Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
explorer.exe restarting constantly explorer.exe restarting constantly
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 12-23-2007, 06:33 AM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 7
OS: XP


explorer.exe restarting constantly
Hi, I've a problem similar to other threads on this forum with explorer.exe constantly restarting. I've removed as much spyware and virus's as I can with free programs and followed the steps outlined here. but I need help to finish the job. I had to skip Step 1 because I can't get access to the control pannel to add/remove programs. At the moment I have to run all programs from task manager. I've tried to start in safe mode and have the same issue too.I've XP SP2. DSS Report pasted below. extra.txt is attached and Panda report is attached too.
Any help would be much appreciated as I really need my computer back running asap!

DSS Main.txt

Deckard's System Scanner v20071014.68
Run by Connolly1 on 2007-12-23 12:57:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
18: 2007-12-22 20:14:44 UTC - RP570 - Deckard's System Scanner Restore Point
17: 2007-12-22 11:02:07 UTC - RP569 - Pre-Fix
16: 2007-12-21 22:39:48 UTC - RP568 - Installed SUPERAntiSpyware Free Edition
15: 2007-12-20 23:55:43 UTC - RP567 - Last known good configuration
14: 2007-12-20 23:55:02 UTC - RP566 - Restore Operation


-- First Restore Point --
1: 2007-12-20 23:54:46 UTC - RP553 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Connolly1.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:44, on 23/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Connolly1\Desktop\dss.exe
C:\DOCUME~1\CONNOL~1\Desktop\Connolly1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtssr.exe
O1 - Hosts: 11.18.250.4 ad.doubleclick.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {4A572F78-9882-4E1E-A1AB-E1BCD07E7BA3} - C:\WINDOWS\system32\vtssr.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\byxyvut.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\system32\BMUpdate.exe
O4 - HKCU\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O4 - Startup: findfast .exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Connolly1\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/152f7865...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111620563768
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cin...nematycoon.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEA286AB-0D71-48B3-83CA-5E529D05BFAD}: NameServer = 172.31.140.69 172.30.140.69
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: actapi - C:\WINDOWS\
O20 - Winlogon Notify: byxyvut - C:\WINDOWS\SYSTEM32\byxyvut.dll
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JMP License Service - SAS Institute Inc. - C:\Program Files\Common Files\SAS Institute Inc Shared\Service\JMPLicSvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

--
End of file - 9576 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 JMP License Service - "c:\program files\common files\sas institute inc shared\service\jmplicsvc.exe" <Not Verified; SAS Institute Inc.; JMP License Service>
S3 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; Networks Associates Technology. Inc.; McAfee SpamKiller>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play Monitor
Device ID: DISPLAY\LGPB946\4&323C6B04&0&00000400&00&02
Manufacturer: (Standard monitor types)
Name: Plug and Play Monitor
PNP Device ID: DISPLAY\LGPB946\4&323C6B04&0&00000400&00&02
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-11-30 18:30:00 358 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CONNOLLY-Connolly1).job


-- Files created between 2007-11-23 and 2007-12-23 -----------------------------

2007-12-22 19:58:17 0 d-------- C:\ie-spyad_zo
2007-12-22 19:54:52 0 d-------- C:\Program Files\SpywareBlaster
2007-12-22 15:41:22 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2007-12-22 15:26:55 8576 --a------ C:\WINDOWS\system32\drivers\jwlrdkkdrvrc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-22 15:00:13 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-21 22:41:11 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-21 22:39:55 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-21 22:39:54 0 d-------- C:\Documents and Settings\Connolly1\Application Data\SUPERAntiSpyware.com
2007-12-21 13:28:08 0 d-------- C:\Documents and Settings\Connolly1\Application Data\Grisoft
2007-12-21 12:29:16 176128 --a------ C:\WINDOWS\system32\BMUpdate .exe <Not Verified; EchoBahn.com; BMUpdate Application>
2007-12-20 19:49:22 9728 --a------ C:\WINDOWS\shell.exe
2007-12-20 19:49:18 18944 --a------ C:\WINDOWS\system32\wowfx.dll
2007-12-20 19:46:08 13107200 --a------ C:\Documents and Settings\Connolly1\ntuser.dat
2007-12-20 19:45:41 335360 --a------ C:\WINDOWS\system32\vtssr.exe
2007-12-20 19:45:32 11697 --ahs---- C:\WINDOWS\system32\rsstv.ini2
2007-12-20 19:45:18 331776 --a------ C:\WINDOWS\system32\vtssr.dll
2007-12-20 19:42:32 0 d-------- C:\Program Files\Helper
2007-12-20 19:41:08 0 d-------- C:\WINDOWS\system32\njprckha
2007-12-20 19:41:07 0 d-------- C:\Program Files\SecCenter
2007-12-20 19:41:00 0 d-------- C:\Program Files\Hiwcohyn
2007-12-20 19:40:32 38912 --a------ C:\WINDOWS\system32\khfgdbb.dll
2007-12-20 19:40:25 0 d-------- C:\Program Files\mxapaxkv
2007-12-20 19:39:55 40448 --a------ C:\WINDOWS\system32\byxyvut.dll
2007-12-16 15:41:08 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-16 15:41:08 0 d-------- C:\Documents and Settings\Connolly1\Application Data\Vso
2007-12-16 15:41:08 47360 --a------ C:\Documents and Settings\Connolly1\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-16 15:41:08 81920 --a------ C:\Documents and Settings\Connolly1\Application Data\ezpinst.exe
2007-12-16 15:40:44 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-12-16 15:40:44 314368 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-12-16 15:40:41 0 d-------- C:\Program Files\Video Convert Master
2007-12-16 15:11:23 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2007-12-16 15:11:23 139264 --a------ C:\WINDOWS\system32\viscomqtde.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2007-12-16 15:11:23 475136 --a------ C:\WINDOWS\system32\SkinCrafter.dll <Not Verified; DMSoft Technologies; SkinCrafter Module>
2007-12-16 15:11:21 0 d-------- C:\Program Files\A-one PSP Video Convertor
2007-12-16 1459 0 d-------- C:\Program Files\Sony
2007-12-16 1441 0 d-------- C:\Program Files\Common Files\Sony Shared
2007-12-15 17:51:00 0 d-------- C:\Documents and Settings\Connolly1\Application Data\Media Player Classic
2007-12-15 17:50:11 0 d-------- C:\Program Files\Essentials Codec Pack
2007-11-26 23:27:03 0 d-------- C:\Documents and Settings\Connolly1\Application Data\Adssite Advanced Toolbar
2007-11-26 23:27:02 0 d-------- C:\Program Files\Adssite Advanced Toolbar


