-08 11:24:41 0 d-------- C:\Program Files\World Of Warcraft
2008-05-30 17:36:48 0 d-------- C:\Program Files\Symantec
2008-05-28 00:39:54 0 d-------- C:\Program Files\Common Files
2008-05-28 00:39:54 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-27 17:07:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-26 11:24:43 0 d-------- C:\Program Files\Incomplete
2008-05-26 11:24:43 0 d-------- C:\Documents and Settings\Dillon\Application Data\LimeWire
2008-05-26 11:24:22 0 d-------- C:\Program Files\LimeWire
2008-05-25 21:46:18 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-05-25 21:45:31 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-25 21:39:28 0 d-------- C:\Program Files\HTML Help Workshop
2008-05-25 06:13:54 0 d-------- C:\Documents and Settings\Dillon\Application Data\Mozilla
2008-05-24 04:03:52 0 d-------- C:\Program Files\BitLord
2008-05-23 09:03:32 0 d-------- C:\Program Files\Cheat Engine
2008-05-18 08:49:06 0 d-------- C:\Program Files\ArtMoney
2008-05-17 04:58:36 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-17 04:58:36 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-05-17 04:58:35 0 d-------- C:\Program Files\Puzzle Quest
2008-05-15 14:25:03 34030 --a------ C:\logfile
2008-05-15 14:24:16 0 d-------- C:\Program Files\Lx_cats
2008-05-12 18:04:36 0 d-------- C:\Program Files\GameSpy Arcade
2008-05-12 17:58:27 0 d-------- C:\Program Files\Microsoft Games
2008-04-30 15:48:27 0 d-------- C:\Program Files\Messenger
2008-04-30 14:04:56 0 d-------- C:\Program Files\Movie Maker
2008-04-30 14:01:22 0 d-------- C:\Program Files\Windows NT
2008-04-22 09:10:06 76011 --a------ C:\WINDOWS\War3Unin.dat
2008-04-20 05:27:37 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-20 05:27:37 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{565E374A-23FD-4FA2-AED5-5209A37A544B}]
06/29/2008 10:29 AM 33280 --a------ C:\WINDOWS\system32\qoMgHyVP.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE9B30E2-D9DC-417B-99B3-3201F95D780C}]
06/29/2008 08:21 PM 284672 --a------ C:\WINDOWS\system32\ljJbyWqO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [06/07/2000 01:32 PM]
"DellTouch"="C:\WINDOWS\MMKeybd.exe" [09/05/2001 01:28 PM]
"PCTools FW"="C:\Program Files\PC Tools Firewall Plus\PCTFW.exe" [01/22/2007 11:26 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [11/02/2004 03:03 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/2008 06:33 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [10/3/2005 12:30:12 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{565E374A-23FD-4FA2-AED5-5209A37A544B}"= C:\WINDOWS\system32\qoMgHyVP.dll [06/29/2008 10:29 AM 33280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMgHyVP]
qoMgHyVP.dll 06/29/2008 10:29 AM 33280 C:\WINDOWS\system32\qoMgHyVP.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJbyWqO
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk
backup=C:\WINDOWS\pss\WordWeb.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mac Daddy^Start Menu^Programs^Startup^VirtualExpander.lnk]
path=C:\Documents and Settings\Mac Daddy\Start Menu\Programs\Startup\VirtualExpander.lnk
backup=C:\WINDOWS\pss\VirtualExpander.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
"C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
C:\Program Files\CursorXP\CursorXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeerHunter2005_Setup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InFishermanFreshwater.exe]
C:\DOCUME~1\MACDAD~1\MYDOCU~1\INFISH~1.EXE /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
AutoRun\command- M:\AUTORUN.EXE
-- End of Deckard's System Scanner: finished at 2008-06-30 14:15:10 ------------
|
|
     
|
|
| Thread Tools | |
|
|
