1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Explorer.exe refuses to load.

Discussion in 'Windows XP' started by Time4swim, Apr 9, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Time4swim

    Time4swim Thread Starter

    Joined:
    Apr 9, 2007
    Messages:
    170
    For the past 3-4 days, I have had a nightmare with my OS. It seems to never want to load explorer.exe. I have replaced it, repaired my OS 3-4 times, cannot use sfc scan, scanned my computer with so many scanners and programs.

    The problem is that explorer.exe refuses to start up. Because I cannot run explorer.exe, this means I cannot access My Computer, etc. I run everything through Task Manager. I can see the start menu flash when I tell the computer to run explorer.exe. It is quickly terminated. I see it in Task Managers Process menu also. Explorer.exe runs when the computer starts up too. I believe it is a registry error or trojan. Could someone please end this nightmare?

    Current HijackThis Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:06:51 PM, on 4/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Spyware Doctor\update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Fear\Desktop\Desktop Junk\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runescape.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: RapidShare-Download - res://C:\Documents and Settings\Fear\Desktop\more-rapid.exe/RsMenExt.html
    O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll (file missing)
    O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.bigfishgames.com/online/ricochetlostworlds/ReflexiveWebGameLoader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169161131750
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.bigfishgames.com/online/chuzzledeluxe/popcaploader_v6.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: 62.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: GEARSecurity - GEAR Software Inc. - (no file)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  2. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, Time4swim :)

    Welcome!

    Bring the Task Manager. While holding the Ctrl key, click on New Task. The MSDOS window will be displayed. At the prompt type the following and press Enter after each line:

    cd C:\ (The pompt will change to the root directory, C:\)
    Dir 62.dll /a /s

    Based on the results, Where is this file (62.dll) located?
     
  3. Time4swim

    Time4swim Thread Starter

    Joined:
    Apr 9, 2007
    Messages:
    170
    It says file not found.
     
  4. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, Time4swim :)

    Is there a way you can backup your personal data before continuing? Combo fix is a very powerfull tool, and we never know the fight it will sustain with this trojan. It is reccomended that your personal data be backup before continuing.

    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  5. Time4swim

    Time4swim Thread Starter

    Joined:
    Apr 9, 2007
    Messages:
    170
    "Fear" - 07-04-12 16:56:29 Service Pack 2
    ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Fear\Desktop"


    ((((((((((((((((((((((((((((((( Files Created from 2007-03-12 to 2007-04-12 ))))))))))))))))))))))))))))))))))


