|
| ||
| My explorer.exe keeps restarting it always restarts in like 10 seconds. what should i do? sry im new here so how should i give you more details? |
| ||
| Re: My explorer.exe keeps restarting Hi, Mainly this is resulted from either an infection or from conflicting installations or drivers. The simplest way is to log in safe mode and then restore your computer to earlier period (to the time computer was running normally). To reach system restore go to all programs >> Accessories >> System tools, don't worry no files will be lost in the restoration process. |
| ||
| Re: My explorer.exe keeps restarting it doesnt work though... cause i think i was too late to do the Recovery. and it didnt had the correct file of that day. well still. i did it with the ComboFix. which i found on the forums here is the thread ---> ComboFix 08-06-01.6 - Deivis 2008-06-02 16:57:06.2 - NTFSx86 Running from: C:\Documents and Settings\Deivis\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Deivis\Favorites\Online Security Test.url C:\WINDOWS\system32\ahxmzywp.dllbox C:\WINDOWS\system32\DfLSDcfe.ini C:\WINDOWS\system32\DfLSDcfe.ini2 C:\WINDOWS\system32\uwlpzsvv.dllbox . ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))) . 2008-09-03 11:06 . 2002-10-18 18:09 1,761,280 --a--c--- C:\WINDOWS\system32\Camiseta.ocx 2008-09-03 11:06 . 2002-08-29 21:53 266,240 --a--c--- C:\WINDOWS\system32\AniGIF.ocx 2008-09-03 11:06 . 2006-01-19 12:42 25,600 --a--c--- C:\WINDOWS\system32\Borlndmm.dll 2008-06-02 16:48 . 2008-06-02 16:48 344 --ahs---- C:\WINDOWS\system32\rAKTBJjl.ini 2008-06-02 15:55 . 2008-06-02 15:55 278,016 --a------ C:\WINDOWS\system32\ljJBTKAr.dll 2008-06-02 15:39 . 2008-06-02 15:40 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-06-02 06:37 . 2008-06-02 06:37 278,016 --a------ C:\WINDOWS\system32\efcDSLfD.dll 2008-06-01 22:54 . 2008-06-01 22:54 278,016 --a------ C:\WINDOWS\system32\fccyvTNg.dll.vir 2008-06-01 21:37 . 2008-06-01 21:37 278,016 --a------ C:\WINDOWS\system32\tuvSmjhI.dll.vir 2008-06-01 21:22 . 2008-06-02 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-01 21:22 . 2008-06-02 17:09 3,795,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-01 21:22 . 2008-06-02 17:04 56,012 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-01 21:22 . 2008-06-02 17:06 32,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-01 21:22 . 2008-06-02 17:04 5,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-01 21:21 . 2008-06-01 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-06-01 20:30 . 2008-06-01 20:30 278,016 --a------ C:\WINDOWS\system32\pmnnoOhG.dll.vir 2008-06-01 20:28 . 2008-06-01 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-06-01 20:27 . 2008-06-01 20:27 2 --a------ C:\405317447 2008-06-01 20:26 . 2008-06-01 20:26 50,688 --a------ C:\WINDOWS\system32\sac32.dll 2008-06-01 20:26 . 2008-06-01 20:26 50,688 --a------ C:\WINDOWS\system32\bsn32.dll 2008-06-01 20:26 . 2008-06-01 20:26 10,000 --a------ C:\WINDOWS\system32\jfiehayd.dll.vir 2008-06-01 20:25 . 2008-06-01 20:25 79,360 --a------ C:\flciijjq.exe.vir 2008-06-01 20:25 . 2008-06-01 20:25 72,192 --a------ C:\mxuxc.exe 2008-06-01 20:25 . 2008-06-01 20:25 46,592 --a------ C:\kbvxxo.exe 2008-06-01 20:25 . 2008-06-01 20:25 14,848 --a------ C:\jfcjr.exe.vir 2008-06-01 20:25 . 2008-06-01 20:25 5,120 --a------ C:\jgkpt.exe 2008-06-01 20:23 . 2008-06-01 20:23 <DIR> d-------- C:\Documents and Settings\Deivis\Application Data\Simply Super Software 2008-06-01 20:23 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-06-01 20:23 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-06-01 20:23 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-06-01 20:23 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-06-01 20:23 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-06-01 20:11 . 2008-06-01 20:11 <DIR> d-------- C:\Program Files\Yahoo! 2008-06-01 20:11 . 2008-06-01 20:12 <DIR> d-------- C:\Program Files\CCleaner 2008-06-01 16:57 . 2008-06-01 16:57 <DIR> d-------- C:\Program Files\Intel 2008-06-01 16:57 . 2008-06-01 16:57 <DIR> d-------- C:\Intel 2008-06-01 16:57 . 2008-02-22 19:06 53,248 --a------ C:\WINDOWS\system32\CSVer.dll 2008-05-30 18:54 . 