-- Find3M Report ---------------------------------------------------------------

2007-12-22 18:37:56 0 d-------- C:\Program Files\MSN Messenger
2007-12-22 1846 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-22 12:05:58 0 d-------- C:\Documents and Settings\Connolly1\Application Data\LimeWire
2007-12-22 10:27:50 0 d-------- C:\Documents and Settings\Connolly1\Application Data\AVG7
2007-12-21 22:38:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 00:31:23 0 d-------- C:\Program Files\QuickTime
2007-12-16 15:41:47 34 --a------ C:\Documents and Settings\Connolly1\Application Data\pcouffin.log
2007-12-16 15:41:11 1144 --a------ C:\Documents and Settings\Connolly1\Application Data\pcouffin.inf
2007-12-16 15:41:11 7176 --a------ C:\Documents and Settings\Connolly1\Application Data\pcouffin.cat
2007-12-16 1441 0 d-------- C:\Program Files\Common Files
2007-12-08 12:23:20 0 d-------- C:\Program Files\SopCast
2007-12-08 12:21:17 0 d-------- C:\Documents and Settings\Connolly1\Application Data\SopCast
2007-11-25 13:13:32 0 d-------- C:\Program Files\Master Of Defense
2007-11-25 11:15:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-25 11:12:15 0 d-------- C:\Program Files\Google
2007-11-25 11:09:51 0 --a------ C:\Documents and Settings\Connolly1\Application Data\.googlewebacchosts
2007-11-15 21:23:35 0 d-------- C:\Documents and Settings\Connolly1\Application Data\VideoEgg
2007-11-04 13:01:07 0 d-------- C:\Program Files\Java
2007-10-28 12:53:21 0 d-------- C:\Program Files\TVAnts
2007-10-27 15:57:12 0 d-------- C:\Program Files\Breit Technologies
2007-10-20 15:05:31 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-10-15 19:29:37 10 --a------ C:\WINDOWS\smdat32m.sys
2007-10-15 19:01:49 0 --a------ C:\WINDOWS\smdat32a.sys
2007-10-14 15:48:03 1327 --a------ C:\WINDOWS\EntPack.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A572F78-9882-4E1E-A1AB-E1BCD07E7BA3}]
20/12/2007 19:45 331776 --a------ C:\WINDOWS\system32\vtssr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB0B918E-A0A8-482B-8D75-A682816B0C7B}]
20/12/2007 19:39 40448 --a------ C:\WINDOWS\system32\byxyvut.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMUpdate"="C:\WINDOWS\system32\BMUpdate.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [23/12/2007 12:43]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" []

C:\Documents and Settings\Connolly1\Start Menu\Programs\Startup\
DESKTOP.INI [10/08/2004 13:04:12]
findfast .exe [23/12/2007 12:43:41]
findfast .exe [23/12/2007 12:43:44]
findfast .exe [23/12/2007 12:43:45]
findfast .exe [23/12/2007 12:43:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [10/08/2004 13:04:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DB0B918E-A0A8-482B-8D75-A682816B0C7B}"= C:\WINDOWS\system32\byxyvut.dll [20/12/2007 19:39 40448]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\shell.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\actapi]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvut]
byxyvut.dll 20/12/2007 19:39 40448 C:\WINDOWS\SYSTEM32\byxyvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winubg32]
winubg32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtssr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFStub]
C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
C:\Program Files\ScanSoft\PDF Converter 3.0\\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe /disabled


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb848320-7b3f-11dc-8b4c-0011436e3f5a}]
AutoRun\command- F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb848324-7b3f-11dc-8b4c-0011436e3f5a}]
AutoRun\command- F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb848325-7b3f-11dc-8b4c-0011436e3f5a}]
AutoRun\command- E:\AutoRun.exe




-- Hosts -----------------------------------------------------------------------

11.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.co


-- End of Deckard's System Scanner: finished at 2007-12-23 13:05:15 ------------
Attached Files
File Type: txt extra.txt (25.3 KB, 0 views)
File Type: txt Panda Report.txt (16.2 KB, 0 views)
mconnigle is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 11:53 AM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: explorer.exe restarting constantly
www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-24-2007, 05:27 AM   #3 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 7
OS: XP


Re: explorer.exe restarting constantly
Hi subs, thanks for your reply. That seems to have done the trick, explorer.exe is staying running at least. Logs are posted below....