    2007-04-12 16:00 <DIR> d-------- C:\Program Files\Security Task Manager
    2007-04-12 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
    2007-04-12 15:56 <DIR> d-------- C:\WINDOWS\system32\vmm32
    2007-04-11 20:04 <DIR> d-------- C:\WINDOWS\Prefetch
    2007-04-11 18:59 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2007-04-10 19:42 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
    2007-04-10 19:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-04-10 19:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
    2007-04-10 19:07 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-04-10 19:07 36,864 --a------ C:\WINDOWS\system32\wups.dll
    2007-04-10 19:07 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2007-04-10 19:07 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2007-04-10 19:07 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-04-10 19:07 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-04-10 19:07 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-04-09 21:15 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
    2007-04-09 17:33 <DIR> d-------- C:\DOCUME~1\Fear\DoctorWeb
    2007-04-09 17:23 <DIR> d-------- C:\Explorertest
    2007-04-09 17:08 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
    2007-04-09 06:28 <DIR> d-------- C:\VundoFix Backups
    2007-04-09 04:10 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
    2007-04-09 04:09 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
    2007-04-09 04:09 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-04-09 04:09 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
    2007-04-09 04:09 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
    2007-04-09 04:08 <DIR> d-------- C:\Program Files\Webroot
    2007-04-09 04:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
    2007-04-09 04:04 <DIR> d-------- C:\DOCUME~1\Fear\APPLIC~1\Webroot
    2007-04-09 02:06 <DIR> d-------- C:\WINDOWS\NV10121516.TMP
    2007-04-08 03:32 <DIR> d-------- C:\Program Files\Common Files\Panda Software
    2007-04-08 02:14 77 --a------ C:\replace.bat
    2007-04-08 01:35 <DIR> d-------- C:\WINDOWS\BDOSCAN8
    2007-04-08 01:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-04-08 00:58 <DIR> d-------- C:\DOCUME~1\Fear\APPLIC~1\Prevx
    2007-04-08 00:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
    2007-04-08 00:57 77,312 --a------ C:\WINDOWS\ua2.dll
    2007-04-08 00:38 <DIR> d-------- C:\DOCUME~1\Fear\APPLIC~1\TrojanHunter
    2007-04-08 00:15 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
    2007-04-08 00:10 <DIR> d-------- C:\Program Files\TrojanHunter 4.0
    2007-04-07 23:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-04-07 23:44 <DIR> d-------- C:\DOCUME~1\Fear\APPLIC~1\SUPERAntiSpyware.com
    2007-04-07 23:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-04-07 20:41 <DIR> d-------- C:\DOCUME~1\Fear\Desktop_
    2007-04-06 20:31 <DIR> d--h----- C:\Program Files\WindowsUpdate
    2007-04-06 17:21 71,168 --a------ C:\WINDOWS\system32\LxrJD31s.exe
    2007-04-05 23:57 <DIR> d-------- C:\Program Files\Vstplugins
    2007-04-05 23:57 <DIR> d-------- C:\Program Files\Sony
    2007-04-05 22:02 <DIR> d-------- C:\Program Files\RegCleaner
    2007-04-05 21:58 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
    2007-04-05 21:58 <DIR> d-------- C:\Program Files\MSECACHE
    2007-04-04 17:43 65,536 --a------ C:\WINDOWS\system32\drivers\storprop.dll
    2007-04-04 09:27 <DIR> d-------- C:\DOCUME~1\JASOND~1.000\APPLIC~1\Apple Computer
    2007-04-03 16:56 <DIR> d-------- C:\DOCUME~1\JASOND~1.000\APPLIC~1\Sonic
    2007-04-01 20:09 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
    2007-04-01 20:02 19,840 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-04-01 19:58 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys
    2007-04-01 07:32 <DIR> d-------- C:\DOCUME~1\nicole\APPLIC~1\Sonic
    2007-03-31 11:31 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
    2007-03-31 11:09 <DIR> d-------- C:\Program Files\Common Files\Sonic
    2007-03-29 21:25 671,744 --a------ C:\WINDOWS\system32\DolbyHph.dll
    2007-03-29 21:25 60,416 --a------ C:\WINDOWS\system32\DSETUP.dll
    2007-03-29 21:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA Corporation
    2007-03-25 22:13 8,126,464 --a------ C:\DOCUME~1\Fear\ntuser.dat
    2007-03-25 19:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-03-25 19:41 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-03-22 21:38 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-03-22 21:38 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-03-22 21:38 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-03-22 21:38 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-03-22 21:38 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-03-22 21:37 <DIR> d-------- C:\Program Files\Spyware Doctor
    2007-03-22 21:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
    2007-03-22 20:45 <DIR> d-------- C:\Program Files\Common Files\PC Tools
    2007-03-22 20:44 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-03-22 18:10 4,614 --a------ C:\WINDOWS\system32\tmp.reg
    2007-03-22 18:09 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2007-03-22 18:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-03-22 18:09 40,960 --a------ C:\WINDOWS\system32\swsc.exe
    2007-03-22 18:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-03-22 18:09 135,168 --a------ C:\WINDOWS\system32\swreg.exe
    2007-03-21 21:22 <DIR> dr-h----- C:\MSOCache
    2007-03-21 21:21 86,512 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
    2007-03-21 21:16 <DIR> d--h----- C:\WINDOWS\ShellNew
    2007-03-21 21:16 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2007-03-21 21:15 <DIR> d-------- C:\Program Files\Microsoft.NET
    2007-03-21 17:52 <DIR> d-------- C:\WINDOWS\system32\NtmsData
    2007-03-16 22:01 1,364 --a------ C:\WINDOWS\mozver.dat
