BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Explorer.exe turns on and off
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > Explorer.exe turns on and off  
Forum Quick Jump
 
You cannot post new topics in this forum. Post reply to : Explorer.exe turns on and off Printable version of : Explorer.exe turns on and off
[ << Previous Thread | Next Thread >> ]

lilblazex7
New Member


Date Joined Dec 2008
Total Posts : 5
 
   Posted 12/14/2008 7:53 AM (GMT +2)    Quote: Explorer.exe turns on and offAlert an admin about: Explorer.exe turns on and off
Today i've gotten some malicious items. As soon as i saw this item on my task manager that began with "acro" or something. It was above 250k and then sites started popping up. and a virus remover 2008 installed itself. But i used combofix to get rid of some of it. Now explorer.exe is freaking out.

hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:48:32 AM, on 12/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\steam.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John\Desktop\some old music\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam.exe" -silent
O4 - Startup: IMVU.lnk = C:\Documents and Settings\John\Application Data\IMVUClient\IMVUClient.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\John\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.spyguardpro.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} -
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} -
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} -
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISS Application Pool Process (ISSAppPlPro) - Unknown owner - C:\WINDOWS\system32\w3wp.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Post Edited (lilblazex7) : 14-12-2008 05:54:25 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/14/2008 7:58 AM (GMT +2)    Quote: Explorer.exe turns on and offAlert an admin about: Explorer.exe turns on and off
Hello smile
 
 
Download HostsExpert: http://www.majorgeeks.com/Hoster_d4626.html

Choose one of the servers at Majorgeeks....save the file on your desktop


  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
 
Then ->
 
Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data


Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok

 
Then click Run Cleaner (bottom right) then Exit
Reboot
 
Please download Malwarebytes' Anti-Malware:
 
Or here:
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
 
Please connect all your external hard drive/flash drive before running Malwarebyte
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 
Post hijackthis log along with Malwarebytes' Anti-Malware log
 
 


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

lilblazex7
New Member


Date Joined Dec 2008
Total Posts : 5
 
   Posted 12/14/2008 8:05 AM (GMT +2)    Quote: Explorer.exe turns on and offAlert an admin about: Explorer.exe turns on and off
alright thank you for the fast reply. Im checking the options in CCleaner. Do you want me to leave the default ones on? or just the ones you asked for? I'll be back around 10am est.

Post Edited (lilblazex7) : 14-12-2008 06:31:05 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/14/2008 8:36 AM (GMT +2)    Quote: Explorer.exe turns on and offAlert an admin about: Explorer.exe turns on and off
Just do as I suggest ;-)


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

lilblazex7
New Member


Date Joined Dec 2008
Total Posts : 5
 
   Posted 12/14/2008 7:41 PM (GMT +2)    Quote: Explorer.exe turns on and offAlert an admin about: Explorer.exe turns on and off
Malwarebytes' Anti-Malware 1.31
Database version: 1499
Windows 5.1.2600 Service Pack 2

12/14/2008 12:33:35 PM
mbam-log-2008-12-14 (12-33-35).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 142074
Time elapsed: 1 hour(s), 10 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 27
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\efcYOigh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efcAPJBs.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14732465-d0b4-4a9d-bb1c-155f341a07de} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{14732465-d0b4-4a9d-bb1c-155f341a07de} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcapjbs (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f1eb5f7-6c64-47ce-aceb-2d7c3bb4ba48} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f1eb5f7-6c64-47ce-aceb-2d7c3bb4ba48} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df84f8d0-26a8-4186-b089-98b22fbdb70e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df84f8d0-26a8-4186-b089-98b22fbdb70e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f56c5075-8977-4ee3-af95-3558d58f8641} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f56c5075-8977-4ee3-af95-3558d58f8641} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcyoigh -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcyoigh -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\efcYOigh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hgiOYcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgiOYcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcAPJBs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\QooBox\Quarantine\C\Documents and Settings\John\Application Data\gadcom\gadcom.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Uninstall Fun Web Products.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\byXPIyWQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGaApqp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqNFUKA.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\~.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0097555.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0097560.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0097561.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP475\A0097564.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP476\A0097726.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP477\A0097853.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.