2008-05-30 18:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-30 18:54 . 2008-05-30 18:54 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-30 16:23 . 2008-05-30 16:23 <DIR> d-------- C:\Documents and Settings\Deivis\Application Data\Publish Providers 2008-05-30 16:23 . 2008-05-30 16:23 156 --a------ C:\WINDOWS\Twunk001.MTX 2008-05-30 16:23 . 2008-05-30 16:23 2 --a------ C:\WINDOWS\Twain001.Mtx 2008-05-30 16:23 . 2008-05-30 16:23 0 --a------ C:\WINDOWS\Twunk002.MTX 2008-05-30 16:22 . 2008-05-30 16:22 <DIR> d-------- C:\Documents and Settings\Deivis\Application Data\Sony 2008-05-26 09:27 . 2008-05-26 09:27 <DIR> d-------- C:\Program Files\MP3 Player Utilities 3.5.02 2008-05-25 16:03 . 2005-11-09 10:57 9,277 -ra------ C:\WINDOWS\AmvTransform.ini 2008-05-25 16:03 . 2005-09-15 10:40 8,157 -ra------ C:\WINDOWS\AmvPlayer.ini 2008-05-25 16:03 . 2004-05-12 06:28 3,677 -ra------ C:\WINDOWS\SoundCon.INI 2008-05-25 16:03 . 2005-09-15 04:28 170 -ra------ C:\WINDOWS\settings.ini 2008-05-25 15:59 . 2004-11-04 12:19 7,207 -ra------ C:\WINDOWS\Disktool.INI 2008-05-25 15:59 . 2004-11-04 12:19 6,399 -ra------ C:\WINDOWS\fwupgrade.ini 2008-05-25 15:59 . 2004-05-12 06:28 3,677 -ra------ C:\WINDOWS\PlaySnd.INI 2008-05-23 16:26 . 2008-05-23 16:26 <DIR> d-------- C:\Documents and Settings\Deivis\Contacts 2008-05-19 20:52 . 2008-06-01 20:17 <DIR> d-------- C:\Program Files\sXe Injected 2008-05-19 20:11 . 2008-05-19 20:11 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb 2008-05-19 20:11 . 2008-05-19 20:11 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb 2008-05-18 10:54 . 2008-06-01 23:14 <DIR> d-------- C:\WINDOWS\Visualtooltip 2008-05-18 10:54 . 2008-06-02 15:43 <DIR> d-------- C:\WINDOWS\TrueTransparency 2008-05-18 10:54 . 2008-05-18 10:54 <DIR> d-------- C:\Program Files\TaskSwitchXP 2008-05-18 10:54 . 2008-05-23 16:21 <DIR> d-------- C:\Program Files\MSN Messenger 2008-05-18 10:53 . 2004-08-04 13:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup 2008-05-18 10:52 . 2008-05-18 10:54 <DIR> d--h----- C:\WINDOWS\Fedora Transformation Pack 2008-05-18 10:29 . 2008-05-18 10:29 <DIR> d-------- C:\WINDOWS\Full Speed 2008-05-18 10:13 . 2008-06-01 19:15 <DIR> d-------- C:\Documents and Settings\Deivis\Application Data\Auslogics 2008-05-14 07:46 . 2008-05-14 07:46 2,320,000 --a------ C:\WINDOWS\system32\TUKernel.exe 2008-05-14 00:24 . 2008-05-14 00:24 <DIR> d-------- C:\Documents and Settings\Deivis\Application Data\TuneUp Software 2008-05-14 00:24 . 2008-05-14 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-05-14 00:24 . 2008-05-14 00:24 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-05-14 00:24 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-05-14 00:23 . 2008-05-14 00:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-13 19:22 . 2008-05-13 19:22 <DIR> d-------- C:\Program Files\ASIO4ALL v2 2008-05-13 19:22 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm 2008-05-13 19:22 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll 2008-05-13 19:21 . 2008-05-13 19:21 <DIR> d-------- C:\Program Files\Outsim 2008-05-13 15:50 . 2008-05-13 15:50 <DIR> d-------- C:\Program Files\Google Hacks 2008-05-03 22:59 . 2008-05-03 22:59 <DIR> d-------- C:\Documents and Settings\Deivis\Application Data\COWON 2008-05-03 22:58 . 2008-05-03 22:59 <DIR> d-------- C:\Program Files\Common Files\COWON . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-02 22:28 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-06-02 16:08 --------- d-----w C:\Documents and Settings\Deivis\Application Data\Skype 2008-06-02 16:07 --------- d-----w C:\Documents and Settings\Deivis\Application Data\Orbit 2008-06-02 14:43 --------- d-----w C:\Documents and Settings\Deivis\Application Data\uTorrent 2008-06-02 05:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-01 22:21 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-06-01 22:21 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-06-01 22:21 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-06-01 19:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-19 19:10 --------- d-----w C:\Program Files\epson 2008-05-19 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON 2008-05-19 15:02 --------- d-----w C:\Program Files\Paint.NET 2008-05-19 15:01 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-05-19 14:54 --------- d-----w C:\Program Files\Winamp 2008-05-19 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-18 19:54 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-05-18 09:53 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-05-13 20:58 --------- d-----w C:\Program Files\Bonjour 2008-05-02 07:24 --------- d-----w C:\Program Files\Error Repair Professional 2008-04-27 12:59 456,158 ----a-w C:\WINDOWS\Natura Sound Therapy Uninstaller.exe 2008-04-20 20:47 --------- d-----w C:\Program Files\Fotonija 2008-04-20 11:17 --------- d-----w C:\Program Files\Common Files\NSV 2008-04-20 10:27 --------- d-----w C:\Program Files\TeamViewer 2008-04-20 10:17 --------- d-----w C:\Program Files\Opera 2008-04-19 11:09 --------- d-----w C:\Program Files\uTorrent 2008-04-18 12:31 --------- d-----w C:\Program Files\DivX 2008-04-17 15:41 --------- d-----w C:\Documents and Settings\Deivis\Application Data\Samsung 2008-04-02 10:22 --------- d-----w C:\Documents and Settings\Deivis\Application Data\Hamachi 2008-04-02 10:19 --------- d-----w C:\Program Files\Symantec 2008-04-02 10:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-02 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2007-10-05 19:01 22,328 -c--a-w C:\Documents and Settings\Deivis\Application Data\PnkBstrK.sys 2001-11-23 08:08 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2008-02-29 08:55 625,664 --sha-w C:\WINDOWS\Fedora Transformation Pack\Backup\iexplore.exe 2007-06-12 22:05 80 -csha-r C:\WINDOWS\system32\C9E6075474.dll . ------- Sigcheck ------- 2007-02-20 10:52 665600 b258c922d22deec880b60720531d7627 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll 2007-04-18 13:46 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll 2007-06-26 15:35 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll 2007-08-22 13:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll 2007-10-11 06:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll 2007-10-11 00:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll 2007-12-07 03:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll 2008-03-01 14:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll 2004-08-04 13:00 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll 2007-02-20 10:48 658944 30d1c47e40efbb792ff8d3c3b51ce507 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll 2007-04-18 13:31 658944 b7156cd97e739f3014bc4d61758f868a C:\WINDOWS\$NtUninstallKB937143$\wininet.dll 2007-06-26 15:09 658944 184e47c8f7b331025e6dc92740db188f C:\WINDOWS\$NtUninstallKB939653$\wininet.dll 2007-08-22 14:12 658944 1901ad51da8be9f8b38d5d526e5d1788 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll 2008-03-01 14:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\Fedora Transformation Pack\Backup\wininet.dll 2007-10-11 07:13 659456 2005ad86a22aee68e21ee59f9ccb77f2 C:\WINDOWS\ie7\wininet.dll 2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll 2007-10-11 00:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll 2007-12-07 03:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll 2008-03-01 14:06 833536 f4b77664f817cc7f7667e569391eb00a C:\WINDOWS\system32\wininet.dll 2008-03-01 14:06 833536 f4b77664f817cc7f7667e569391eb00a C:\WINDOWS\system32\dllcache\wininet.dll 2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2004-08-04 13:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe 2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Fedora Transformation Pack\Backup\ntkrnlpa.exe 2007-02-28 09:38 2213504 8eb9dda1c9774fc07b48b6143b18e8fd C:\WINDOWS\system32\ntkrnlpa.exe 2007-02-28 09:38 2213504 8eb9dda1c9774fc07b48b6143b18e8fd C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2004-08-04 13:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe 2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Fedora Transformation Pack\Backup\ntoskrnl.exe 2007-02-28 10:10 2336256 cf0a5c74c344e3896ed99b1725556a9e C:\WINDOWS\system32\ntoskrnl.exe 2007-02-28 10:10 2336256 