    2007-03-15 18:12 1,649,152 --a------ C:\Program Files\n_v14.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-12 15:56 -------- d-------- C:\Program Files\dell
    2007-04-12 15:55 -------- d-------- C:\Program Files\Common Files\symantec shared
    2007-04-11 19:19 34332 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2007-04-09 20:31 -------- d-------- C:\DOCUME~1\Fear\APPLIC~1\iolo
    2007-04-08 01:24 -------- d-------- C:\Program Files\windows defender
    2007-04-08 01:24 -------- d-------- C:\Program Files\norton internet security
    2007-04-08 01:23 -------- d-------- C:\Program Files\ida
    2007-04-07 23:43 -------- d-------- C:\Program Files\Common Files\wise installation wizard
    2007-04-07 23:20 -------- d-------- C:\Program Files\msn messenger
    2007-04-06 20:30 -------- d-------- C:\Program Files\movie maker
    2007-04-06 20:24 -------- d-------- C:\Program Files\windows nt
    2007-04-06 17:29 -------- d-------- C:\Program Files\google
    2007-04-06 17:21 69824 --a------ C:\WINDOWS\system32\drivers\LxrJD31d.sys
    2007-04-06 17:21 61440 --a------ C:\WINDOWS\system32\lxrjd20sat.dll
    2007-04-06 17:21 249856 --a------ C:\WINDOWS\system32\lxrjd31.dll
    2007-04-06 17:21 163840 --a------ C:\WINDOWS\system32\lxrjd31c.exe
    2007-04-06 17:21 146432 --a------ C:\WINDOWS\system32\lxrjd31p.exe
    2007-04-06 12:08 0 --a------ C:\DOCUME~1\Fear\APPLIC~1\.googlewebacchosts
    2007-04-05 23:53 -------- d--h----- C:\Program Files\installshield installation information
    2007-04-05 23:33 -------- d-------- C:\Program Files\swiftswitch
    2007-04-05 16:27 -------- d-------- C:\Program Files\daemon tools
    2007-04-02 13:34 -------- d-------- C:\Program Files\itunes
    2007-04-02 13:34 -------- d-------- C:\Program Files\ipod
    2007-03-31 11:09 -------- d-------- C:\DOCUME~1\Fear\APPLIC~1\sonic
    2007-03-29 21:55 -------- d-------- C:\Program Files\Common Files\sonic shared
    2007-03-29 21:51 -------- d-------- C:\Program Files\roxio
    2007-03-29 05:50 34 --a------ C:\WINDOWS\popcinfo.dat
    2007-03-21 17:49 786 --a------ C:\DOCUME~1\Fear\APPLIC~1\wklnhst.dat
    2007-03-21 17:16 -------- d-------- C:\Program Files\microsoft works
    2007-03-19 22:45 -------- d-------- C:\DOCUME~1\Fear\APPLIC~1\utorrent
    2007-03-18 14:39 -------- d-------- C:\Program Files\java
    2007-03-09 23:23 -------- d-------- C:\Program Files\quicktime
    2007-03-09 23:21 -------- d-------- C:\Program Files\apple software update
    2007-03-07 19:39 -------- d-------- C:\Program Files\hycam2
    2007-03-05 21:34 -------- d-------- C:\Program Files\popcap games
    2007-03-05 19:31 80 -rahs---- C:\WINDOWS\system32\99a8dd47af.dll
    2007-03-05 19:08 -------- d-------- C:\DOCUME~1\Fear\APPLIC~1\winpatrol
    2007-03-04 18:22 1160371 --ahs---- C:\WINDOWS\system32\fhkmp.ini2
    2007-03-04 15:57 1166204 --ahs---- C:\WINDOWS\system32\tttss.ini2
    2007-03-04 14:03 -------- d-------- C:\Program Files\userdata
    2007-03-04 13:03 -------- d-------- C:\Program Files\gamehouse
    2007-03-03 02:02 -------- d-------- C:\Program Files\iolo
    2007-03-02 20:19 118983338 --a------ C:\BackupRegistry(20070302).reg
    2007-03-02 20:03 -------- d-------- C:\Program Files\yamicsoft
    2007-03-02 19:16 -------- d-------- C:\Program Files\messenger
    2007-02-25 18:36 -------- d-------- C:\DOCUME~1\Fear\APPLIC~1\symantec
    2007-02-25 18:33 -------- d-------- C:\Program Files\driver validation
    2007-02-25 17:52 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-02-25 17:00 2286208 --a------ C:\WINDOWS\system32\tukernel.exe
    2007-02-25 01:09 -------- d-------- C:\Program Files\icolorfolder
    2007-02-24 21:02 -------- d-------- C:\Program Files\microsoft frontpage
    2007-02-24 20:50 -------- d-------- C:\Program Files\online services
    2007-02-24 01:45 -------- d-------- C:\Program Files\Common Files\logitech
    2007-02-24 01:30 -------- d-------- C:\Program Files\pcpitstop
    2007-02-18 21:21 -------- d-------- C:\DOCUME~1\Fear\APPLIC~1\ie7pro
    2007-02-13 18:00 -------- d-------- C:\Program Files\driver-soft
    2007-02-07 16:23 40871176 --a------ C:\Program Files\systemmechanic7pro.exe
    2007-02-07 16:20 436328 --a------ C:\WINDOWS\system32\incinerator.dll
    2007-02-03 01:32 0 -rahs---- C:\MSDOS.SYS
    2007-02-03 01:32 0 -rahs---- C:\IO.SYS
    2007-02-02 18:00 426872 --a------ C:\WINDOWS\system32\spoonuninstall.exe
    2007-01-26 23:06 24 --a------ C:\WINDOWS\system.sys
    2007-01-19 22:00 66 --a------ C:\WINDOWS\vmreg32.dll
    2007-01-19 21:24 9 --a------ C:\WINDOWS\system32\msnotr32.dll
    2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "SetDefaultMIDI"="MIDIDef.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
    "TuneUp MemOptimizer"="\"C:\\Program Files\\TuneUp Utilities 2007\\MemOptimizer.exe\" autostart"
    "SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 7\\SMSystemAnalyzer.exe\""
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "SUPERAntiSpyware"="\"C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "CTSysVol"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
    "osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
    "PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "System Files Updater"="C:\\WINDOWS\\FlyakiteOSX\\Tools\\System Files Updater.exe /S"
    "Logitech Hardware Abstraction Layer"="\"C:\\Program Files\\Common Files\\Logitech\\khalshared\\KHALMNPR.EXE\""
    @=""
    "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
    "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "nwiz"="nwiz.exe /install"
    "THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
    "PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""
    "NetFxUpdate_v1.0.3705"="\"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\netfxupdate.exe\" 1 v1.0.3705 GAC + NI"
    "SRFirstRun"="rundll32 srclient.dll,CreateFirstRunRp"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ioloDMV"=dword:00000002


