BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Explorer.exe (?) shuts down after windows start
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > Explorer.exe (?) shuts down after windows start  
Forum Quick Jump
 
You cannot post new topics in this forum. Post reply to : Explorer.exe (?) shuts down after windows start Printable version of : Explorer.exe (?) shuts down after windows start
26 posts in this thread.
Viewing Page :
 1  2 
[ << Previous Thread | Next Thread >> ]

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/9/2007 2:54 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
I made a very stupid mistake by clicking on a downloaded program. Spybot resident went crazy blocking reg changes and Norton deleted 2 progs. After rebooting windows started normally, but just when desktop is loading it's like explorer.exe shuts down and the desktop goes blank. I can still see the desktop wallpaper but nothing else, and the PC is just "idle".

I tried starting in safe mode, and did a system restore from cmd but the only restore point available was about an hour before it all went haywire.

What to do?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/9/2007 3:01 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Hello 

See if You can get explorer running again.
Start Task manager (ctrl+alt+del)
On the Applications tab, click New Task. 
 
In the Open box, type: explorer exe, and then click OK.
 


Do NOT post your problem in someone elses thread.

Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/9/2007 3:24 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Hello, thank you for the fast reply.

Yes I managed to start explorer.exe, but it shuts right back down. This repeats itself for like 6-7 times then stays down. This time however, spybot (which is on autostart) kicked in and is scanning as I type. I'll wait and see if something turns up.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/9/2007 3:30 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Ok smile
 
 
If You get a chance, see if You can do this -
 
 
Click here - ->>  Before posting a log 
 
 
 After You have run the scan tools -
 
Reboot normally
 
Post Hijackthis log along with AVG Anti-Spyware log, C: Rootlog TXT, C: combofix txt in this topic
 
 
 


Do NOT post your problem in someone elses thread.

Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/9/2007 4:45 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Running all the scan tools now (not simultaneously), looks like it might be a while. I'll post (hopefully) results later, or tomorrow if it takes too long.

Thanks.

Post Edited (kHaoS) : 09-12-2007 14:46:01 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/9/2007 4:53 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Just take the time You need, I´ll be here tomorrow as well smilewinkgrin
 
 
If You can´t download combofix, use this link:

Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/9/2007 11:32 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Hmm..after I ran the combofix and reboot it wouldn't even reboot properly...
I'll leave it resting over night and try booting it tomorrow.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/10/2007 5:55 AM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Leave combofix and run this, it just scan and don´t have to reboot -


Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now along with a hijackthis log.
 





Do NOT post your problem in someone elses thread.

Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/10/2007 4:17 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
I think combofix did the job, it rebooted normally (after I unplugged a crappy USB-keyboard *doh*) and windowes seem to be running fine.
I'll run dss.exe and hijackthis and post the results just to be sure.
Be right back.
Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/10/2007 4:27 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Deckard's System Scanner v20071014.68
Run by JockE on 2007-12-10 15:18:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
84: 2007-12-10 14:18:10 UTC - RP316 - Deckard's System Scanner Restore Point
83: 2007-12-09 14:40:50 UTC - RP315 - ComboFix created restore point
82: 2007-12-09 13:37:05 UTC - RP314 - Spybot-S&D Spyware removal
81: 2007-12-08 16:47:47 UTC - RP313 - Återställningsåtgärd
80: 2007-12-08 15:48:47 UTC - RP312 - Last known good configuration


-- First Restore Point --
1: 2007-12-08 15:47:45 UTC - RP233 - Systemkontrollpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as JockE.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program\Symantec AntiVirus\Rtvscan.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe
C:\Program\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\windows\system32\notepad.exe
C:\Documents and Settings\JockE\Mina dokument\DC\virus help\dss.exe
C:\DOCUME~1\JockE\MINADO~1\DC\virus help\JockE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /waitstart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: PrcView.lnk = C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
O4 - Startup: VPTray.lnk = C:\Program\Symantec AntiVirus\VPTray.exe
O4 - Global Startup: Personal.lnk.disabled
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-10574d4585007be1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program\Cheetah\NMSAccess.exe (file missing)
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7405 bytes

-- File Associations -----------------------------------------------------------

.txt - Notepad++_file - DefaultIcon - unable to read value
.txt - Notepad++_file - shell\open\command - "C:\Program\Notepad++\notepad++.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 GhPciScan (GhostPciScanner) - c:\program\symantec\norton ghost 2003\ghpciscan.sys <Not Verified; Symantec Corporation; Symantec Ghost PCI Scanner>
R1 prcmondrv - c:\windows\system32\drivers\prcmondrv1041.sys <Not Verified; Igor Nys; PrcView>
R3 catchme - c:\docume~1\jocke\lokala~1\temp\catchme.sys (file missing)

S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - c:\windows\system32\drivers\se27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>
S3 SE27mdfl (Sony Ericsson Device 039 USB WMC Modem Filter) - c:\windows\system32\drivers\se27mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Modem Filter Driver>
S3 SE27mdm (Sony Ericsson Device 039 USB WMC Modem Driver) - c:\windows\system32\drivers\se27mdm.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Data Modem>
S3 SE27mgmt (Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se27mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Device Management>
S3 se27nd5 (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)) - c:\windows\system32\drivers\se27nd5.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
S3 SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface) - c:\windows\system32\drivers\se27obex.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface>
S3 se27unic (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)) - c:\windows\system32\drivers\se27unic.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 GhostStartService - c:\program\symantec\norton~1\ghosts~2.exe <Not Verified; Symantec Corporation; Norton Ghost Start Service>
R2 O&O Defrag - c:\windows\system32\oodag.exe <Not Verified; O&O Software GmbH; O&O Defrag>
R3 ServiceLayer - "c:\program\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 NMSAccess - c:\program\cheetah\nmsaccess.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Videostyrenhet för multimedia
Device ID: PCI\VEN_4444&DEV_0016&SUBSYS_48010070&REV_01\3&61AAA01&0&50
Manufacturer:
Name: Videostyrenhet för multimedia
PNP Device ID: PCI\VEN_4444&DEV_0016&SUBSYS_48010070&REV_01\3&61AAA01&0&50
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-10-03 15:30:00 262 --a------ C:\windows\Tasks\Advanced WindowsCare.job
2007-10-03 13:37:00 330 --a------ C:\windows\Tasks\HP Usg Daily.job
2007-10-03 08:00:00 294 --a------ C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2007-10-02 19:00:00 274 --a------ C:\windows\Tasks\AwcUpdate.job
2007-09-29 09:11:01 272 --a------ C:\windows\Tasks\AppleSoftwareUpdate.job
2007-09-12 13:38:07 308 --a------ C:\windows\Tasks\HP DArC Task #Hewlett-Packard#7600#MY37I211FXD4.job


-- Files created between 2007-11-10 and 2007-12-10 -----------------------------

2007-12-10 15:11:10 0 d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar
2007-12-10 15:11:10 0 d-------- C:\Documents and Settings\LocalService\Lokala instõllningar
2007-12-10 15:11:10 0 d-------- C:\Documents and Settings\JockE\Lokala instõllningar
2007-12-10 15:11:10 0 d-------- C:\Documents and Settings\Default User\Lokala instõllningar
2007-12-09 15:20:45 0 dr-h----- C:\Documents and Settings\JockE\Recent
2007-12-09 15:06:17 0 d-------- C:\Documents and Settings\JockE\Application Data\Grisoft
2007-12-09 15:05:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-09 15:05:26 0 d-------- C:\Program\AVG Anti-Spyware 7.5
2007-12-09 15:04:08 0 d-------- C:\Program\CCleaner
2007-12-08 17:32:48 0 d-------- C:\Documents and Settings\Administratör\Cookies
2007-12-08 17:32:48 0 d-------- C:\Documents and Settings\Administratör\Application Data
2007-12-08 17:32:48 0 d-------- C:\Documents and Settings\Administratör\Application Data\Microsoft
2007-12-08 17:32:47 262144 --ah----- C:\Documents and Settings\Administratör\NTUSER.DAT
2007-12-08 17:32:47 0 d-------- C:\Documents and Settings\Administratör\Mallar
2007-12-08 17:32:47 0 d-------- C:\Documents and Settings\Administratör\Lokala inställningar
2007-12-08 16:48:42 8126464 --a------ C:\Documents and Settings\JockE\ntuser.dat
2007-12-08 16:48:41 524288 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-12-08 16:22:15 22528 --a------ C:\windows\system32\winkve32.dll
2007-12-06 15:18:42 43520 --a------ C:\windows\system32\CmdLineExt03.dll
2007-12-05 17:15:56 286720 --a------ C:\windows\system32\NCTWMAFile2.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2007-12-05 17:14:15 696320 --a------ C:\windows\system32\NCTAudioInformation2.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2007-12-05 17:11:45 1024000 --a------ C:\windows\system32\3ivx.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Plus>
2007-12-05 17:09:48 0 d-------- C:\Program\Audio Converter
2007-12-05 17:07:27 73216 --a------ C:\windows\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-11-24 16:18:57 0 d-------- C:\Program\Blade Runner
2007-11-24 16:17:29 299520 --a------ C:\windows\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>


-- Find3M Report ---------------------------------------------------------------

2007-12-10 15:09:14 0 d-------- C:\Program\Symantec AntiVirus
2007-12-09 15:39:25 0 d-------- C:\Program\CzDc
2007-12-07 14:27:38 0 d-------- C:\Program\Billy
2007-12-06 18:13:03 0 d-------- C:\Documents and Settings\JockE\Application Data\uTorrent
2007-12-04 21:38:34 0 d-------- C:\Documents and Settings\JockE\Application Data\Adobe
2007-11-06 16:01:37 0 d-------- C:\Program\Steam
2007-10-29 14:36:09 386268 --a------ C:\windows\system32\perfh01D.dat
2007-10-29 14:36:08 63848 --a------ C:\windows\system32\perfc01D.dat
2007-10-01 15:23:07 38437 --a------ C:\Documents and Settings\JockE\Application Data\Semikolonavgränsade värden (Windows).ADR


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2005-10-04 11:42]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 20:56]
"HPHUPD05"="C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 04:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-23 04:00]
"SpybotSnD"="C:\Program\Spybot - Search & Destroy\SpybotSD.exe" [2005-04-13 00:04]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 15:16]
"nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 15:16]
"PCSuiteTrayApplication"="C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 10:19]
"!AVG Anti-Spyware"="C:\Program\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-09-02 17:20]
"Start WingMan Profiler"="C:\Program\Logitech\Profiler\lwemon.exe" [2005-04-18 11:16]
"SpybotSD TeaTimer"="C:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2005-04-13 00:04]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\JockE\Start-meny\Program\Autostart\
PrcView.lnk - C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe [2006-08-25 16:42:49]
VPTray.lnk - C:\Program\Symantec AntiVirus\VPTray.exe [2005-11-15 12:28:04]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Personal.lnk.disabled [2007-04-23 18:26:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoRecentDocsMenu"=01000000
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"= C:\WINDOWS\system32\ilmpjy.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4E3F2B22-B004-4A32-B94C-48B71855BE93}"= C:\windows\system32\qommjih.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JockE^Start-meny^Program^Autostart^VPTray.lnk]
backup=C:\WINDOWS\pss\VPTray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GhostStartTrayApp"=C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

*Newly Created Service* - AVGASCLN



-- End of Deckard's System Scanner: finished at 2007-12-10 15:21:39 ------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program\Symantec AntiVirus\Rtvscan.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe
C:\Program\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\windows\notepad.exe
C:\windows\notepad.exe
C:\Documents and Settings\JockE\Mina dokument\DC\virus help\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /waitstart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: PrcView.lnk = C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
O4 - Startup: VPTray.lnk = C:\Program\Symantec AntiVirus\VPTray.exe
O4 - Global Startup: Personal.lnk.disabled
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-10574d4585007be1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program\Cheetah\NMSAccess.exe (file missing)
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7375 bytes
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/10/2007 4:42 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Seems to smile
 
 
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked:
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
 
 
 
Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
KILLALL::
 
File::
C:\windows\system32\winkve32.dll
C:\windows\system32\qommjih.dll
 
 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4E3F2B22-B004-4A32-B94C-48B71855BE93}"=-
----------------------------------------------
 
Save this as CFScript.txt
 
 
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
 
 
Post new hijackthis log along with fresh combofix log
 
 


Do NOT post your problem in someone elses thread.

Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/10/2007 5:20 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Ok, here goes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program\Symantec AntiVirus\Rtvscan.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program\Logitech\Profiler\lwemon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
C:\Program\Symantec AntiVirus\VPTray.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\notepad.exe
C:\Documents and Settings\JockE\Mina dokument\DC\virus help\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /waitstart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: PrcView.lnk = C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
O4 - Startup: VPTray.lnk = C:\Program\Symantec AntiVirus\VPTray.exe
O4 - Global Startup: Personal.lnk.disabled
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-10574d4585007be1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program\Cheetah\NMSAccess.exe (file missing)
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7561 bytes

ComboFix 07-12-09.1 - JockE 2007-12-10 16:05:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1443 [GMT 1:00]
Running from: C:\Documents and Settings\JockE\Mina dokument\DC\virus help\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\JockE\Mina dokument\CFScript.txt
* Created a new restore point

FILE
C:\windows\system32\qommjih.dll
C:\windows\system32\winkve32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\system32\winkve32.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-10 15:34 . 2007-12-10 15:35 <KAT> d-------- C:\Program\Process Viewer
2007-12-10 15:17 . 2007-12-10 15:17 <KAT> d-------- C:\Deckard
2007-12-10 15:11 . 2007-12-10 15:11 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala inställningar
2007-12-10 15:11 . 2007-12-10 15:11 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala inställningar
2007-12-10 15:11 . 2007-12-10 15:11 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala inställningar
2007-12-10 15:11 . 2007-12-10 15:11 <KAT> d-------- C:\Documents and Settings\JockE\Lokala inställningar
2007-12-10 15:11 . 2007-12-10 15:11 <KAT> d-------- C:\Documents and Settings\Default User\Lokala inställningar
2007-12-10 15:11 . <KAT> C:\Documents and Settings\Administrat÷r\Lokala inställningar
2007-12-09 15:06 . 2007-12-09 15:06 <KAT> d-------- C:\Documents and Settings\JockE\Application Data\Grisoft
2007-12-09 15:05 . 2007-12-09 15:11 <KAT> d-------- C:\Program\AVG Anti-Spyware 7.5
2007-12-09 15:05 . 2007-12-09 15:05 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-09 15:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-09 15:04 . 2007-12-09 15:04 <KAT> d-------- C:\Program\CCleaner
2007-12-09 14:07 . 2004-08-04 01:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-06 15:18 . 2007-12-06 15:19 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-05 17:15 . 2007-12-05 17:15 286,720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2007-12-05 17:14 . 2007-12-05 17:14 696,320 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-12-05 17:12 . 2007-12-05 17:12 315,392 --a------ C:\WINDOWS\system32\3ivxDSEncoder.ax
2007-12-05 17:11 . 2007-12-05 17:11 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-12-05 17:09 . 2007-12-05 17:18 <KAT> d-------- C:\Program\Audio Converter
2007-12-05 17:07 . 2007-05-02 17:43 11,482,995 --------- C:\WINDOWS\AudioConverter.CAB
2007-12-05 17:07 . 2007-12-05 17:07 245,760 --------- C:\WINDOWS\Setup1.exe
2007-12-05 17:07 . 2007-12-05 17:07 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-05 17:07 . 2007-12-05 17:19 11,583 --a------ C:\WINDOWS\ST6UNST.000
2007-12-05 17:07 . 2007-12-05 17:10 9,474 --a------ C:\WINDOWS\SETUP.LST
2007-11-24 16:18 . 2007-11-24 17:54 <KAT> d-------- C:\Program\Blade Runner
2007-11-24 16:17 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 15:07 --------- d-----w C:\Program\Symantec AntiVirus
2007-12-10 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-09 14:39 --------- d-----w C:\Program\CzDc
2007-12-07 13:27 --------- d-----w C:\Program\Billy
2007-12-06 17:13 --------- d-----w C:\Documents and Settings\JockE\Application Data\uTorrent
2007-11-06 15:01 --------- d-----w C:\Program\Steam
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-09-02 17:20]
"Start WingMan Profiler"="C:\Program\Logitech\Profiler\lwemon.exe" [2005-04-18 11:16]
"SpybotSD TeaTimer"="C:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2005-04-13 00:04]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2005-10-04 11:42]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 20:56]
"HPHUPD05"="C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 04:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-23 04:00]
"SpybotSnD"="C:\Program\Spybot - Search & Destroy\SpybotSD.exe" [2005-04-13 00:04]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"PCSuiteTrayApplication"="C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 10:19]
"!AVG Anti-Spyware"="C:\Program\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15]

C:\Documents and Settings\JockE\Start-meny\Program\Autostart\
PrcView.lnk - C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe [2006-08-25 16:42:49]
VPTray.lnk - C:\Program\Symantec AntiVirus\VPTray.exe [2005-11-15 12:28:04]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Personal.lnk.disabled [2007-04-23 18:26:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoRecentDocsMenu"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"= C:\WINDOWS\system32\ilmpjy.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JockE^Start-meny^Program^Autostart^VPTray.lnk]
backup=C:\WINDOWS\pss\VPTray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 15:07 49263 --a------ C:\Program\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GhostStartTrayApp"=C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

R1 GhPciScan;GhostPciScanner;\??\C:\Program\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 prcmondrv;prcmondrv;\??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\windows\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\windows\system32\drivers\WmXlCore.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\windows\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\windows\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\windows\system32\drivers\WmVirHid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 14:30:00 C:\windows\Tasks\Advanced WindowsCare.job"
- C:\Program\Advanced WindowsCare V2\AutoCare.exe
"2007-09-29 08:11:01 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
"2007-10-02 18:00:00 C:\windows\Tasks\AwcUpdate.job"
- C:\Program\Advanced WindowsCare V2\AutoUpdate.exe
"2007-09-12 12:38:07 C:\windows\Tasks\HP DArC Task #Hewlett-Packard#7600#MY37I211FXD4.job"
- C:\Program\HP\hpcoretech\comp\hpdarc.exe
"2007-10-03 12:37:00 C:\windows\Tasks\HP Usg Daily.job"
- C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-10-03 07:00:00 C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program\Spybot - Search & Destroy\SpybotSD.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\Explorer.EXE [6.00.2900.3156]
-> C:\Program\Unlocker\UnlockerHook.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 16:09:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 16:12:14 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-10 15:10
.
--- E O F ---
confused
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/11/2007 10:27 AM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked:
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
 
 
And You´re done smile
 
 
 
How are things running now ?


Do NOT post your problem in someone elses thread.

Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/12/2007 4:23 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Ok, will do it now. No need to repost fresh Hijackthis-log I gather.

Things are running as they did before my idi0tic mistake, a bit sluggish maybe...

I have a couple of off-off-topic questions however:
To protect myself (I.e. my files and progz) in the future I've decided to partition my drive and install windows separate.
* What might be a preferred size on that partition?
* Is it even possible to uninstall windows from the "old" partition once I've installed it on the new one without fu**ing up the PC?

Thanx a million for your help, I value it greatly.

Post Edited (kHaoS) : 12-12-2007 14:24:35 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/13/2007 8:04 AM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
See if these tips can improve performance -
 
I don´t quite understand why You will do this - ? "To protect myself"
As it seems to be a mess smile
I think the best thing to do is, buy new HD, then install windows there


Do NOT post your problem in someone elses thread.

Post Edited (Touch) : 13-12-2007 06:42:49 GMT

Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/13/2007 4:25 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Well for one thing, I'm lazy.
I have a micro sized PC with room for only one HDD, and I don't want to reinstall all my appz and so on.
If Windows is on a separate partition, I theoretically could do a clean install when ever I need due to...
...well lets say "mistakes" :D

But nevermind that, I'll just have to take your advise and then do it right from the start.

However, the problems are not over yet, after getting through all the virus/malware removal, I:
* lost access to internet
* keep getting warnings from spybot resident that a AVG key has been deleted

Post Edited (kHaoS) : 13-12-2007 14:26:51 GMT

Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/13/2007 4:51 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Oookay...so I rebooted, and the good news is that my internet connection is back online (or is it bad news maybe..hmm), apparently I have some stability issues.

Bad news is I still keep getting pop-ups from spybot resident, c/p from log follows:

2007-12-09 15:38:34 Allowed value "AutoRun" (new data: "") deleted in Command processor!
2007-12-09 15:39:00 Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2007-12-09 15:39:03 Allowed value "Search Bar" (new data: "") deleted in Browser page!
2007-12-09 15:39:07 Allowed value "load" (new data: "") deleted in NT startup!
2007-12-09 15:50:10 Allowed value "combofix" (new data: ""C:\windows\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"") added in System Startup global entry!
2007-12-09 15:50:12 Allowed value "combofix" (new data: "C:\windows\system32\cmd.exe /c C:\ComboFix\Combobatch.bat") added in System Startup global entry!
2007-12-10 15:08:55 Allowed value "" (new data: "") deleted in System Startup global entry!
2007-12-10 15:09:19 Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2007-12-10 15:09:32 Allowed value "Search Bar" (new data: "") deleted in Browser page!
2007-12-10 15:09:37 Denied value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
2007-12-10 15:09:46 Allowed value "AutoRun" (new data: "") deleted in Command processor!
2007-12-10 15:11:18 Denied value "load" (new data: "") deleted in NT startup!
2007-12-10 16:10:30 Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2007-12-10 16:10:32 Denied value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
2007-12-10 16:12:26 Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2007-12-10 16:12:31 Denied value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
2007-12-10 17:08:19 Allowed value "!AVG Anti-Spyware" (new data: "") deleted in System Startup global entry!
2007-12-10 17:23:31 Allowed value "RegistryMechanic" (new data: "") added in System Startup global entry!
2007-12-10 17:36:53 Allowed value "RegistryMechanic" (new data: "") deleted in System Startup global entry!
2007-12-10 17:38:37 Allowed value "RegistryMechanic" (new data: "") added in System Startup global entry!
2007-12-10 17:41:55 Allowed value "RegistryMechanic" (new data: "") deleted in System Startup global entry!
2007-12-10 17:49:24 Allowed value "!AVG Anti-Spyware" (new data: "") deleted in System Startup global entry!
2007-12-12 15:08:40 Allowed value "!AVG Anti-Spyware" (new data: "") deleted in System Startup global entry!
2007-12-12 15:27:55 Allowed value "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" (new data: "") deleted in Browser Helper Object!
2007-12-12 15:27:57 Allowed value "{7E853D72-626A-48EC-A868-BA8D5E23E045}" (new data: "") deleted in Browser Helper Object!
2007-12-12 15:38:41 Allowed value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") added in Browser Helper Object!
2007-12-12 16:34:09 Allowed value "!AVG Anti-Spyware" (new data: "") deleted in System Startup global entry!
2007-12-12 19:15:11 Allowed value "{8AD9C840-044E-11D1-B3E9-00805F499D93}" (new data: "") deleted in ActiveX Distribution Unit!
2007-12-12 19:15:14 Allowed value "{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}" (new data: "") deleted in ActiveX Distribution Unit!
2007-12-12 19:15:14 Allowed value "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
2007-12-12 19:15:16 Allowed value "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
2007-12-12 19:15:21 Allowed value "{D27CDB6E-AE6D-11CF-96B8-444553540000}" (new data: "") deleted in ActiveX Distribution Unit!
2007-12-13 15:02:03 Allowed value "!AVG Anti-Spyware" (new data: "") deleted in System Startup global entry!
2007-12-13 15:02:14 Allowed value "SpybotSnD" (new data: ""C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart") added in System Startup global entry!
2007-12-13 15:02:21 Allowed value "SpybotSnD" (new data: ""C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart") changed in System Startup global entry!
2007-12-13 15:02:42 Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2007-12-13 15:02:43 Denied value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
2007-12-13 15:04:51 Denied value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2007-12-13 15:04:51 Denied value "SearchAssistant" (new data: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
2007-12-13 15:34:40 Denied value "SpybotSnD" (new data: ""C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart") changed in System Startup global entry!
2007-12-13 15:35:04 Allowed value "!AVG Anti-Spyware" (new data: "") deleted in System Startup global entry!

Can I fix this with Combofix? Maybe this should be in a new thread, seeing as the original issue is solved?

Post Edited (kHaoS) : 13-12-2007 14:58:37 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/14/2007 9:55 AM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
To tell the truth, am I not good when it comes to Spybot´Teatimer. I have Spybot on My Machine, but I don´t have Teatimer activated, as I think it´s quite annoying rolleyes
 
 
I´ll therefore suggest You ask in Spybot´s own forum:
 
 


Do NOT post your problem in someone elses thread.

Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/14/2007 3:53 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
No worries.
I uninstalled SpyBot and downloaded SuperAntiSpyWare, did a full sweep and it fixed a bunch of stuff for me.
I also ran the latest Registry Mechanic and it fixed roughly 400 registryproblems.
Now things are running very smoothly, but to be absolutely sure I'll run hijackthis and combofix and post fresh logs here, and maybe you can reassure me that all is well?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/14/2007 4:50 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Just post the log´s and I´ll check them


Do NOT post your problem in someone elses thread.

Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/14/2007 9:15 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
I also abandoned firefox and went over to Opera, but been having some DNS issues.
Ok, here goes.
__________________________________________________________________________
ComboFix 07-12-09.1 - JockE 2007-12-14 19:59:15.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1469 [GMT 1:00]
Running from: C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Virus Removal Tools\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-14 to 2007-12-14 )))))))))))))))))))))))))))))))
.

2007-12-13 18:03 . 2007-12-13 19:39 <KAT> d-------- C:\Program\SUPERAntiSpyware
2007-12-13 18:03 . 2007-12-13 18:03 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-12-13 18:03 . 2007-12-13 18:03 <KAT> d-------- C:\Documents and Settings\JockE\Application Data\SUPERAntiSpyware.com
2007-12-13 18:03 . 2007-12-13 18:03 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-13 03:00 . 2007-12-13 03:03 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-10 15:34 . 2007-12-10 15:35 <KAT> d-------- C:\Program\Process Viewer
2007-12-10 15:17 . 2007-12-10 15:17 <KAT> d-------- C:\Deckard
2007-12-10 15:11 . 2007-12-10 16:12 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 <KAT> d-------- C:\Documents and Settings\JockE\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 <KAT> d-------- C:\Documents and Settings\Default User\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 <KAT> d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar
2007-12-09 15:05 . 2007-12-09 15:05 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-09 15:04 . 2007-12-09 15:04 <KAT> d-------- C:\Program\CCleaner
2007-12-09 14:07 . 2004-08-04 01:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-08 17:32 . 2007-12-08 17:48 <KAT> d-------- C:\Documents and Settings\Administratör\Mallar
2007-12-08 17:32 . 2007-12-13 15:04 <KAT> d-------- C:\Documents and Settings\Administratör\Lokala inställningar
2007-12-06 15:18 . 2007-12-06 15:19 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-05 17:15 . 2007-12-05 17:15 286,720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2007-12-05 17:14 . 2007-12-05 17:14 696,320 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-12-05 17:12 . 2007-12-05 17:12 315,392 --a------ C:\WINDOWS\system32\3ivxDSEncoder.ax
2007-12-05 17:11 . 2007-12-05 17:11 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-12-05 17:09 . 2007-12-05 17:18 <KAT> d-------- C:\Program\Audio Converter
2007-12-05 17:07 . 2007-05-02 17:43 11,482,995 --------- C:\WINDOWS\AudioConverter.CAB
2007-12-05 17:07 . 2007-12-05 17:07 245,760 --------- C:\WINDOWS\Setup1.exe
2007-12-05 17:07 . 2007-12-05 17:07 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-05 17:07 . 2007-12-05 17:19 11,583 --a------ C:\WINDOWS\ST6UNST.000
2007-12-05 17:07 . 2007-12-05 17:10 9,474 --a------ C:\WINDOWS\SETUP.LST
2007-11-24 16:18 . 2007-11-24 17:54 <KAT> d-------- C:\Program\Blade Runner
2007-11-24 16:17 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 13:49 --------- d-----w C:\Program\Symantec AntiVirus
2007-12-13 20:10 --------- d-----w C:\Program\DivX
2007-12-13 18:35 --------- d-----w C:\Program\CzDc
2007-12-13 18:24 --------- d-----w C:\Documents and Settings\JockE\Application Data\uTorrent
2007-12-13 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-07 13:27 --------- d-----w C:\Program\Billy
2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys
2007-11-06 15:01 --------- d-----w C:\Program\Steam
2007-10-29 22:45 1,289,728 ----a-w C:\windows\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\windows\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-09-02 17:20]
"Start WingMan Profiler"="C:\Program\Logitech\Profiler\lwemon.exe" [2005-04-18 11:16]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 22:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2005-10-04 11:42]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"RegistryMechanic"="C:\Program\Registry Mechanic\RegMech.exe" [2007-08-20 11:58]

C:\Documents and Settings\JockE\Start-meny\Program\Autostart\
PrcView.lnk - C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe [2006-08-25 16:42:49]
VPTray.lnk - C:\Program\Symantec AntiVirus\VPTray.exe [2005-11-15 12:28:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoRecentDocsMenu"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-05-07 20:56 188416 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-05-23 04:00 483328 -ra------ C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-05-23 04:03 49152 -ra--c--- C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 15:07 49263 --a--c--- C:\Program\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GhostStartTrayApp"=C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

R1 GhPciScan;GhostPciScanner;\??\C:\Program\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 prcmondrv;prcmondrv;\??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\windows\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\windows\system32\drivers\WmXlCore.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\windows\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\windows\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\windows\system32\drivers\WmVirHid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 14:30:00 C:\windows\Tasks\Advanced WindowsCare.job"
- C:\Program\Advanced WindowsCare V2\AutoCare.exe
"2007-09-29 08:11:01 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
"2007-10-02 18:00:00 C:\windows\Tasks\AwcUpdate.job"
- C:\Program\Advanced WindowsCare V2\AutoUpdate.ex
"2007-09-12 12:38:07 C:\windows\Tasks\HP DArC Task #Hewlett-Packard#7600#MY37I211FXD4.job"
- C:\Program\HP\hpcoretech\comp\hpdarc.exe
"2007-10-03 12:37:00 C:\windows\Tasks\HP Usg Daily.job"
- C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-12-12 14:35:55 C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program\Spybot - Search & Destroy\SpybotSD.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\explorer.exe [6.00.2900.3156]
-> C:\Program\Unlocker\UnlockerHook.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 20:00:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-14 20:01:32
C:\ComboFix2.txt ... 2007-12-13 15:04
C:\ComboFix3.txt ... 2007-12-10 16:12
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58, on 2007-12-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\windows\system32\ctfmon.exe
C:\Program\Logitech\Profiler\lwemon.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program\Symantec AntiVirus\Rtvscan.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\Symantec AntiVirus\VPTray.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Virus Removal Tools\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PrcView.lnk = C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
O4 - Startup: VPTray.lnk = C:\Program\Symantec AntiVirus\VPTray.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-10574d4585007be1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_10) -
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6667 bytes
Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/14/2007 9:17 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
I got this error message after ComboFix had run:
"nircmd.cfexe - Unable to find a component" "This application couldn't be started due to ConnAPI.DLL is missing. This problem may be fixed by re-installing the application" (Translated from Swedish by me, so the actual message may read otherwise in its original)

Ok, here goes.
__________________________________________________________________________
ComboFix 07-12-09.1 - JockE 2007-12-14 19:59:15.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1469 [GMT 1:00]
Running from: C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Virus Removal Tools\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-14 to 2007-12-14 )))))))))))))))))))))))))))))))
.

2007-12-13 18:03 . 2007-12-13 19:39 <KAT> d-------- C:\Program\SUPERAntiSpyware
2007-12-13 18:03 . 2007-12-13 18:03 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-12-13 18:03 . 2007-12-13 18:03 <KAT> d-------- C:\Documents and Settings\JockE\Application Data\SUPERAntiSpyware.com
2007-12-13 18:03 . 2007-12-13 18:03 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-13 03:00 . 2007-12-13 03:03 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-10 15:34 . 2007-12-10 15:35 <KAT> d-------- C:\Program\Process Viewer
2007-12-10 15:17 . 2007-12-10 15:17 <KAT> d-------- C:\Deckard
2007-12-10 15:11 . 2007-12-10 16:12 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 <KAT> d-------- C:\Documents and Settings\JockE\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 <KAT> d-------- C:\Documents and Settings\Default User\Lokala instõllningar
2007-12-10 15:11 . 2007-12-10 16:12 <KAT> d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar
2007-12-09 15:05 . 2007-12-09 15:05 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-09 15:04 . 2007-12-09 15:04 <KAT> d-------- C:\Program\CCleaner
2007-12-09 14:07 . 2004-08-04 01:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-08 17:32 . 2007-12-08 17:48 <KAT> d-------- C:\Documents and Settings\Administratör\Mallar
2007-12-08 17:32 . 2007-12-13 15:04 <KAT> d-------- C:\Documents and Settings\Administratör\Lokala inställningar
2007-12-06 15:18 . 2007-12-06 15:19 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-05 17:15 . 2007-12-05 17:15 286,720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2007-12-05 17:14 . 2007-12-05 17:14 696,320 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-12-05 17:12 . 2007-12-05 17:12 315,392 --a------ C:\WINDOWS\system32\3ivxDSEncoder.ax
2007-12-05 17:11 . 2007-12-05 17:11 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-12-05 17:09 . 2007-12-05 17:18 <KAT> d-------- C:\Program\Audio Converter
2007-12-05 17:07 . 2007-05-02 17:43 11,482,995 --------- C:\WINDOWS\AudioConverter.CAB
2007-12-05 17:07 . 2007-12-05 17:07 245,760 --------- C:\WINDOWS\Setup1.exe
2007-12-05 17:07 . 2007-12-05 17:07 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-05 17:07 . 2007-12-05 17:19 11,583 --a------ C:\WINDOWS\ST6UNST.000
2007-12-05 17:07 . 2007-12-05 17:10 9,474 --a------ C:\WINDOWS\SETUP.LST
2007-11-24 16:18 . 2007-11-24 17:54 <KAT> d-------- C:\Program\Blade Runner
2007-11-24 16:17 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 13:49 --------- d-----w C:\Program\Symantec AntiVirus
2007-12-13 20:10 --------- d-----w C:\Program\DivX
2007-12-13 18:35 --------- d-----w C:\Program\CzDc
2007-12-13 18:24 --------- d-----w C:\Documents and Settings\JockE\Application Data\uTorrent
2007-12-13 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-07 13:27 --------- d-----w C:\Program\Billy
2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys
2007-11-06 15:01 --------- d-----w C:\Program\Steam
2007-10-29 22:45 1,289,728 ----a-w C:\windows\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\windows\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-09-02 17:20]
"Start WingMan Profiler"="C:\Program\Logitech\Profiler\lwemon.exe" [2005-04-18 11:16]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-25 22:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2005-10-04 11:42]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"RegistryMechanic"="C:\Program\Registry Mechanic\RegMech.exe" [2007-08-20 11:58]

C:\Documents and Settings\JockE\Start-meny\Program\Autostart\
PrcView.lnk - C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe [2006-08-25 16:42:49]
VPTray.lnk - C:\Program\Symantec AntiVirus\VPTray.exe [2005-11-15 12:28:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoRecentDocsMenu"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-05-07 20:56 188416 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-05-23 04:00 483328 -ra------ C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-05-23 04:03 49152 -ra--c--- C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 15:07 49263 --a--c--- C:\Program\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GhostStartTrayApp"=C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

R1 GhPciScan;GhostPciScanner;\??\C:\Program\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 prcmondrv;prcmondrv;\??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\windows\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\windows\system32\drivers\WmXlCore.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\windows\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\windows\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\windows\system32\drivers\WmVirHid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 14:30:00 C:\windows\Tasks\Advanced WindowsCare.job"
- C:\Program\Advanced WindowsCare V2\AutoCare.exe
"2007-09-29 08:11:01 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
"2007-10-02 18:00:00 C:\windows\Tasks\AwcUpdate.job"
- C:\Program\Advanced WindowsCare V2\AutoUpdate.ex
"2007-09-12 12:38:07 C:\windows\Tasks\HP DArC Task #Hewlett-Packard#7600#MY37I211FXD4.job"
- C:\Program\HP\hpcoretech\comp\hpdarc.exe
"2007-10-03 12:37:00 C:\windows\Tasks\HP Usg Daily.job"
- C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-12-12 14:35:55 C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program\Spybot - Search & Destroy\SpybotSD.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\explorer.exe [6.00.2900.3156]
-> C:\Program\Unlocker\UnlockerHook.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 20:00:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-14 20:01:32
C:\ComboFix2.txt ... 2007-12-13 15:04
C:\ComboFix3.txt ... 2007-12-10 16:12
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58, on 2007-12-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\windows\system32\ctfmon.exe
C:\Program\Logitech\Profiler\lwemon.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program\Symantec AntiVirus\Rtvscan.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\Symantec AntiVirus\VPTray.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Virus Removal Tools\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PrcView.lnk = C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe
O4 - Startup: VPTray.lnk = C:\Program\Symantec AntiVirus\VPTray.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\system32\shdocvw.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-10574d4585007be1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_10) -
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6667 bytes

Post Edited (kHaoS) : 14-12-2007 19:21:39 GMT

Back to Top
 

Free Antivirus Experts
New Member


Date Joined Dec 2007
Total Posts : 5
 
   Posted 12/15/2007 5:18 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
I think you have threat on your computer you can try
http://www.free-antivirus-experts.com/online_scan.html

I think it will help you lot.


" Up till now no one has offered on their website Free Internet Security Expert, with whom you can talk in real time and get your problems solved, and get information about from which URL to download, or how to Remove Certain Virus which has infected your system.

Http://www.Free-Antivirus-Experts.com

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/16/2007 9:10 AM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Looks clean.
 
 
 
How are things running now ?


Do NOT post your problem in someone elses thread.

Back to Top
 

kHaoS
New Member


Date Joined Dec 2007
Total Posts : 41
 
   Posted 12/16/2007 9:01 PM (GMT +2)    Quote: Explorer.exe (?) shuts down after windows startAlert an admin about: Explorer.exe (?) shuts down after windows start
Good to hear.
Well I switched from Mozilla to Opera and that really shortened the loading times.
System is running smooth again, so thank you very much for all your help.
Back to Top
 
You cannot post new topics in this forum. Post reply to : Explorer.exe (?) shuts down after windows start Printable version of : Explorer.exe (?) shuts down after windows start
26 posts in this thread.
Viewing Page :
 1  2 
 
Forum Information
Currently it is Friday, November 28, 2014 3:10 PM (GMT +2)
There are a total of 60,789 posts in 13,357 threads.
In the last 3 days there were 7 new threads and 12 reply posts. View Active Threads
Who's Online
This forum has 36874 registered members. Please welcome our newest member, dinjy.
12 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove (9)11/28/2014 12:56:12 PM (dinjy)
Stilhaus Kitchens Reviews (0)11/28/2014 12:34:09 PM (ASDFGH)
Amazon infected download (5)11/28/2014 10:51:06 AM (never54)
Stilhaus Kitchens Reviews (0)11/28/2014 6:22:41 AM (forumbaru)
Is there a future for the Forum? (7)11/27/2014 3:26:01 PM (Dickens)