Logfile of HijackThis v1.99.1
Scan saved at 12:40:19 PM, on 12/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\John\Desktop\some old music\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam.exe" -silent
O4 - Startup: IMVU.lnk = C:\Documents and Settings\John\Application Data\IMVUClient\IMVUClient.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\John\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.antispyexpert.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.spyguardpro.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.antispyexpert.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.spyguardpro.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} -
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} -
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} -
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISS Application Pool Process (ISSAppPlPro) - Unknown owner - C:\WINDOWS\system32\w3wp.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-Everything seems okay now. But now my wallpaper dissapeared and it says active desktop recovery. Microsoftwindows has experienced an unxpected error... etc.
I've had this before and disabled or "hidden" it but I want to get rid of it for good.

Post Edited (lilblazex7) : 14-12-2008 18:40:56 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/15/2008 7:21 AM (GMT +2)    Quote: Explorer.exe turns on and offAlert an admin about: Explorer.exe turns on and off
Ok. Any problems Running HostsXpert 4.2  ?
 
 
Uninstall ComboFix

Go to Start->Run, and type in ComboFix /u
Make sure there is a space between ComboFix and /u
Click Enter

Reboot. Download newest version ->
 
 
Please download Combofix:
 
 
And save to the desktop.

Close all other browser windows.
 
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
 
 
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply
 


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

lilblazex7
New Member


Date Joined Dec 2008
Total Posts : 5
 
   Posted 12/15/2008 11:00 PM (GMT +2)    Quote: Explorer.exe turns on and offAlert an admin about: Explorer.exe turns on and off
I followed your instructions for HostsXpert. Then closed out, but I didn't know if anything was suppose to happen. Also the active desktop recovery white screen is gone.

ComboFix 08-12-15.01 - John 2008-12-15 15:53:08.18 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2294.1874 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\~.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-14 18:09 . 2008-12-14 19:01 <DIR> d-------- c:\documents and settings\John\Application Data\Ventrilo
2008-12-14 13:15 . 2008-12-14 13:15 256,496 --a------ c:\program files\WriteMiniDump.exe
2008-12-14 11:16 . 2008-12-14 11:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 11:16 . 2008-12-14 11:16 <DIR> d-------- c:\documents and settings\John\Application Data\Malwarebytes
2008-12-14 11:16 . 2008-12-14 11:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-14 11:16 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 11:16 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 01:04 . 2008-12-14 01:04 <DIR> d-------- c:\program files\CCleaner
2008-12-14 01:01 . 2008-12-14 01:01 <DIR> d-------- C:\HostsXpert
2008-12-13 20:46 . 2008-12-14 13:16 <DIR> d--h----- c:\program files\old
2008-11-17 08:11 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-17 08:11 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-17 08:11 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-11-17 08:11 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 20:50 738,330 ----a-w c:\program files\ClientRegistry.blob
2008-12-15 20:50 626,219 ----a-w c:\program files\Steam.log
2008-12-15 20:35 172,315 ----a-w c:\program files\AppUpdateStats.blob
2008-12-15 11:59 --------- d-----w c:\program files\logs
2008-12-15 03:01 3,141 ----a-w c:\program files\GameOverlayRenderer.dll.log
2008-12-15 03:01 20,835 ----a-w c:\program files\GameOverlayUI.exe.log
2008-12-14 22:25 --------- d-----w c:\program files\config
2008-12-14 18:17 --------- d-----w c:\program files\steamapps
2008-12-14 18:16 77,824 ----a-w c:\program files\ThirdPartyLegalNotices.doc
2008-12-14 18:16 57,409 ----a-w c:\program files\SteamUI_714.mst
2008-12-14 18:16 551,408 ----a-w c:\program files\mss32_s.dll
2008-12-14 18:16 365,816 ----a-w c:\program files\vstdlib_s.dll
2008-12-14 18:16 238,840 ----a-w c:\program files\tier0_s.dll
2008-12-14 18:16 238,840 ----a-w c:\program files\GameOverlayRenderer.dll
2008-12-14 18:16 2,636,272 ----a-w c:\program files\steamclient.dll
2008-12-14 18:16 1,012,984 ----a-w c:\program files\GameOverlayUI.exe
2008-12-14 18:16 --------- d-----w c:\program files\Graphics
2008-12-14 18:15 2,942,200 ----a-w c:\program files\SteamUI.dll
2008-12-14 18:15 2,860,280 ----a-w c:\program files\Steam.dll
2008-12-14 18:15 122,864 ----a-w c:\program files\CSERHelper.dll
2008-12-14 18:15 1,039,192 ----a-w c:\program files\dbghelp.dll
2008-12-14 18:15 --------- d-----w c:\program files\resource
2008-12-14 18:15 --------- d-----w c:\program files\Public
2008-12-14 18:15 --------- d-----w c:\program files\bin
2008-12-14 18:14 --------- d-----w c:\program files\support.com
2008-12-14 18:06 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-12 02:58 --------- d-----w c:\documents and settings\John\Application Data\uTorrent
2008-12-08 03:01 32,196 ----a-w c:\documents and settings\John\Application Data\wklnhst.dat
2008-12-07 21:51 31 ----a-w c:\documents and settings\John\jagex_runescape_preferences.dat
2008-12-06 19:17 --------- d-----w c:\program files\appcache
2008-12-02 22:29 --------- d-----w c:\program files\LimeWire
2008-11-27 04:11 --------- d-----w c:\program files\PokerStars
2008-11-22 19:06 --------- d-----w c:\program files\Common Files\Download Manager
2008-11-13 02:06 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-11-13 02:05 --------- d-----w c:\program files\DVDVideoSoft
2008-11-13 01:18 --------- d-----w c:\program files\DivX
2008-11-06 12:02 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-09 23:12 238,840 ----a-w c:\program files\GameOverlayRenderer.dll_2008.10.13.01.00.32
2008-10-08 19:26 14 ----a-w c:\program files\steam_49.mst
2008-10-08 19:26 1,410,296 ----a-w c:\program files\steam.exe
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-06-27 01:04 87,528 ----a-w c:\documents and settings\John\Application Data\GDIPFONTCACHEV1.DAT
2008-06-19 02:28 14,336 ----a-w c:\documents and settings\John\Application Data\cnvzm.exe
2008-02-24 18:14 523 ----a-w c:\documents and settings\John\sysinfo.dat
2008-02-24 18:14 1,124 ----a-w c:\documents and settings\John\sysadpt.dat
2007-12-26 19:06 908 ----a-w c:\program files\.config
2007-03-13 02:09 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-03-13 01:53 6,830 ----a-w c:\program files\ChangeLog.txt
2007-03-12 02:33 15,542 ----a-w c:\program files\Seemfunc.lst
2007-03-11 20:02 6,486 ----a-w c:\program files\Messages.lng
2007-03-11 19:45 3,222 ----a-w c:\program files\Seem.lst
2006-12-10 16:48 2,593 ----a-w c:\program files\logfile.txt
2005-10-16 20:18 255 ----a-w c:\program files\example.p2kc
2005-09-15 20:20 318 ----a-w c:\program files\steam.ico
2005-08-31 19:51 806 ----a-w c:\program files\faq.txt
2005-08-14 20:25 118 ----a-w c:\program files\homepage.txt
2005-05-12 02:44 1,069 ----a-w c:\program files\Readme.1st.txt
2001-07-13 03:07 0 ----a-w c:\program files\MSLOGO.AVI
2001-07-13 03:07 0 ----a-w c:\program files\BFLOGO.AVI
2001-07-13 02:57 0 ---ha-w c:\program files\EBUSetup.sem
2001-06-15 17:30 471,098 ----a-w c:\program files\UNINSTAL.EXE
2001-06-14 18:25 1,040,384 ----a-w c:\program files\SETUPENU.DLL
2001-06-12 16:02 2,514 ----a-w c:\program files\ai.zip
2001-06-12 15:20 466,997 ----a-w c:\program files\lang0.dll
2001-06-07 18:38 118,784 ----a-w c:\program files\res0.dll
2001-06-05 20:06 45,056 ----a-w c:\program files\ImeUiRes.dll
2001-06-05 19:24 45,056 ----a-w c:\program files\ImeUiResJpn.dll
2001-06-05 19:24 45,056 ----a-w c:\program files\ImeUiResEnu.dll
2001-06-01 18:35 1,440,056 ----a-w c:\program files\splash.bmp
2001-05-10 16:15 161,184 ----a-w c:\program files\dw.exe
2001-05-10 16:15 1,112,504 ----a-w c:\program files\dwdebug.exe
2001-03-14 19:29 53,300 ----a-w c:\program files\EBUEula.dll
2006-11-25 03:07 1,418,870 --sh--w c:\windows\repair\ptcac.bak2
2007-08-29 02:00 104 --sh--r c:\windows\system32\F31E18F2AC.sys
2007-08-29 02:00 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]
"Steam"="c:\program files\steam.exe" [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-18 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\steamapps\\lilblazex7\\counter-strike source\\hl2.exe"=
"c:\\Documents and Settings\\John\\Desktop\\utorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\John\\Desktop\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\John\\Desktop\\Pokemon_World_Online_9021\\Pokemon Game.exe"=

S2 ISSAppPlPro;ISS Application Pool Process;"c:\windows\system32\w3wp.exe" []
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe []
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-09-30 24652]
S3 Agpcgmtm_cor;Agpcgmtm_cor; []
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys []
S3 XDva201;XDva201;\??\c:\windows\system32\XDva201.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b46f208-b339-11dd-b495-00167605672d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b46f20a-b339-11dd-b495-00167605672d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed20e33-9937-11dd-b448-00167605672d}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed20e35-9937-11dd-b448-00167605672d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54dca681-2921-11dd-a81d-00167605672d}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2007-11-09 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - John.job
- c:\progra~1\NORTON~1\Navw32.exe [2007-05-23 12:13]

2007-11-09 c:\windows\Tasks\Norton AntiVirus - Run Norton QuickScan - John.job
- c:\progra~1\NORTON~1\NAVW32.EXE [2007-05-23 12:13]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\John\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\John\Start Menu\Programs\IMVU\Run IMVU.lnk -
Trusted Zone: *.amaena.com
Trusted Zone: *.antimalwareguard.com
Trusted Zone: *.antispyexpert.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.gomyhit.com
Trusted Zone: *.imagesrvr.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.spyguardpro.com
Trusted Zone: *.storageguardsoft.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com
Trusted Zone: *.amaena.com
Trusted Zone: *.antimalwareguard.com
Trusted Zone: *.antispyexpert.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.gomyhit.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.spyguardpro.com
Trusted Zone: *.storageguardsoft.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com

O16 -: {4539348E-01D7-11D5-9A39-0080C8D85044}

O16 -: {AC120B1D-9411-4111-AF52-118052D85D45}

O16 -: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\1fk9529m.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\John\Desktop\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 15:56:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-15 15:57:57
ComboFix-quarantined-files.txt 2008-12-15 20:57:16

Pre-Run: 50,081,030,144 bytes free
Post-Run: 50,076,053,504 bytes free

250 --- E O F --- 2008-12-15 20:15:34

Post Edited (lilblazex7) : 15-12-2008 21:30:19 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted Today 5:44 AM (GMT +2)    Quote: Explorer.exe turns on and offAlert an admin about: Explorer.exe turns on and off
My bad. It should be this program ->
 
Download: DelDomains.inf
http://mvps.org/winhelp2002/DelDomains.inf, and save it to the desktop.

Close all open browsers
Right-click DelDomains.inf and select: Install

Reboot.
 
Post new combofix log

 
 
 
 


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

lilblazex7
New Member


Date Joined Dec 2008
Total Posts : 5
 
   Posted 12/19/2008 4:27 AM (GMT +2)    Quote: Explorer.exe turns on and offAlert an admin about: Explorer.exe turns on and off
ComboFix 08-12-15.01 - John 2008-12-18 21:19:49.19 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2294.1884 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.

2008-12-14 18:09 . 2008-12-14 19:01 <DIR> d-------- c:\documents and settings\John\Application Data\Ventrilo
2008-12-14 13:15 . 2008-12-18 21:13 256,496 --a------ c:\program files\WriteMiniDump.exe
2008-12-14 11:16 . 2008-12-14 11:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 11:16 . 2008-12-14 11:16 <DIR> d-------- c:\documents and settings\John\Application Data\Malwarebytes
2008-12-14 11:16 . 2008-12-14 11:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-14 11:16 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 11:16 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 01:04 . 2008-12-14 01:04 <DIR> d-------- c:\program files\CCleaner
2008-12-14 01:01 . 2008-12-14 01:01 <DIR> d-------- C:\HostsXpert
2008-12-13 20:46 . 2008-12-18 21:14 <DIR> d--h----- c:\program files\old