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
    "{9B8E9200-85B9-402A-BD72-C17F41CD7C97}"=""
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    "carbinyl"="{8d8c2387-7f80-4022-9be6-43630a969558}"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoVisualStyleChoice"=dword:00000000
    "NoColorChoice"=dword:00000000
    "NoSizeChoice"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\Shell]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000
    "LinkResolveIgnoreLinkInfo"=dword:00000000
    "NoResolveSearch"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=dword:00000000
    "NoSaveSettings"=dword:00000000
    "NoSecurityTab"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    Shell\AutoRun\command E:\setup.exe

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7645cc08-951d-11db-b68c-00188b74bf1a}]
    Shell\AutoRun\command K:\JDSecure\Windows\JDSecure31.exe

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64f506f-9416-11db-b67e-806d6172696f}]
    shell\dinstall\command D:\directx\dxsetup.exe


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\1-Click Maintenance.job
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job
    C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Fear.job
    C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job


    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-04-12 17:00:25
    C:\ComboFix-quarantined-files.txt ... 07-04-12 17:00
     
  6. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, Time4swim. :)

    There seems to be an error in your registry related to a Royale Theme. and some policies. Please follow these instructions to edit your registry:

    First perform a Full Backup of the Registry:
    • Go to Start->Run, Type Regedit.exe and click Ok.
    • The Registry Editor will be displayed.
    • Click on My Computer in the Editor to highlight it.
    • Select Registry from the Menu, then Export
    • Name the export Backup
    • Save it on C:\
    You now have a backup of your registry on C:\ (C:\Backup.reg).

    Download the enclosed file. Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.

    Restart the computer.

    Let me know if that makes any difference.
     

    Attached Files:

  7. Time4swim

    Time4swim Thread Starter

    Joined:
    Apr 9, 2007
    Messages:
    170
    It had no effect. Before I rebooted however.

    It seems that a unknown trojan is inplace. I keep getting adware and trojans from out of no where. I would scan over and over and get different results. Attached is a Kasp. online log. It was unable to remove any of them. Some of the things I've gotten from SpyBot, Spyware Doctor, etc is Inetloader, Trojan.Spy.Goldun.NQ, Owlforceb, Virtumonde(GONE), Vs Toolbar, Radlight registry entries, Win32.Agent.Yr. All of these occured after explorer.exe stopped working. They have been gone ever since.

    I believe explorer.exe could've been gone because of a Windows Update. I do have it check for updates over night. What should we try next?
     

    Attached Files:

  8. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Download Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.
    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.
    If the files are too long, attach them to a reply:
    1. Scroll down and click the [Manage Attachments] button
    2. Browse to the following folder:
      • C:\Deckard\System Scanner
    3. Click Upload to upload these files one by one
    4. Submit your reply
     
  9. Time4swim

    Time4swim Thread Starter

    Joined:
    Apr 9, 2007
    Messages:
    170
    Here you go.
     

    Attached Files:

  10. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, Time4swim :)

    I believe the problem is due to a File Associations.

    Fix these entries in Hijackthis:

    O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
    O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp


    Delete the following folder:

    C:\WINDOWS\FlyakiteOSX

    Download the enclosed file. Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Associationfix.reg . Once extracted, open the folder and double click on the Associationfix.reg file and select Yes when prompted to merge it into the registry. You can also run Regedit as a new task and Import this file to the registry.

    Once done, restart the computer.

    Keep me posted.
     
  11. Time4swim

    Time4swim Thread Starter

    Joined:
    Apr 9, 2007
    Messages:
    170
    I don't see any enclosed files.
     
  12. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, Time4swim :)

    Sorry. This is the second one that failed to upload yesterday. I don't know why this happened. Here you go.
     

    Attached Files:

  13. Time4swim

    Time4swim Thread Starter

    Joined:
    Apr 9, 2007
    Messages:
    170
    No luck. I used FlyaKiteOSX to make my computer to look like a Mac computer. I uninstalled it now. It never gave me problems in the past. What next?
     
  14. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi, Time4swim :)

    Lets troubleshoot Windows XP throughout a Clean Boot..

    Clean boot is the process of disabling and removing some programs and drivers from the Windows startup process. This is done to identify and troubleshoot issues occurring with Windows XP.

    NOTE: Following these steps may result in loss of some functionality temporarily. Restoring the settings may return the original problem.

    To perform a clean boot in Windows XP, follow these steps:

    1. Log in as an Administrator or a member of the Administrators group.
    2. Click Start, select Run, and type MSConfig.exe in the command line.
    3. Click OK.
    4. Select the General tab and click Selective Startup.
    5. Deselect all the checkboxes except Use Original Boot.ini.
    6. Click OK and restart the computer.

    Upon restart you will be confronted with a dialogue box warning about running in selective startup. Just ignore that message and put a check in the box by "Don't show me this message or launch the System Configuration Utility when Windows starts" and click "OK". You will not be bothered by the message again.

    Hopefully, when you restart Explorer.exe may be working. If the issue reoccurs, however, there must be something wrong with the Windows Installation, and you may need to reinstal or repair the Windows XP installation.

    If the issue does not appear, then perform the following steps:

    1. Click Start, select Run, and type MSConfig.exe in the command line.
    2. On the General tab, select the Process SYSTEM.INI File checkbox.
    3. Click OK and restart the computer. If the problem reappears, then the issue is with an entry in the System.ini file.
    4. If the problem does not reoccurs, then run MSconfig again and select the Process WIN.INI file. Continue with this process until the issue reapears, selecting one of each item such as, Load Startup Items, Load System Services checkboxes.
    5. When the issue reappears for any of the selected entries, you will need to edit that particular item.

    For example, if the problem reappears after selecting the Win.ini file,click the Win.ini tab in System Configuration Utility as to edit that configuration file. Clear half of the check boxes, ( except for those clearly marked as required) click OK, and then restart your computer. Continue this process until you locate the setting that is causing the issue.

    Post back the results with the setting causing the issue, if identified..
     
  15. Time4swim

    Time4swim Thread Starter

    Joined:
    Apr 9, 2007
    Messages:
    170
    When I started the first reboot, it kept system failing with the message:

    "The problem seems to be caused by the following file: sptd.sys."
    "The driver mistakenly marked a part of it's image pagable instead of nonpagable."

    Stop: 0x000000D3 (0xF72CC580, 0x000000FF, 0x00000001, 0x80541835)

    Sptd.sys is a driver used by Daemon Tools which I had uninstalled a few days back. I used the "Last Known Configuration" option to return back.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/560012

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice