Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe doesn't load on startup


  • This topic is locked This topic is locked
29 replies to this topic

#1 Dr Doom

Dr Doom

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 26 November 2009 - 08:59 PM

My computer takes 5 minutes to load up, and sometimes the explorer.exe shell doesn't show up at all. I'm just left staring at my desktop wallpaper. Does anyone know what the problem could be?

My original thread.

Attached Files


Edited by Dr Doom, 26 November 2009 - 09:52 PM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:46 AM

Posted 01 December 2009 - 11:55 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Dr Doom

Dr Doom
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 01 December 2009 - 07:30 PM

Thanks for replying.

My computer now takes a few minutes to load up, and shut down.

DDS (Ver_09-12-01.01) - NTFSx86 MINIMAL
Run by Administrator at 0:21:16.23 on 02/12/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.511.396 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO System Cleaner] "c:\program files\comodo\comodo system-cleaner\CSC.EXE" //clean_ini
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

============= SERVICES / DRIVERS ===============

R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [2009-10-30 132424]
R0 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [2009-8-4 56736]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-26 11608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-26 108289]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-22 55656]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);c:\windows\system32\drivers\NUVision.sys [2009-11-14 259528]
S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-26 185089]

=============== Created Last 30 ================

2009-12-02 05:22:06 27362 ----a-w- c:\windows\csdf.dat
2009-12-02 05:22:06 26330 ----a-w- c:\windows\crpf.bin
2009-12-02 05:22:06 23164 ----a-w- c:\windows\crpf_sdum.bin
2009-12-02 05:22:06 12974 ----a-w- c:\windows\csdf_sdum.dat
2009-12-01 01:19:15 0 d-----w- c:\program files\common files\xing shared
2009-11-27 01:42:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-27 01:42:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-27 01:42:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-26 23:56:09 0 d-----w- c:\program files\Avira
2009-11-26 23:56:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2009-11-26 06:23:14 0 d-----w- c:\windows\pss
2009-11-22 23:56:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-22 18:37:53 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-22 05:22:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-20 17:56:23 98816 ----a-w- c:\windows\sed.exe
2009-11-20 17:56:23 77312 ----a-w- c:\windows\MBR.exe
2009-11-20 17:56:23 260608 ----a-w- c:\windows\PEV.exe
2009-11-20 17:56:23 161792 ----a-w- c:\windows\SWREG.exe
2009-11-20 17:55:31 3568341 ----a-r- C:\ComboFix.exe
2009-11-20 04:36:49 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-19 23:16:09 0 d-----w- C:\Sysclean
2009-11-19 18:42:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-18 19:39:19 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-18 19:39:19 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-18 19:39:18 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-18 19:39:17 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-18 19:39:04 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-18 19:39:04 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-18 19:37:59 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2009-11-18 19:36:59 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll
2009-11-18 19:35:59 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2009-11-18 19:23:42 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2009-11-18 19:22:58 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2009-11-18 19:20:22 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2009-11-18 19:19:59 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-11-18 19:18:59 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-11-18 19:17:58 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2009-11-18 19:16:59 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2009-11-18 19:15:59 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2009-11-18 19:14:59 22090 ----a-w- c:\windows\system32\dllcache\fem556n5.sys
2009-11-18 19:13:58 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2009-11-18 19:12:24 65622 -c--a-w- c:\windows\system32\dllcache\digiasyn.dll
2009-11-18 19:11:57 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
2009-11-18 19:11:56 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2009-11-18 19:11:55 49792 -c--a-w- c:\windows\system32\dllcache\cyzport.sys
2009-11-18 19:05:14 18944 ----a-w- c:\windows\system32\dllcache\cprofile.exe
2009-11-18 19:05:13 60970 -c--a-w- c:\windows\system32\dllcache\cpqtrnd5.sys
2009-11-18 19:05:13 21533 -c--a-w- c:\windows\system32\dllcache\cpqndis5.sys
2009-11-18 19:05:12 14976 -c--a-w- c:\windows\system32\dllcache\cpqarray.sys
2009-11-18 19:05:11 20480 ----a-w- c:\windows\system32\dllcache\counters.dll
2009-11-18 19:05:09 56320 ----a-w- c:\windows\system32\dllcache\convlog.exe
2009-11-18 19:05:07 33792 ----a-w- c:\windows\system32\dllcache\controt.dll
2009-11-18 19:05:02 9344 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2009-11-18 19:05:00 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2009-11-18 19:03:14 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2009-11-18 19:02:58 66082 -c--a-w- c:\windows\system32\dllcache\c_20924.nls
2009-11-18 19:01:25 66082 -c--a-w- c:\windows\system32\dllcache\c_20106.nls
2009-11-18 19:00:59 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll
2009-11-18 18:59:56 46464 -c--a-w- c:\windows\system32\dllcache\atibt829.sys
2009-11-18 18:58:51 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2009-11-18 18:58:42 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-11-18 18:57:38 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2009-11-18 18:57:37 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-11-18 18:57:36 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2009-11-18 18:57:32 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2009-11-18 18:57:31 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2009-11-18 18:57:28 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2009-11-18 18:57:12 94720 ----a-w- c:\windows\system32\dllcache\certmap.ocx
2009-11-18 05:54:38 376 ----a-w- c:\windows\ODBC.INI
2009-11-18 05:54:27 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-11-18 05:53:12 0 d-----w- c:\program files\Microsoft ActiveSync
2009-11-18 05:52:33 0 d-----w- c:\windows\SHELLNEW
2009-11-15 04:31:56 8192 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-15 04:28:54 17408 ----a-w- c:\windows\system32\msyuv.dll
2009-11-15 04:28:53 47616 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-15 04:28:53 294912 ----a-w- c:\windows\system32\msh263.drv
2009-11-15 04:28:52 28672 ----a-w- c:\windows\system32\vidcap.ax
2009-11-15 04:28:51 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2009-11-15 04:28:50 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-11-15 04:28:50 130048 ----a-w- c:\windows\system32\ksproxy.ax
2009-11-14 06:49:22 0 d-----w- c:\program files\Auslogics
2009-11-05 22:39:28 0 d--h--w- c:\windows\PIF

==================== Find3M ====================

2009-12-02 06:45:13 134310 ----a-w- c:\windows\cscmondump.bin
2009-12-01 01:18:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-01 01:18:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-31 06:23:45 26321 ----a-w- c:\windows\cscmon.bin
2009-10-27 23:46:30 132424 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2009-10-27 17:53:24 8192 ----a-w- c:\windows\system32\CSC.exe

============= FINISH: 0:21:37.51 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 04 December 2009 - 10:17 AM

Hello.

The explorer problem seems strange. The slow boot up may be a separate issue.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 11 December 2009 - 08:24 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 02 January 2010 - 02:11 PM

Re-opened.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Dr Doom

Dr Doom
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 02 January 2010 - 02:17 PM

I've attached a copy of the combofix and HiJackThis logs.

ComboFix 09-12-31.A1 - Phil 02/01/2010 18:37:43.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.511.310 [GMT -8:00]
Running from: c:\documents and settings\Phil\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))
.

2009-12-26 02:26 . 2001-08-23 12:00 8192 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-26 02:25 . 2004-08-04 07:56 294912 ----a-w- c:\windows\system32\msh263.drv
2009-12-26 02:25 . 2004-08-04 07:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-26 02:25 . 2004-08-04 07:56 17408 ----a-w- c:\windows\system32\msyuv.dll
2009-12-26 02:25 . 2004-08-04 07:56 47616 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-26 02:25 . 2004-08-04 06:15 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2009-12-26 02:25 . 2004-08-04 07:56 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-12-25 19:36 . 2001-08-18 06:36 8192 -c--a-w- c:\windows\system32\dllcache\tsbyuv.dll
2009-12-25 19:35 . 2004-08-04 07:56 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-12-25 19:35 . 2004-08-04 07:56 17408 -c--a-w- c:\windows\system32\dllcache\msyuv.dll
2009-12-25 19:35 . 2004-08-04 07:56 47616 -c--a-w- c:\windows\system32\dllcache\iyuv_32.dll
2009-12-25 19:35 . 2004-08-04 06:15 140928 -c--a-w- c:\windows\system32\dllcache\ks.sys
2009-12-25 19:35 . 2004-08-04 07:56 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-12-25 19:35 . 2004-08-04 06:08 48640 ----a-w- c:\windows\system32\drivers\stream.sys
2009-12-25 02:23 . 2004-08-04 06:08 48640 -c--a-w- c:\windows\system32\dllcache\stream.sys
2009-12-12 01:19 . 2009-12-12 01:19 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-04 21:15 . 2009-12-25 02:19 -------- d-----w- c:\program files\WinTV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 02:15 . 2009-07-21 20:07 -------- d-----w- c:\program files\Taskbar Shuffle
2010-01-03 01:41 . 2009-07-18 18:30 -------- d-----w- c:\documents and settings\Phil\Application Data\foobar2000
2009-12-30 11:09 . 2009-07-18 18:27 -------- d-----w- c:\program files\CloneSpy
2009-12-30 11:08 . 2009-07-18 18:38 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-12-30 11:06 . 2009-07-18 18:39 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-12-29 09:51 . 2009-09-22 02:03 -------- d-----w- c:\program files\Notepad++
2009-12-24 01:24 . 2009-11-04 18:51 -------- d-----w- c:\documents and settings\Phil\Application Data\vlc
2009-12-15 05:23 . 2009-07-21 04:58 20072 ----a-w- c:\documents and settings\Phil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-12 01:19 . 2009-10-31 08:10 161542 ----a-w- c:\windows\cscmondump.bin
2009-12-11 18:30 . 2009-12-12 01:17 171058 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1033.dat
2009-12-01 01:20 . 2009-08-30 19:31 -------- d-----w- c:\program files\Common Files\Real
2009-12-01 01:19 . 2009-12-01 01:19 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-01 01:18 . 2009-08-30 19:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-01 01:18 . 2009-08-30 19:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-30 04:47 . 2009-11-20 04:36 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-27 07:39 . 2009-07-20 00:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-27 01:42 . 2009-11-27 01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-26 23:56 . 2009-11-26 23:56 -------- d-----w- c:\program files\Avira
2009-11-26 23:56 . 2009-11-26 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-11-25 07:58 . 2009-11-26 23:58 237942 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-11-25 07:58 . 2009-11-26 23:58 364917 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-11-24 01:35 . 2009-07-18 18:35 -------- d-----w- c:\program files\Opera
2009-11-23 04:31 . 2009-07-30 18:52 -------- d-----w- c:\documents and settings\Phil\Application Data\dvdcss
2009-11-23 00:56 . 2009-11-22 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-22 06:25 . 2009-11-22 06:25 -------- d-----w- c:\program files\Alwil Software
2009-11-22 05:22 . 2009-11-22 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-20 20:05 . 2009-11-26 23:58 246132 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll
2009-11-19 18:42 . 2009-11-19 18:42 -------- d-----w- c:\documents and settings\Phil\Application Data\Malwarebytes
2009-11-19 18:42 . 2009-11-19 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-18 05:53 . 2009-11-18 05:53 -------- d-----w- c:\program files\Microsoft.NET
2009-11-18 05:53 . 2009-11-18 05:53 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-17 18:24 . 2009-11-26 23:58 586108 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-11-15 04:24 . 2009-08-30 19:31 -------- d-----w- c:\program files\Real
2009-11-14 06:49 . 2009-11-14 06:49 -------- d-----w- c:\program files\Auslogics
2009-11-07 01:32 . 2009-11-26 23:58 2093432 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-11-05 23:21 . 2009-11-26 23:58 422261 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-11-05 23:21 . 2009-11-26 23:58 184694 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-10-31 06:23 . 2009-10-31 06:23 26321 ----a-w- c:\windows\cscmon.bin
2009-10-27 23:46 . 2009-10-31 06:22 132424 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2009-10-27 17:53 . 2009-10-27 17:53 8192 ----a-w- c:\windows\system32\CSC.exe
2009-10-13 02:19 . 2009-10-13 02:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [04/08/2009 18:50 56736]
R3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);c:\windows\system32\drivers\NUVision.sys [25/12/2009 18:24 259528]
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-07-18 21:06]

2009-08-10 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-07-18 07:48]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 18:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(152)
c:\windows\system32\msi.dll
.
Completion time: 2010-01-02 18:47:26
ComboFix-quarantined-files.txt 2010-01-03 02:47
ComboFix2.txt 2010-01-02 01:21
ComboFix3.txt 2009-12-07 21:38
ComboFix4.txt 2009-12-07 21:01
ComboFix5.txt 2010-01-03 02:36

Pre-Run: 2,976,952,320 bytes free
Post-Run: 2,965,463,040 bytes free

- - End Of File - - E473D3C77389EBF9E652DC9F37FC4E6D

Attached Files



#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 02 January 2010 - 02:35 PM

Hello again/

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 Dr Doom

Dr Doom
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 02 January 2010 - 03:21 PM

Sorry I can't do that, because I have 2 PC's. And it the upstairs PC (without internet connection) which has the problem. Any other recommendations (for offline use), please?

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 02 January 2010 - 05:04 PM

Try running this tool...

Download and Run Kaspersky Virus Removal Tool

I suggest you read over the instructions and then print/save the instructions onto notepad or somewhere so you can have a reference and follow the instructions correctly when in Safe Mode; since you won't have access to this page anymore
  • Please download Kaspersky Virus-Removal Tool and save it to your desktop.
  • Alternate Download Mirror 2
  • Reboot your computer into SafeMode.
    You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Then, use your up arrow key to highlight SafeMode then hit enter. Additional instructions can be found over here
  • Please disable all anti-malware protection before running this tool. Refer to this page if you are not sure how.
  • Double click the installer on your desktop and follow the prompts. Kaspersky Virus Removal Tool will open after the installation. If you are using Vista, please right-click and select run as administrator
  • Click Next to continue.
  • It will by default install it to your desktop folder. Click Next.
  • Hit Ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok. Then choose OK again then you are back to the main screen.
  • Then click on Scan at the to right hand Corner. Please be patient while the scan completes. It may take a while.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • When the scan is finished, click the Report... button in the lower middle, select Save to file..., and save it onto your desktop as "KasReport".
  • Close out of the program. When asked to uninstall, select Yes. <- Make sure you have save the log file on your desktop before uninstalling it.
  • Attach back with the KasReport in your next reply please.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Dr Doom

Dr Doom
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 04 January 2010 - 09:55 AM

I did the scan, and it took over 11 hours.

I hope I attached the right thing.

Attached Files



#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 04 January 2010 - 04:18 PM

Hmm... Those are a scan logs for a tool from AVZ. Are you being helped at another forum? Those are not the kaspersky scan log.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 Dr Doom

Dr Doom
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 05 January 2010 - 06:22 PM

I'm definately only getting help from this forum. That program, once it finished scanning, didn't make it easy to locate the logs at the end of scanning (I think they updated the layout of the program to the instructions that you gave me). It just showed the task which I had just finished. Any other recommendations?

P.S. Actually you know what, I'm willing to scan again, but you have to update the instructions a little, so I find out precisely where to get the logs, but I'd prefer to use another program though.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 05 January 2010 - 06:58 PM

Yes, the program updated slightly. You can select all reports and then copy it on to a text document the last time I checked. If you didn't uninstall the tool the reports should be still there and the tool should pop-up at startup. Let me know.

~EB
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 Dr Doom

Dr Doom
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 05 January 2010 - 07:25 PM

Unfortunately, I uninstalled the program. Following the original instructions, that were given. There were no signs of reports whatsoever.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users