cf0a5c74c344e3896ed99b1725556a9e C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2007-06-13 11:23 1385472 a315b77b1afeab2b157d790c423c60c5 C:\WINDOWS\explorer.exe 2007-06-13 12:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 13:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 11:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\Fedora Transformation Pack\Backup\explorer.exe 2007-06-13 11:23 1385472 a315b77b1afeab2b157d790c423c60c5 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-02_16.42.13.50 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-02 15:28:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-02 16:06:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{968EEA0B-27F4-433B-8068-0F6736506D55}] 2008-06-02 15:55 278016 --a------ C:\WINDOWS\system32\ljJBTKAr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B4518C3-0FE9-46FD-B3B5-C6380D4875EC}] 2008-06-02 06:37 278016 --a------ C:\WINDOWS\system32\efcDSLfD.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "Veoh"="D:\veoh\VeohClient.exe" [2008-04-01 18:35 3587120] "Auslogics BoostSpeed 4"="D:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe" [2008-05-05 14:20 255600] "TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 23:29 62976] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-06-19 20:51 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C-Media Mixer"="Mixer.exe" [2002-07-12 13:33 1581056 C:\WINDOWS\mixer.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "nwiz"="nwiz.exe" [2007-12-02 04:40 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 00:52 849280] "Adobe Reader Speed Launcher"="D:\adobe\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 18:04 185896] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 19:49 36352] "AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Enable Labtec Wireless Desktop.lnk - C:\Program Files\Labtec Wireless Desktop\MagicKey.exe [2007-05-17 18:47:33 258048] Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-02-15 19:53:56 1674432] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ljJBTKAr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TalkAndWrite"=C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\veoh\\VeohClient.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "C:\\Program Files\\Winamp\\winamp.exe"= "D:\\adobr cs3 2\\Adobe\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8000:TCP"= 8000:TCP:Deivis FM "8001:TCP"= 8001:TCP:Deivis FM2 "8000:UDP"= 8000:UDP:deiviui "8001:UDP"= 8001:UDP:ha R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 13:55] R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2004-10-11 15:28] R1 MUsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\MUsbFltr.sys [2005-12-21 21:32] R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2005-12-21 21:31] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00] S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-14 00:24] S3 XDva007;XDva007;C:\WINDOWS\system32\XDva007.sys [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99cdf7ab-69c3-11dc-a163-00160a04ca61}] \Shell\Auto\command - activexdebugger32.exe f \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - activexdebugger32.exe f \Shell\open\Command - activexdebugger32.exe f . Contents of the 'Scheduled Tasks' folder "2008-05-13 20:49:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-27 02:33:06 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job" - C:\Program Files\Microsoft IntelliPoint\ipoint.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-02 17:06:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\ljJBTKAr.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Labtec Wireless Desktop\OSD.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Opera\Opera.exe . ************************************************************************** . Completion time: 2008-06-02 17:21:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-02 16:20:04 ComboFix2.txt 2008-06-02 15:43:18 Pre-Run: 180,314,112 bytes free Post-Run: 332,685,312 bytes free 319 --- E O F --- 2008-05-28 21:23:43 |
| All times are GMT -4. The time now is 1:45 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC