Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Tag Cloud
access acer asus bios bsod computer crash driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop mac malware memory monitor motherboard music network printer problem ram registry router server slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Explorer.exe crashes on Startup - Rootkit (New)

Reply  
Thread Tools
Pigmaleon's Avatar
Junior Member with 1 posts.
  
Join Date: May 2008
Experience: Intermediate
11-May-2008, 04:32 PM #1
Explorer.exe crashes on Startup - Rootkit
Explorer.exe crashes on Startup - Rootkit PLEASE HELP!!!!!

This problem started occurring 3 days ago. I'm running Windows XP in my laptop and problems started when I opened an email that I believed to be from a friend… It was not. Computer crashed and when I restarted it I could see the dimension of the damage:

- explorer.exe loads then closes without error;
- Taksmanager and all anti-virus and anti-rootkit programs have the same behaviour;
- On the screen, just wallpaper and nothing else.
- I wasn’t’ able to start windows in safe mode

After reinstalling Windows I started to have access to the safe mode, but am trapped only with DOS command lines. Finnally I discovered that gmer.exe works, and it shows that I have quite a lot of lines in the Reg with problems, but I have no idea of how to fix it.

Getting very angry now!!!!

I run Hijackthis and ComboFix, and results are shown below:



Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:37, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\cmd.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Namo SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1137524179640
O16 - DPF: {8FACB588-4A4B-46C1-807B-1F08D0AC7592} (eTours Control) - http://www.360etours.net/activex/eTours3-4-0-01.ocx
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7400 bytes


ComboFix

ComboFix 08-05-07.1 - Mario 2008-05-11 15:51:56.4 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.950 [GMT 1:00]
Running from: E:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-11 15:22 . 2007-08-14 08:12 5,760 --------- C:\WINDOWS\system32\33.tmp
2008-05-11 15:07 . 2007-08-14 08:12 5,760 --------- C:\WINDOWS\system32\32.tmp
2008-05-10 15:10 . 2008-05-11 04:09 1,333,227,520 --a------ C:\WINDOWS\MEMORY.DMP
2008-05-10 14:53 . 2004-08-04 05:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-05-10 14:52 . 2004-08-04 05:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-10 14:51 . 2004-08-04 05:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-05-10 14:50 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2008-05-10 14:48 . 2008-05-10 14:48 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-10 14:48 . 2008-05-10 14:48 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-10 14:48 . 2008-05-10 14:48 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-10 14:48 . 2008-05-10 14:48 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-10 14:48 . 2008-05-10 14:48 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-10 02:28 . 2008-05-10 02:28 <DIR> d-------- C:\54321
2008-05-10 02:13 . 2008-05-10 02:13 <DIR> d-------- C:\Deckard
2008-05-10 01:50 . 2005-06-28 23:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-05-10 01:50 . 2005-06-28 23:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-05-10 01:50 . 2005-06-28 23:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-10 01:50 . 2006-05-12 00:41 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-05-10 01:50 . 2008-05-10 01:50 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-10 01:50 . 2008-05-11 15:25 8,192 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-05-09 06:12 . 2005-06-28 23:51 <DIR> d-------- C:\Documents and Settings\Mario Filho\Application Data\You've Got Pictures Screensaver
2008-05-09 06:12 . 2005-06-28 23:59 <DIR> d-------- C:\Documents and Settings\Mario Filho\Application Data\Jasc Software Inc
2008-05-09 06:12 . 2005-06-28 23:43 <DIR> d-------- C:\Documents and Settings\Mario Filho\Application Data\Intel
2008-05-09 06:12 . 2006-05-12 00:41 <DIR> d--h----- C:\Documents and Settings\Mario Filho\Application Data\Gtek
2008-05-09 06:12 . 2008-05-09 06:12 <DIR> d-------- C:\Documents and Settings\Mario Filho
2008-05-09 06:12 . 2008-05-11 15:25 8,192 --ah----- C:\Documents and Settings\Mario Filho\ntuser.dat.LOG
2008-05-09 05:49 . 2008-03-15 00:39 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-05-09 02:13 . 2008-05-09 02:13 <DIR> d-------- C:\WINDOWS\dell
2008-05-09 01:28 . 2008-03-15 00:41 1,086,058 -ra------ C:\WINDOWS\SETFC.tmp
2008-05-09 01:28 . 2008-03-15 00:42 1,042,903 -ra------ C:\WINDOWS\SETF9.tmp
2008-05-09 01:28 . 2008-03-15 00:39 13,753 -ra------ C:\WINDOWS\SET108.tmp
2008-05-09 01:28 . 2008-03-15 00:43 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 13:47 1,663 ----a-w C:\WINDOWS\inf\COMD9.tmp
2008-05-08 08:18 --------- d-----w C:\Program Files\eMule
2008-05-03 16:25 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-08 20:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-08 20:47 --------- d-----w C:\Program Files\AoA Audio Extractor
2008-04-06 23:28 --------- d-----w C:\Program Files\StreamboxVcrSuite2
2008-04-04 16:39 --------- d-----w C:\Program Files\CUE Splitter
2008-04-04 16:20 --------- d-----w C:\Program Files\Monkey's Audio
2008-04-04 16:12 --------- d-----w C:\Program Files\Winamp
2008-03-22 15:56 --------- d-----w C:\Program Files\Nero
2008-03-22 15:56 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-15 04:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-15 02:01 277,504 ----a-w C:\WINDOWS\gmoer.dll
2008-03-14 23:42 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-03-14 23:41 98,304 ----a-w C:\WINDOWS\system32\rtm.dll
2008-03-14 23:40 994,304 ----a-w C:\WINDOWS\system32\msgina.dll
2008-03-14 23:39 97,280 ----a-w C:\WINDOWS\system32\loadperf.dll
2008-03-14 23:38 97,280 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-03-14 23:37 98,304 ----a-w C:\WINDOWS\system32\cscript.exe
2008-03-14 21:35 --------- d-----w C:\Program Files\Sophos
2008-03-14 21:14 --------- d-----w C:\Program Files\Windows Defender
2008-03-14 20:39 32,768 -c--a-w C:\WINDOWS\system32\instlsp.exe
2008-03-14 01:29 --------- d-----w C:\Program Files\Lavasoft
2008-03-13 21:41 --------- d-----w C:\Program Files\BurnAware Free Edition
2008-03-13 21:40 --------- d-----w C:\Program Files\Astonsoft
2008-03-13 20:15 --------- d-----w C:\Program Files\ahead
2005-07-26 16:16 439 -c--a-w C:\Program Files\DivXPlayer.dbf
2005-05-13 17:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 11:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 21:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 19:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 12:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 15:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 22:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-07-24 00:33 56 -csha-r C:\WINDOWS\system32\E4CB67060B.sys
2004-01-25 00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2005-08-14 15:08 13,146 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-04-27 10:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 13:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-10_ 2.05.44.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 00:59:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-11 13:50:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-11 01:44:36 819,200 ----a-w C:\WINDOWS\gmer.dll
- 2008-05-09 04:52:51 344,064 ---ha-w C:\WINDOWS\repair\ntuser.dat
+ 2008-05-10 13:50:25 344,064 ---ha-w C:\WINDOWS\repair\ntuser.dat
+ 2008-05-10 12:37:26 22,220 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{DB1F9AAB-E300-4591-BD59-CA2A5EC9CE38}.bin
- 2008-05-09 05:00:21 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-10 13:58:01 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-09 05:00:21 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-10 13:58:01 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-10 13:57:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051020080511\index.dat
- 2008-05-09 05:00:21 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-10 13:58:01 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-11 01:44:36 86,097 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
- 2008-05-09 04:49:08 26,860 -c--a-w C:\WINDOWS\system32\emptyregdb.dat
+ 2008-05-10 13:47:15 26,828 -c--a-w C:\WINDOWS\system32\emptyregdb.dat
- 2008-05-09 05:08:09 55,522 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-10 14:04:08 55,522 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-09 05:08:09 386,598 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-10 14:04:08 386,598 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2004-08-04 04:00:00 921,088 ----a-w C:\WINDOWS\WinSxS\InstallTemp\69057\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-15 00:37 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-03-15 00:37 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 05:00 44544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\option]
UseAlternateShell REG_DWORD 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"= cmd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"19684:TCP"= 19684:TCP:emule
"4662:TCP"= 4662:TCP:Router
"4672:UDP"= 4672:UDP:emule protocol
"4665:UDP"= 4665:UDP:source asking on servers
"4711:TCP"= 4711:TCP:webserver
"4232:TCP"= 4232:TCP:emule
"4232:UDP"= 4232:UDP:Emule
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 NeroCd2k;NeroCd2k;C:\WINDOWS\system32\drivers\NeroCd2k.sys [2001-04-16 11:54]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 12:11]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\33.tmp [2007-08-14 08:12]
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2008-03-15 00:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{cc607771-da82-11dc-8bf6-000e50f7b975}]
\Shell\AutoRun\command - E:\RavMon.exe
\Shell\explore\Command - E:\RavMon.exe -e
\Shell\open\Command - E:\RavMon.exe

*Newly Created Service* - MEMSWEEP2
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 10:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-11 13:54:45 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-19 14:09:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-04 14:09:50 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 15:54:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\33.tmp"
.
Completion time: 2008-05-11 15:56:14
ComboFix-quarantined-files.txt 2008-05-11 14:55:47
ComboFix2.txt 2008-05-10 14:28:49
ComboFix3.txt 2008-05-10 01:42:24
ComboFix4.txt 2008-05-10 01:06:03

Pre-Run: 10,710,396,928 bytes free
Post-Run: 10,712,514,560 bytes free

199 --- E O F --- 2008-05-10 12:37:13

.

Thanks for your help!!!!
Last edited by Pigmaleon; 12-May-2008 at 09:51 AM..
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

Tags
explorer startup crash

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Windows Explorer crashes on startup Erwin0265 Windows XP 11 04-May-2008 09:25 AM
Vista explorer crashes on startup derekge Windows Vista 0 15-Aug-2007 02:54 PM
Windows Explorer Crashes on Startup pmoresco Windows XP 2 01-Jul-2007 01:11 PM
Explorer.exe crashes on startup (Windows XP SP2) gaju123 Virus & Other Malware Removal 2 27-Jun-2007 01:56 PM
Explorer Crashes at startup aric49 Virus & Other Malware Removal 20 22-Oct-2004 12:03 PM


Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 05:27 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.