Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer.exe issue


  • This topic is locked This topic is locked
1 reply to this topic

#1 Dy2K

Dy2K

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 04 December 2008 - 08:40 PM

Hello bleepingcomputer forum i recently was transfering files from a usb drive and it an error occured. So i restarted the computer and the every 5 secs the explorer.exe restarts and restarts. So I read about combofix and ran it on my computer but still i get the same explorer.exe. Please help i don't want to format my computer again i just formatted it 2 weeks ago.
Thanks in advance
Windows XP Sp3

Here is a log of the ComboFix after it restarted

ComboFix 08-12-04.04 - Cindy 2008-12-04 20:14:12.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.323 [GMT -5:00]
Running from: c:\install\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\tn3
c:\windows\system32\KjQWDcfe.ini
c:\windows\system32\KjQWDcfe.ini2
c:\windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-12-04 20:18 . 2008-12-04 20:18 <DIR> d-------- c:\temp\tn3
2008-12-04 20:03 . 2008-12-04 20:03 294,912 --a------ c:\windows\system32\efcDWQjK.dll
2008-12-03 18:42 . 2008-12-03 18:42 167,976 --------- c:\windows\system32\drivers\core.cache.dsk
2008-12-03 18:29 . 2008-04-13 20:12 116,224 --a------ c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-03 18:29 . 2001-08-17 22:37 99,865 --a------ c:\windows\system32\dllcache\xlog.exe
2008-12-03 18:29 . 2001-08-17 22:37 27,648 --a------ c:\windows\system32\dllcache\xrxftplt.exe
2008-12-03 18:29 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-03 18:29 . 2008-04-13 20:12 18,944 --a------ c:\windows\system32\dllcache\xrxscnui.dll
2008-12-03 18:29 . 2001-08-17 12:11 16,970 --a------ c:\windows\system32\dllcache\xem336n5.sys
2008-12-03 18:29 . 2001-08-17 22:37 4,608 --a------ c:\windows\system32\dllcache\xrxflnch.exe
2008-12-03 18:27 . 2001-08-17 13:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys
2008-12-03 18:26 . 2001-08-17 12:18 285,760 --a------ c:\windows\system32\dllcache\stlnata.sys
2008-12-03 18:25 . 2001-08-17 13:28 714,762 --a------ c:\windows\system32\dllcache\r2mdmkxx.sys
2008-12-03 18:24 . 2001-08-17 13:28 899,146 --a------ c:\windows\system32\dllcache\r2mdkxga.sys
2008-12-03 18:23 . 2001-08-17 12:50 198,144 --a------ c:\windows\system32\dllcache\nv3.sys
2008-12-03 18:22 . 2001-08-17 13:28 802,683 --a------ c:\windows\system32\dllcache\ltsm.sys
2008-12-03 18:21 . 2008-04-13 20:11 702,845 --a------ c:\windows\system32\dllcache\i81xdnt5.dll
2008-12-03 18:20 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll
2008-12-03 18:19 . 2001-08-17 12:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys
2008-12-03 18:18 . 2001-08-17 22:36 419,357 --a------ c:\windows\system32\dllcache\dgconfig.dll
2008-12-03 18:17 . 2001-08-17 12:13 980,034 --a------ c:\windows\system32\dllcache\cicap.sys
2008-12-03 18:16 . 2001-08-17 13:28 871,388 --a------ c:\windows\system32\dllcache\bcmdm.sys
2008-12-03 18:15 . 2001-08-17 13:28 762,780 --a------ c:\windows\system32\dllcache\3cwmcru.sys
2008-12-02 23:17 . 2008-12-02 23:17 <DIR> d-------- C:\Install
2008-12-02 22:51 . 2008-12-02 22:51 36,864 --a------ c:\windows\system32\cbXNFvUK.dll
2008-12-02 22:50 . 2008-12-02 22:51 68,399 --a------ c:\windows\system32\pghyxbbacceuh.dll-uninst.exe
2008-12-02 22:47 . 2008-12-02 22:47 32,256 --a------ c:\windows\system32\efcATJBU(2).dll
2008-12-02 21:05 . 2008-12-02 21:05 <DIR> d-------- c:\windows\system32\XEC
2008-12-02 21:05 . 2008-12-02 21:05 <DIR> d-------- c:\windows\system32\VAI
2008-12-02 21:05 . 2008-12-02 21:05 <DIR> d-------- c:\windows\system32\sec
2008-12-02 21:05 . 2008-12-02 21:05 <DIR> d-------- c:\windows\system32\NO
2008-12-02 21:05 . 2008-12-02 21:05 548,928 --a------ c:\windows\system32\pcntksdl.exe
2008-12-02 21:05 . 2008-12-02 21:05 153,444 --a------ c:\windows\system32\g29.exe
2008-12-02 21:05 . 2008-12-02 21:05 86,272 --a------ c:\windows\system32\drivers\ipfltdrvv.sys
2008-12-02 21:05 . 2008-12-02 21:06 47,584 --a------ c:\windows\system32\fkcfzahiajh.exe
2008-12-02 21:04 . 2008-12-02 21:05 <DIR> d-------- c:\windows\system32\dPI02
2008-12-02 21:04 . 2008-12-02 21:05 <DIR> d-------- c:\temp\FT62
2008-12-02 21:04 . 2008-12-02 21:05 <DIR> d-------- C:\Temp
2008-12-02 21:04 . 2008-12-02 21:04 36,864 --a------ c:\windows\system32\nnnoMGWn.dll
2008-11-22 23:26 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-22 23:26 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2008-11-22 23:26 . 2008-04-13 14:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-22 23:26 . 2008-04-13 14:45 10,368 --a------ c:\windows\system32\dllcache\hidusb.sys
2008-11-22 23:19 . 2008-11-22 23:19 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-22 23:19 . 2008-11-22 23:19 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-22 22:01 . 2008-04-13 20:12 16,384 --a------ c:\windows\system32\ipsink.ax
2008-11-22 22:01 . 2008-04-13 20:12 16,384 --a------ c:\windows\system32\dllcache\ipsink.ax
2008-11-22 22:01 . 2008-04-13 14:46 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys
2008-11-22 22:01 . 2008-04-13 14:46 15,232 --a------ c:\windows\system32\dllcache\streamip.sys
2008-11-22 22:01 . 2008-04-13 14:46 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2008-11-22 22:01 . 2008-04-13 14:46 11,136 --a------ c:\windows\system32\dllcache\slip.sys
2008-11-22 22:01 . 2008-04-13 14:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-11-22 22:01 . 2008-04-13 14:46 10,880 --a------ c:\windows\system32\dllcache\ndisip.sys
2008-11-22 22:01 . 2008-04-13 14:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-11-22 22:01 . 2008-04-13 14:39 5,504 --a------ c:\windows\system32\dllcache\mstee.sys
2008-11-22 21:42 . 2007-05-11 19:28 195,360 --a------ c:\windows\system32\lvci1100.dll
2008-11-22 21:41 . 2008-11-22 21:41 <DIR> d-------- c:\program files\Common Files\LogiShrd
2008-11-22 21:38 . 2008-11-22 21:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-11-22 20:58 . 2008-04-13 14:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-11-22 20:58 . 2008-04-13 14:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-11-22 20:57 . 2008-04-13 14:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-22 20:57 . 2008-04-13 14:45 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys
2008-11-15 19:03 . 2008-11-15 19:03 <DIR> d-------- c:\program files\Tibia
2008-11-15 19:03 . 2008-11-15 19:03 <DIR> d-------- c:\documents and settings\Cindy\Application Data\Tibia
2008-11-09 04:06 . 2008-11-09 04:06 <DIR> d-------- c:\program files\IrfanView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 09:42 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-11-01 22:32 --------- d-----w c:\documents and settings\Cindy\Application Data\vlc
2008-11-01 22:30 --------- d-----w c:\program files\VideoLAN
2008-10-26 06:20 --------- d-----w c:\program files\Common Files\SWF Studio
2008-10-26 05:19 --------- d-----w c:\program files\Cablenut
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 04:13 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-10-23 04:12 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-10-21 15:35 --------- d-----w c:\program files\Free Audio Pack
2008-10-17 20:05 --------- d-----w c:\program files\iPod
2008-10-17 20:04 --------- d-----w c:\program files\iTunes
2008-10-17 20:04 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 17:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-08 23:56 --------- d-----w c:\program files\DivX
2008-10-03 18:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-23 22:46 245,408 ----a-w c:\windows\system32\unicows.dll
2008-09-21 17:06 8,704 ----a-w c:\windows\Prefetch\vdub.exe
2008-09-21 17:06 31,232 ----a-w c:\windows\Prefetch\vdremote.dll
2008-09-21 17:06 29,696 ----a-w c:\windows\Prefetch\vdicmdrv.dll
2008-09-21 17:06 25,088 ----a-w c:\windows\Prefetch\vdsvrlnk.dll
2008-09-15 13:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 13:12 1,846,400 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\dllcache\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-08 11:41 333,824 ----a-w c:\windows\system32\dllcache\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-02 21:04 36864 --a------ c:\windows\system32\nnnoMGWn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFE8DE97-2EE0-4456-B50C-B111AF1918CF}]
2008-12-04 20:03 294912 --a------ c:\windows\system32\efcDWQjK.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-04-01 5562368]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-04-01 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz"="nwiz.exe" [2005-04-01 c:\windows\system32\nwiz.exe]

c:\documents and settings\Cindy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\nnnoMGWn.dll" [2008-12-02 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoMGWn]
2008-12-02 21:04 36864 c:\windows\system32\nnnoMGWn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\efcDWQjK

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 ipfltdrvv;ipfltdrvv;c:\windows\system32\drivers\ipfltdrvv.sys [2008-12-02 86272]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2008-08-25 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2008-08-25 545088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19d31930-8217-11dd-8d09-00b0d0e72625}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6323a800-b834-11dd-8d97-00b0d0e72625}]
\Shell\Auto\command - E:\Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaeba920-a31d-11dd-8d56-00b0d0e72625}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
FireFox -: Profile - c:\documents and settings\Cindy\Application Data\Mozilla\Firefox\Profiles\5u09t6uz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\documents and settings\Cindy\Application Data\Mozilla\Firefox\Profiles\5u09t6uz.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 20:18:30
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\nnnoMGWn.dll

- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\efcDWQjK.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\program files\IPOD\BIN\IPODSERVICE.EXE
.
**************************************************************************
.
Completion time: 2008-12-04 20:21:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-05 01:21:48
ComboFix2.txt 2008-12-03 04:16:54

Pre-Run: 22,931,898,368 bytes free
Post-Run: 22,963,748,864 bytes free

234 --- E O F --- 2008-11-23 04:19:47

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:55 PM

Posted 04 December 2008 - 08:49 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users