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 02:19 743,650 ----a-w c:\program files\ClientRegistry.blob
2008-12-19 02:19 632,545 ----a-w c:\program files\Steam.log
2008-12-19 02:16 173,734 ----a-w c:\program files\AppUpdateStats.blob
2008-12-19 02:16 --------- d-----w c:\program files\appcache
2008-12-19 02:14 77,824 ----a-w c:\program files\ThirdPartyLegalNotices.doc
2008-12-19 02:14 57,409 ----a-w c:\program files\SteamUI_723.mst
2008-12-19 02:14 551,408 ----a-w c:\program files\mss32_s.dll
2008-12-19 02:14 361,720 ----a-w c:\program files\vstdlib_s.dll
2008-12-19 02:14 255,224 ----a-w c:\program files\tier0_s.dll
2008-12-19 02:14 238,840 ----a-w c:\program files\GameOverlayRenderer.dll
2008-12-19 02:14 2,689,520 ----a-w c:\program files\steamclient.dll
2008-12-19 02:14 1,037,560 ----a-w c:\program files\GameOverlayUI.exe
2008-12-19 02:14 --------- d-----w c:\program files\Graphics
2008-12-19 02:13 2,925,816 ----a-w c:\program files\SteamUI.dll
2008-12-19 02:13 2,852,088 ----a-w c:\program files\Steam.dll
2008-12-19 02:13 122,864 ----a-w c:\program files\CSERHelper.dll
2008-12-19 02:13 1,039,192 ----a-w c:\program files\dbghelp.dll
2008-12-19 02:13 --------- d-----w c:\program files\resource
2008-12-19 02:13 --------- d-----w c:\program files\Public
2008-12-19 02:13 --------- d-----w c:\program files\bin
2008-12-19 02:08 3,141 ----a-w c:\program files\GameOverlayRenderer.dll.log
2008-12-19 02:08 19,037 ----a-w c:\program files\GameOverlayUI.exe.log
2008-12-18 23:19 --------- d-----w c:\program files\Symantec
2008-12-18 23:17 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-18 22:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-18 22:37 --------- d-----w c:\program files\Norton AntiVirus
2008-12-17 00:46 31 ----a-w c:\documents and settings\John\jagex_runescape_preferences.dat
2008-12-15 23:49 --------- d-----w c:\documents and settings\John\Application Data\uTorrent
2008-12-15 21:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 11:59 --------- d-----w c:\program files\logs
2008-12-14 22:25 --------- d-----w c:\program files\config
2008-12-14 18:17 --------- d-----w c:\program files\steamapps
2008-12-14 18:14 --------- d-----w c:\program files\support.com
2008-12-08 03:01 32,196 ----a-w c:\documents and settings\John\Application Data\wklnhst.dat
2008-12-02 22:29 --------- d-----w c:\program files\LimeWire
2008-11-27 04:11 --------- d-----w c:\program files\PokerStars
2008-11-22 19:06 --------- d-----w c:\program files\Common Files\Download Manager
2008-11-13 02:06 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-11-13 02:05 --------- d-----w c:\program files\DVDVideoSoft
2008-11-13 01:18 --------- d-----w c:\program files\DivX
2008-11-06 12:02 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-09 23:12 238,840 ----a-w c:\program files\GameOverlayRenderer.dll_2008.10.13.01.00.32
2008-10-08 19:26 14 ----a-w c:\program files\steam_49.mst
2008-10-08 19:26 1,410,296 ----a-w c:\program files\steam.exe
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-06-27 01:04 87,528 ----a-w c:\documents and settings\John\Application Data\GDIPFONTCACHEV1.DAT
2008-06-19 02:28 14,336 ----a-w c:\documents and settings\John\Application Data\cnvzm.exe
2008-02-24 18:14 523 ----a-w c:\documents and settings\John\sysinfo.dat
2008-02-24 18:14 1,124 ----a-w c:\documents and settings\John\sysadpt.dat
2007-12-26 19:06 908 ----a-w c:\program files\.config
2007-03-13 02:09 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-03-13 01:53 6,830 ----a-w c:\program files\ChangeLog.txt
2007-03-12 02:33 15,542 ----a-w c:\program files\Seemfunc.lst
2007-03-11 20:02 6,486 ----a-w c:\program files\Messages.lng
2007-03-11 19:45 3,222 ----a-w c:\program files\Seem.lst
2006-12-10 16:48 2,593 ----a-w c:\program files\logfile.txt
2005-10-16 20:18 255 ----a-w c:\program files\example.p2kc
2005-09-15 20:20 318 ----a-w c:\program files\steam.ico
2005-08-31 19:51 806 ----a-w c:\program files\faq.txt
2005-08-14 20:25 118 ----a-w c:\program files\homepage.txt
2005-05-12 02:44 1,069 ----a-w c:\program files\Readme.1st.txt
2001-07-13 03:07 0 ----a-w c:\program files\MSLOGO.AVI
2001-07-13 03:07 0 ----a-w c:\program files\BFLOGO.AVI
2001-07-13 02:57 0 ---ha-w c:\program files\EBUSetup.sem
2001-06-15 17:30 471,098 ----a-w c:\program files\UNINSTAL.EXE
2001-06-14 18:25 1,040,384 ----a-w c:\program files\SETUPENU.DLL
2001-06-12 16:02 2,514 ----a-w c:\program files\ai.zip
2001-06-12 15:20 466,997 ----a-w c:\program files\lang0.dll
2001-06-07 18:38 118,784 ----a-w c:\program files\res0.dll
2001-06-05 20:06 45,056 ----a-w c:\program files\ImeUiRes.dll
2001-06-05 19:24 45,056 ----a-w c:\program files\ImeUiResJpn.dll
2001-06-05 19:24 45,056 ----a-w c:\program files\ImeUiResEnu.dll
2001-06-01 18:35 1,440,056 ----a-w c:\program files\splash.bmp
2001-05-10 16:15 161,184 ----a-w c:\program files\dw.exe
2001-05-10 16:15 1,112,504 ----a-w c:\program files\dwdebug.exe
2001-03-14 19:29 53,300 ----a-w c:\program files\EBUEula.dll
2006-11-25 03:07 1,418,870 --sh--w c:\windows\repair\ptcac.bak2
2007-08-29 02:00 104 --sh--r c:\windows\system32\F31E18F2AC.sys
2007-08-29 02:00 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-15_15.56.53.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 21:51:21 315,392 ----a-w c:\windows\.file_store_32\runescape\jogl.dll
+ 2008-12-17 00:46:13 315,392 ----a-w c:\windows\.file_store_32\runescape\jogl.dll
- 2008-12-07 21:51:21 20,480 ----a-w c:\windows\.file_store_32\runescape\jogl_awt.dll
+ 2008-12-17 00:46:13 20,480 ----a-w c:\windows\.file_store_32\runescape\jogl_awt.dll
- 2008-12-07 21:52:50 101,991 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat
+ 2008-12-17 00:46:11 101,991 ----a-w c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]
"Steam"="c:\program files\steam.exe" [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-18 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\steamapps\\lilblazex7\\counter-strike source\\hl2.exe"=
"c:\\Documents and Settings\\John\\Desktop\\utorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\John\\Desktop\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\John\\Desktop\\Pokemon_World_Online_9021\\Pokemon Game.exe"=

S2 ISSAppPlPro;ISS Application Pool Process;"c:\windows\system32\w3wp.exe" []
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe []
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-09-30 24652]
S3 Agpcgmtm_cor;Agpcgmtm_cor; []
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys []
S3 XDva201;XDva201;\??\c:\windows\system32\XDva201.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b46f208-b339-11dd-b495-00167605672d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b46f20a-b339-11dd-b495-00167605672d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed20e33-9937-11dd-b448-00167605672d}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ed20e35-9937-11dd-b448-00167605672d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54dca681-2921-11dd-a81d-00167605672d}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\John\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\John\Start Menu\Programs\IMVU\Run IMVU.lnk -

O16 -: {4539348E-01D7-11D5-9A39-0080C8D85044}

O16 -: {AC120B1D-9411-4111-AF52-118052D85D45}

O16 -: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\1fk9529m.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\John\Desktop\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 21:23:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-18 21:24:49
ComboFix-quarantined-files.txt 2008-12-19 02:24:03
ComboFix2.txt 2008-12-15 20:57:58

Pre-Run: 50,694,336,512 bytes free
Post-Run: 50,693,808,128 bytes free

216 --- E O F --- 2008-12-18 12:02:26
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 12/19/2008 8:06 AM (GMT +2)    Quote: Explorer.exe turns on and offAlert an admin about: Explorer.exe turns on and off
How are things running now ?


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

lilblazex7
New Member


Date Joined Dec 2008
Total Posts : 5
 
   Posted 12/19/2008 1:58 PM (GMT +2)    Quote: Explorer.exe turns on and offAlert an admin about: Explorer.exe turns on and off
They're great! Thank you for your help!
Back to Top
 
You cannot post new topics in this forum. Post reply to : Explorer.exe turns on and off Printable version of : Explorer.exe turns on and off
 
Forum Information
Currently it is Friday, December 19, 2014 11:43 PM (GMT +2)
There are a total of 60,822 posts in 13,360 threads.
In the last 3 days there were 0 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36994 registered members. Please welcome our newest member, sitesafecontainment.
9 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Firewall blocking programs without warning/ BsFireTemp Folder (3)12/17/2014 9:18:56 PM (Gavio101)