Combo Fix Log

ComboFix 07-12-24.8 - Connolly1 2007-12-24 11:28:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.52 [GMT 0:00]
Running from: C:\Documents and Settings\Connolly1\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Connolly1\My Documents\Mark\Matsui120MR\Programs\_desktop.ini
C:\Program Files\Helper
C:\Program Files\mxapaxkv
C:\Program Files\mxapaxkv\oraxaryj.dll
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\shell.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\khfgdbb.dll
C:\WINDOWS\system32\vtssr.dll
C:\WINDOWS\system32\wowfx.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-24 10:52 . 2007-12-24 10:52 335,360 --a------ C:\WINDOWS\SYSTEM32\vtssr.exe
2007-12-23 23:01 . 2007-12-23 23:01 331,776 --a------ C:\WINDOWS\SYSTEM32\vtssr.dll.vir
2007-12-23 22:47 . 2007-12-24 11:37 <DIR> d-------- C:\Program Files\Trojan Remover
2007-12-23 22:47 . 2007-12-23 22:47 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\Simply Super Software
2007-12-23 22:47 . 2007-12-23 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-12-23 22:47 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\SYSTEM32\ztvunrar36.dll
2007-12-23 22:47 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\SYSTEM32\UNRAR3.dll
2007-12-23 22:47 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\SYSTEM32\ztvunace26.dll
2007-12-23 22:47 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\SYSTEM32\unacev2.dll
2007-12-23 22:47 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\SYSTEM32\ztvcabinet.dll
2007-12-23 18:08 . 2005-02-18 08:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-23 18:08 . 2005-02-18 08:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-12-23 16:45 . 2007-12-23 16:45 <DIR> d-------- C:\Program Files\Uniblue
2007-12-23 16:45 . 2007-12-23 16:45 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\Uniblue
2007-12-23 16:44 . 2007-12-23 16:44 <DIR> d-------- C:\Program Files\GiPo@Utilities
2007-12-23 16:44 . 2007-12-23 16:44 <DIR> d-------- C:\Program Files\Common Files\Gibinsoft Shared
2007-12-23 15:14 . 2007-12-23 15:14 <DIR> d-------- C:\VundoFix Backups
2007-12-22 20:13 . 2007-12-22 20:13 <DIR> d-------- C:\Deckard
2007-12-22 19:58 . 2007-12-22 19:58 <DIR> d-------- C:\ie-spyad_zo
2007-12-22 19:54 . 2007-12-22 19:54 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-22 15:41 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2007-12-22 15:26 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\jwlrdkkdrvrc.sys
2007-12-22 15:00 . 2007-12-22 19:23 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-22 15:00 . 2007-12-22 15:34 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-22 15:00 . 2007-12-22 15:34 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-22 15:00 . 2007-12-22 15:34 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-21 22:41 . 2007-12-21 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-21 22:39 . 2007-12-23 22:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-21 22:39 . 2007-12-21 22:39 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\SUPERAntiSpyware.com
2007-12-21 13:28 . 2007-12-21 13:28 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\Grisoft
2007-12-21 13:27 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-12-21 12:29 . 2007-12-21 12:29 335,360 --a------ C:\WINDOWS\SYSTEM32\RCX42.tmp
2007-12-21 12:29 . 2007-12-21 22:31 176,128 --a------ C:\WINDOWS\SYSTEM32\BMUpdate .exe
2007-12-20 23:58 . 2007-12-21 00:49 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-20 19:45 . 2007-12-23 23:26 335,360 --a------ C:\WINDOWS\SYSTEM32\vtssr.exe.vir
2007-12-20 19:45 . 2007-12-23 23:26 7,790 --ahs---- C:\WINDOWS\SYSTEM32\rsstv.ini2.vir
2007-12-20 19:45 . 2007-12-23 23:26 7,790 --ahs---- C:\WINDOWS\SYSTEM32\rsstv.ini.vir
2007-12-20 19:41 . 2007-12-20 19:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\njprckha
2007-12-20 19:41 . 2007-12-21 13:36 <DIR> d-------- C:\Program Files\Hiwcohyn
2007-12-20 19:39 . 2007-12-20 19:39 40,448 --a------ C:\WINDOWS\SYSTEM32\byxyvut.dll
2007-12-16 15:58 . 2007-12-16 16:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-16 15:58 . 2007-12-16 16:01 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-16 15:41 . 2007-12-16 15:41 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\Vso
2007-12-16 15:41 . 2007-12-16 15:41 81,920 --a------ C:\Documents and Settings\Connolly1\Application Data\ezpinst.exe
2007-12-16 15:41 . 2007-12-16 15:41 47,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pcouffin.sys
2007-12-16 15:41 . 2007-12-16 15:41 47,360 --a------ C:\Documents and Settings\Connolly1\Application Data\pcouffin.sys
2007-12-16 15:40 . 2007-12-16 15:48 <DIR> d-------- C:\Program Files\Video Convert Master
2007-12-16 15:40 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\SYSTEM32\devil.dll
2007-12-16 15:40 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\SYSTEM32\avisynth.dll
2007-12-16 15:11 . 2007-12-16 15:11 <DIR> d-------- C:\Program Files\A-one PSP Video Convertor
2007-12-16 15:11 . 2007-03-09 07:36 856,064 --a------ C:\WINDOWS\SYSTEM32\mpgfiltr.ax
2007-12-16 15:11 . 2006-03-28 22:35 475,136 --a------ C:\WINDOWS\SYSTEM32\SkinCrafter.dll
2007-12-16 15:11 . 2007-03-09 07:35 208,896 --a------ C:\WINDOWS\SYSTEM32\VideoEdit.ocx
2007-12-16 15:11 . 2007-03-09 07:37 139,264 --a------ C:\WINDOWS\SYSTEM32\viscomqtde.dll
2007-12-16 15:11 . 2007-03-09 07:36 81,920 --a------ C:\WINDOWS\SYSTEM32\viscomwave.dll
2007-12-16 14:06 . 2007-12-16 14:06 <DIR> d-------- C:\Program Files\Sony
2007-12-16 14:06 . 2007-12-16 14:06 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2007-12-15 17:51 . 2007-12-15 17:51 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\Media Player Classic
2007-12-15 17:50 . 2007-12-21 00:22 <DIR> d-------- C:\Program Files\Essentials Codec Pack
2007-11-26 23:27 . 2007-11-27 19:47 <DIR> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-11-26 23:27 . 2007-11-26 23:28 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\Adssite Advanced Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 23:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-23 18:10 --------- d-----w C:\Program Files\DellSupport
2007-12-22 18:37 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 18:06 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-22 12:05 --------- d-----w C:\Documents and Settings\Connolly1\Application Data\LimeWire
2007-12-22 10:27 --------- d-----w C:\Documents and Settings\Connolly1\Application Data\AVG7
2007-12-21 22:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 00:31 --------- d-----w C:\Program Files\QuickTime
2007-12-08 12:23 --------- d-----w C:\Program Files\SopCast
2007-12-08 12:21 --------- d-----w C:\Documents and Settings\Connolly1\Application Data\SopCast
2007-11-25 13:13 --------- d-----w C:\Program Files\Master Of Defense
2007-11-25 11:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 11:12 --------- d-----w C:\Program Files\Google
2007-11-24 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-15 21:23 --------- d-----w C:\Documents and Settings\Connolly1\Application Data\VideoEgg
2007-11-14 18:38 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-14 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-04 13:01 --------- d-----w C:\Program Files\Java
2007-10-28 12:53 --------- d-----w C:\Program Files\TVAnts
2007-10-27 15:57 --------- d-----w C:\Program Files\Breit Technologies
2007-10-15 19:01 1,761 ----a-w C:\WINDOWS\Fonts\acrsecB.fon
2006-12-22 16:50 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-11-18 23:23 230,612 -c--a-w C:\Program Files\SolidWorksswxJRNL.BAK
2004-04-27 23:19 233,160 -c--a-w C:\Program Files\LISTOOL.EXE
2004-02-11 15:32 257,189 -c--a-w C:\Program Files\LISTOOL.CHM
2005-04-19 21:27 25,621 -csh--w C:\WINDOWS\REPAIR\ipatca.bak1
2005-12-17 18:48 443,349 -csh--w C:\WINDOWS\REPAIR\ipatca.bak2
2006-10-19 13:59 576,402 -csh--w C:\WINDOWS\REPAIR\ipatca.ini2
2005-05-25 15:07 56 -csh--r C:\WINDOWS\SYSTEM32\08F70F016C.sys
1997-07-21 19:30 1,045,776 -csha-w C:\WINDOWS\SYSTEM32\Msjet35.dll
1997-06-23 03:00 123,664 -csha-w C:\WINDOWS\SYSTEM32\Msjint35.dll
1997-06-23 12:06 24,848 -csha-w C:\WINDOWS\SYSTEM32\Msjter35.dll
1997-06-23 12:06 252,176 -csha-w C:\WINDOWS\SYSTEM32\Msrd2x35.dll
1997-06-23 12:06 287,504 -csha-w C:\WINDOWS\SYSTEM32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB372B80-4BFA-4364-9773-3970FE1CF356}]
C:\WINDOWS\system32\vtssr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutoCAD Digital Signatures Icon Overlay Handler]
@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}

[HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]
2005-03-05 19:18 136312 --a------ C:\WINDOWS\system32\AcSignIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMUpdate"="C:\WINDOWS\system32\BMUpdate.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" []
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 05:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" []
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-14 18:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\actapi]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvut]
byxyvut.dll 2007-12-20 19:39 40448 C:\WINDOWS\SYSTEM32\byxyvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFStub]
C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2005-09-22 17:29 303104 --a------ c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2006-01-11 11:05 212992 --a------ c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
2004-06-16 23:33 98304 --a------ C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
C:\Program Files\ScanSoft\PDF Converter 3.0\\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe /disabled

R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-03-01 08:17]
S3 JMP License Service;JMP License Service;"C:\Program Files\Common Files\SAS Institute Inc Shared\Service\JMPLicSvc.exe" [2007-04-19 10:52]
S3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-03-13 08:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb848320-7b3f-11dc-8b4c-0011436e3f5a}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb848324-7b3f-11dc-8b4c-0011436e3f5a}]
\Shell\AutoRun\command - F:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 18:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CONNOLLY-Connolly1).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 11:47:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2007-12-24 11:49:05 - machine was rebooted
.
2007-12-12 00:26:43 --- E O F ---


Deckards Log


Deckard's System Scanner v20071014.68
Run by Connolly1 on 2007-12-24 12:17:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as Connolly1.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:46, on 24/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Connolly1\Desktop\dss.exe
C:\DOCUME~1\CONNOL~1\Desktop\CONNOL~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.149.98.64:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\system32\BMUpdate.exe
O4 - HKCU\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/152f7865...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111620563768
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cin...nematycoon.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEA286AB-0D71-48B3-83CA-5E529D05BFAD}: NameServer = 172.31.140.69 172.30.140.69
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: actapi - C:\WINDOWS\
O20 - Winlogon Notify: byxyvut - C:\WINDOWS\SYSTEM32\byxyvut.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JMP License Service - SAS Institute Inc. - C:\Program Files\Common Files\SAS Institute Inc Shared\Service\JMPLicSvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

--
End of file - 8216 bytes

-- Files created between 2007-11-24 and 2007-12-24 -----------------------------

2007-12-24 10:52:35 335360 --a------ C:\WINDOWS\system32\vtssr.exe
2007-12-23 22:47:16 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-12-23 22:47:16 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-12-23 22:47:15 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-12-23 22:47:15 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-12-23 22:47:15 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-12-23 22:47:11 0 d-------- C:\Program Files\Trojan Remover
2007-12-23 22:47:11 0 d-------- C:\Documents and Settings\Connolly1\Application Data\Simply Super Software
2007-12-23 22:47:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-12-23 18:08:31 4 --a------ C:\Documents and Settings\Administrator\Application Data\QSPMShare
2007-12-23 18:08:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-12-23 18:08:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-23 18:08:26 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-23 18:08:26 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-23 18:08:26 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-23 18:08:26 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-12-23 18:08:26 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-23 18:08:26 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-23 18:08:26 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-12-23 18:08:26 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-23 18:08:26 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-12-23 18:08:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-23 18:08:26 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-12-23 18:08:26 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-23 18:08:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-12-23 18:08:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-23 18:08:26 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-23 18:08:25 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-23 16:45:48 0 d-------- C:\Documents and Settings\Connolly1\Application Data\Uniblue
2007-12-23 16:45:27 0 d-------- C:\Program Files\Uniblue
2007-12-23 16:44:43 0 d-------- C:\Program Files\Common Files\Gibinsoft Shared
2007-12-23 16:44:41 0 d-------- C:\Program Files\GiPo@Utilities
2007-12-23 15:14:32 0 d-------- C:\VundoFix Backups
2007-12-22 19:58:17 0 d-------- C:\ie-spyad_zo
2007-12-22 19:54:52 0 d-------- C:\Program Files\SpywareBlaster
2007-12-22 15:41:22 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2007-12-22 15:26:55 8576 --a------ C:\WINDOWS\system32\drivers\jwlrdkkdrvrc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-22 15:00:13 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-21 22:41:11 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-21 22:39:55 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-21 22:39:54 0 d-------- C:\Documents and Settings\Connolly1\Application Data\SUPERAntiSpyware.com
2007-12-21 13:28:08 0 d-------- C:\Documents and Settings\Connolly1\Application Data\Grisoft
2007-12-21 12:29:16 176128 --a------ C:\WINDOWS\system32\BMUpdate .exe <Not Verified; EchoBahn.com; BMUpdate Application>
2007-12-20 19:46:08 13107200 --a------ C:\Documents and Settings\Connolly1\ntuser.dat
2007-12-20 19:41:08 0 d-------- C:\WINDOWS\system32\njprckha
2007-12-20 19:41:00 0 d-------- C:\Program Files\Hiwcohyn
2007-12-20 19:39:55 40448 --a------ C:\WINDOWS\system32\byxyvut.dll
2007-12-16 15:41:08 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-16 15:41:08 0 d-------- C:\Documents and Settings\Connolly1\Application Data\Vso
2007-12-16 15:41:08 47360 --a------ C:\Documents and Settings\Connolly1\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-16 15:41:08 81920 --a------ C:\Documents and Settings\Connolly1\Application Data\ezpinst.exe
2007-12-16 15:40:44 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-12-16 15:40:44 314368 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-12-16 15:40:41 0 d-------- C:\Program Files\Video Convert Master
2007-12-16 15:11:23 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2007-12-16 15:11:23 139264 --a------ C:\WINDOWS\system32\viscomqtde.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2007-12-16 15:11:23 475136 --a------ C:\WINDOWS\system32\SkinCrafter.dll <Not Verified; DMSoft Technologies; SkinCrafter Module>
2007-12-16 15:11:21 0 d-------- C:\Program Files\A-one PSP Video Convertor
2007-12-16 1459 0 d-------- C:\Program Files\Sony
2007-12-16 1441 0 d-------- C:\Program Files\Common Files\Sony Shared
2007-12-15 17:51:00 0 d-------- C:\Documents and Settings\Connolly1\Application Data\Media Player Classic
2007-12-15 17:50:11 0 d-------- C:\Program Files\Essentials Codec Pack
2007-11-26 23:27:03 0 d-------- C:\Documents and Settings\Connolly1\Application Data\Adssite Advanced Toolbar
2007-11-26 23:27:02 0 d-------- C:\Program Files\Adssite Advanced Toolbar


-- Find3M Report ---------------------------------------------------------------

2007-12-23 18:10:41 0 d-------- C:\Program Files\DellSupport
2007-12-23 16:44:43 0 d-------- C:\Program Files\Common Files
2007-12-22 18:37:56 0 d-------- C:\Program Files\MSN Messenger
2007-12-22 1846 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-22 12:05:58 0 d-------- C:\Documents and Settings\Connolly1\Application Data\LimeWire
2007-12-22 10:27:50 0 d-------- C:\Documents and Settings\Connolly1\Application Data\AVG7
2007-12-21 22:38:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 00:31:23 0 d-------- C:\Program Files\QuickTime
2007-12-16 15:41:47 34 --a------ C:\Documents and Settings\Connolly1\Application Data\pcouffin.log
2007-12-16 15:41:11 1144 --a------ C:\Documents and Settings\Connolly1\Application Data\pcouffin.inf
2007-12-16 15:41:11 7176 --a------ C:\Documents and Settings\Connolly1\Application Data\pcouffin.cat
2007-12-08 12:23:20 0 d-------- C:\Program Files\SopCast
2007-12-08 12:21:17 0 d-------- C:\Documents and Settings\Connolly1\Application Data\SopCast
2007-11-25 13:13:32 0 d-------- C:\Program Files\Master Of Defense
2007-11-25 11:15:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-25 11:12:15 0 d-------- C:\Program Files\Google
2007-11-25 11:09:51 0 --a------ C:\Documents and Settings\Connolly1\Application Data\.googlewebacchosts
2007-11-15 21:23:35 0 d-------- C:\Documents and Settings\Connolly1\Application Data\VideoEgg
2007-11-04 13:01:07 0 d-------- C:\Program Files\Java
2007-10-28 12:53:21 0 d-------- C:\Program Files\TVAnts
2007-10-27 15:57:12 0 d-------- C:\Program Files\Breit Technologies
2007-10-20 15:05:31 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-10-15 19:29:37 10 --a------ C:\WINDOWS\smdat32m.sys
2007-10-15 19:01:49 0 --a------ C:\WINDOWS\smdat32a.sys
2007-10-14 15:48:03 1327 --a------ C:\WINDOWS\EntPack.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMUpdate"="C:\WINDOWS\system32\BMUpdate.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" []

C:\Documents and Settings\Connolly1\Start Menu\Programs\Startup\
DESKTOP.INI [10/08/2004 13:04:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [10/08/2004 13:04:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\actapi]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvut]
byxyvut.dll 20/12/2007 19:39 40448 C:\WINDOWS\SYSTEM32\byxyvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFStub]
C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
C:\Program Files\ScanSoft\PDF Converter 3.0\\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe /disabled


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb848320-7b3f-11dc-8b4c-0011436e3f5a}]
AutoRun\command- F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb848324-7b3f-11dc-8b4c-0011436e3f5a}]
AutoRun\command- F:\AutoRun.exe




-- End of Deckard's System Scanner: finished at 2007-12-24 12:20:36 ------------
Last edited by mconnigle : 12-24-2007 at 05:35 AM.
mconnigle is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-24-2007, 06:16 AM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: explorer.exe restarting constantly
Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:
@echo off
Vfind.exe -ltf "%systemdrive%\* .exe" > Log.txt
Start notepad log.txt
Save this as check.bat Choose to "Save type as - All Files"
It should look like this:
Double click on check.bat & allow it to run

It shall produce a log which you must attach (do not post the log) in your next reply.
Last edited by sUBs : 12-26-2007 at 08:54 AM.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-24-2007, 09:06 AM   #5 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 7
OS: XP


Re: explorer.exe restarting constantly
Hi, I was playing a file in realplayer and explorer.exe started the same thing again so I reran ComboFix and it seemed to "fix" the problem again. I ran the code you gave me and the log is posted below, the latest combofix log is attached (just in case its any use). Tnx

----a-w 180,269 2007-12-24 14:10:17 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 1,310,720 2007-12-22 09:17:49 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w 735,824 2007-12-23 23:07:59 C:\Program Files\Trojan Remover\Trjscan .exe
----a-w 176,128 2007-12-21 22:31:40 C:\WINDOWS\SYSTEM32\BMUpdate .exe
----a-w 15,360 2007-12-21 00:49:10 C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w 127,035 2007-12-21 12:53:43 C:\WINDOWS\SYSTEM32\dla\tfswctrl .exe

Entries: 6 (6)
Directories: 0 Files: 6
Bytes: 2,545,336 Blocks: 4,974



ComboFix 07-12-24.8 - Connolly1 2007-12-24 15:12:17.2 - NTFSx86
Running from: C:\Documents and Settings\Connolly1\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\rsstv.ini
C:\WINDOWS\SYSTEM32\rsstv.ini2
C:\WINDOWS\system32\vtssr.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-24 10:52 . 2007-12-24 15:11 335,360 --a------ C:\WINDOWS\SYSTEM32\vtssr.exe
2007-12-23 23:01 . 2007-12-23 23:01 331,776 --a------ C:\WINDOWS\SYSTEM32\vtssr.dll.vir
2007-12-23 22:47 . 2007-12-24 11:37 <DIR> d-------- C:\Program Files\Trojan Remover
2007-12-23 22:47 . 2007-12-23 22:47 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\Simply Super Software
2007-12-23 22:47 . 2007-12-23 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-12-23 22:47 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\SYSTEM32\ztvunrar36.dll
2007-12-23 22:47 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\SYSTEM32\UNRAR3.dll
2007-12-23 22:47 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\SYSTEM32\ztvunace26.dll
2007-12-23 22:47 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\SYSTEM32\unacev2.dll
2007-12-23 22:47 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\SYSTEM32\ztvcabinet.dll
2007-12-23 18:08 . 2005-02-18 08:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-23 18:08 . 2005-02-18 08:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-12-23 16:45 . 2007-12-23 16:45 <DIR> d-------- C:\Program Files\Uniblue
2007-12-23 16:45 . 2007-12-23 16:45 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\Uniblue
2007-12-23 16:44 . 2007-12-23 16:44 <DIR> d-------- C:\Program Files\GiPo@Utilities
2007-12-23 16:44 . 2007-12-23 16:44 <DIR> d-------- C:\Program Files\Common Files\Gibinsoft Shared
2007-12-23 15:14 . 2007-12-23 15:14 <DIR> d-------- C:\VundoFix Backups
2007-12-22 20:13 . 2007-12-22 20:13 <DIR> d-------- C:\Deckard
2007-12-22 19:58 . 2007-12-22 19:58 <DIR> d-------- C:\ie-spyad_zo
2007-12-22 19:54 . 2007-12-22 19:54 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-22 15:41 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2007-12-22 15:26 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\jwlrdkkdrvrc.sys
2007-12-22 15:00 . 2007-12-22 19:23 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-22 15:00 . 2007-12-22 15:34 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-22 15:00 . 2007-12-22 15:34 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-22 15:00 . 2007-12-22 15:34 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-21 22:41 . 2007-12-21 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-21 22:39 . 2007-12-23 22:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-21 22:39 . 2007-12-21 22:39 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\SUPERAntiSpyware.com
2007-12-21 13:28 . 2007-12-21 13:28 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\Grisoft
2007-12-21 13:27 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-12-21 12:29 . 2007-12-21 12:29 335,360 --a------ C:\WINDOWS\SYSTEM32\RCX42.tmp
2007-12-21 12:29 . 2007-12-21 22:31 176,128 --a------ C:\WINDOWS\SYSTEM32\BMUpdate .exe
2007-12-20 23:58 . 2007-12-21 00:49 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-20 19:45 . 2007-12-23 23:26 335,360 --a------ C:\WINDOWS\SYSTEM32\vtssr.exe.vir
2007-12-20 19:45 . 2007-12-23 23:26 7,790 --ahs---- C:\WINDOWS\SYSTEM32\rsstv.ini2.vir
2007-12-20 19:45 . 2007-12-23 23:26 7,790 --ahs---- C:\WINDOWS\SYSTEM32\rsstv.ini.vir
2007-12-20 19:41 . 2007-12-20 19:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\njprckha
2007-12-20 19:41 . 2007-12-21 13:36 <DIR> d-------- C:\Program Files\Hiwcohyn
2007-12-20 19:39 . 2007-12-20 19:39 40,448 --a------ C:\WINDOWS\SYSTEM32\byxyvut.dll
2007-12-16 15:58 . 2007-12-24 14:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-16 15:58 . 2007-12-16 16:01 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-16 15:41 . 2007-12-16 15:41 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\Vso
2007-12-16 15:41 . 2007-12-16 15:41 81,920 --a------ C:\Documents and Settings\Connolly1\Application Data\ezpinst.exe
2007-12-16 15:41 . 2007-12-16 15:41 47,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pcouffin.sys
2007-12-16 15:41 . 2007-12-16 15:41 47,360 --a------ C:\Documents and Settings\Connolly1\Application Data\pcouffin.sys
2007-12-16 15:40 . 2007-12-16 15:48 <DIR> d-------- C:\Program Files\Video Convert Master
2007-12-16 15:40 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\SYSTEM32\devil.dll
2007-12-16 15:40 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\SYSTEM32\avisynth.dll
2007-12-16 15:11 . 2007-12-16 15:11 <DIR> d-------- C:\Program Files\A-one PSP Video Convertor
2007-12-16 15:11 . 2007-03-09 07:36 856,064 --a------ C:\WINDOWS\SYSTEM32\mpgfiltr.ax
2007-12-16 15:11 . 2006-03-28 22:35 475,136 --a------ C:\WINDOWS\SYSTEM32\SkinCrafter.dll
2007-12-16 15:11 . 2007-03-09 07:35 208,896 --a------ C:\WINDOWS\SYSTEM32\VideoEdit.ocx
2007-12-16 15:11 . 2007-03-09 07:37 139,264 --a------ C:\WINDOWS\SYSTEM32\viscomqtde.dll
2007-12-16 15:11 . 2007-03-09 07:36 81,920 --a------ C:\WINDOWS\SYSTEM32\viscomwave.dll
2007-12-16 14:06 . 2007-12-16 14:06 <DIR> d-------- C:\Program Files\Sony
2007-12-16 14:06 . 2007-12-16 14:06 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2007-12-15 17:51 . 2007-12-15 17:51 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\Media Player Classic
2007-12-15 17:50 . 2007-12-21 00:22 <DIR> d-------- C:\Program Files\Essentials Codec Pack
2007-11-26 23:27 . 2007-11-27 19:47 <DIR> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-11-26 23:27 . 2007-11-26 23:28 <DIR> d-------- C:\Documents and Settings\Connolly1\Application Data\Adssite Advanced Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 23:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-23 18:10 --------- d-----w C:\Program Files\DellSupport
2007-12-22 18:37 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 18:06 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-22 12:05 --------- d-----w C:\Documents and Settings\Connolly1\Application Data\LimeWire
2007-12-22 10:27 --------- d-----w C:\Documents and Settings\Connolly1\Application Data\AVG7
2007-12-21 22:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 00:31 --------- d-----w C:\Program Files\QuickTime
2007-12-08 12:23 --------- d-----w C:\Program Files\SopCast
2007-12-08 12:21 --------- d-----w C:\Documents and Settings\Connolly1\Application Data\SopCast
2007-11-25 13:13 --------- d-----w C:\Program Files\Master Of Defense
2007-11-25 11:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 11:12 --------- d-----w C:\Program Files\Google
2007-11-24 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-15 21:23 --------- d-----w C:\Documents and Settings\Connolly1\Application Data\VideoEgg
2007-11-14 18:38 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-14 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-04 13:01 --------- d-----w C:\Program Files\Java
2007-10-28 12:53 --------- d-----w C:\Program Files\TVAnts
2007-10-27 15:57 --------- d-----w C:\Program Files\Breit Technologies
2007-10-15 19:01 1,761 ----a-w C:\WINDOWS\Fonts\acrsecB.fon
2006-12-22 16:50 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-11-18 23:23 230,612 -c--a-w C:\Program Files\SolidWorksswxJRNL.BAK
2004-04-27 23:19 233,160 -c--a-w C:\Program Files\LISTOOL.EXE
2004-02-11 15:32 257,189 -c--a-w C:\Program Files\LISTOOL.CHM
2005-04-19 21:27 25,621 -csh--w C:\WINDOWS\REPAIR\ipatca.bak1
2005-12-17 18:48 443,349 -csh--w C:\WINDOWS\REPAIR\ipatca.bak2
2006-10-19 13:59 576,402 -csh--w C:\WINDOWS\REPAIR\ipatca.ini2
2005-05-25 15:07 56 -csh--r C:\WINDOWS\SYSTEM32\08F70F016C.sys
1997-07-21 19:30 1,045,776 -csha-w C:\WINDOWS\SYSTEM32\Msjet35.dll
1997-06-23 03:00 123,664 -csha-w C:\WINDOWS\SYSTEM32\Msjint35.dll
1997-06-23 12:06 24,848 -csha-w C:\WINDOWS\SYSTEM32\Msjter35.dll
1997-06-23 12:06 252,176 -csha-w C:\WINDOWS\SYSTEM32\Msrd2x35.dll
1997-06-23 12:06 287,504 -csha-w C:\WINDOWS\SYSTEM32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutoCAD Digital Signatures Icon Overlay Handler]
@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}

[HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]
2005-03-05 19:18 136312 --a------ C:\WINDOWS\system32\AcSignIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMUpdate"="C:\WINDOWS\system32\BMUpdate.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" []
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 05:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" []
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-14 18:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\actapi]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvut]
byxyvut.dll 2007-12-20 19:39 40448 C:\WINDOWS\SYSTEM32\byxyvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IFStub]
C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2005-09-22 17:29 303104 --a------ c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2006-01-11 11:05 212992 --a------ c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
2004-06-16 23:33 98304 --a------ C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
C:\Program Files\ScanSoft\PDF Converter 3.0\\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe /disabled

R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-03-01 08:17]
S3 JMP License Service;JMP License Service;"C:\Program Files\Common Files\SAS Institute Inc Shared\Service\JMPLicSvc.exe" [2007-04-19 10:52]
S3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-03-13 08:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb848320-7b3f-11dc-8b4c-0011436e3f5a}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb848324-7b3f-11dc-8b4c-0011436e3f5a}]
\Shell\AutoRun\command - F:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 18:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CONNOLLY-Connolly1).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 15:25:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
Completion time: 2007-12-24 15:27:45 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-24 11:49
.
2007-12-12 00:26:43 --- E O F ---
Attached Files
File Type: txt