1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Explorer crashes and restarts over and over again.

Discussion in 'Malware and Virus Removal Archive' started by Tron, 2006/08/27.

Page 2 of 2
  1. 2006/09/01
    Tron

    Tron Inactive Thread Starter

    Joined:
    2006/08/27
    Messages:
    11
    Likes Received:
    0
    Files\Uninstall Information
    2006-07-27 20:12 -------- d-------- C:\Program Files\xerox
    2006-07-27 20:12 -------- d-------- C:\Program Files\microsoft frontpage
    2006-07-27 20:11 0 -rahs---- C:\MSDOS.SYS
    2006-07-27 20:11 0 -rahs---- C:\IO.SYS
    2006-07-27 20:11 0 --a------ C:\CONFIG.SYS
    2006-07-27 20:11 0 --a------ C:\AUTOEXEC.BAT
    2006-07-27 20:09 -------- d-------- C:\Program Files\ComPlus Applications
    2006-07-27 20:09 -------- d-------- C:\Program Files\Common Files\Services
    2006-07-27 20:09 -------- d-------- C:\Program Files\Common Files\MSSoap
    2006-07-27 20:08 -------- d-------- C:\Program Files\Online Services
    2006-07-27 20:08 -------- d-------- C:\Program Files\MSN Gaming Zone
    2006-07-27 20:08 -------- d-------- C:\Program Files\MSN
    2006-07-27 15:37 -------- d-------- C:\Program Files\Common Files\SpeechEngines
    2006-07-27 15:37 -------- d-------- C:\Program Files\Common Files\ODBC
    2006-07-27 15:36 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
    2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
    2006-07-03 17:40 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2006-07-03 17:40 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2006-07-03 17:40 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2006-07-03 17:40 620180 --a------ C:\WINDOWS\system32\DivX.dll
    2006-06-21 06:49 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
    2006-06-21 06:43 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
    2006-06-21 06:43 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2006-06-21 06:42 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2006-06-21 06:42 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
    2006-06-21 06:34 90112 --a------ C:\WINDOWS\system32\dpl100.dll
    2006-06-21 06:34 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
    2006-06-21 06:34 57344 --a------ C:\WINDOWS\system32\dpv11.dll
    2006-06-21 06:34 344064 --a------ C:\WINDOWS\system32\dpus11.dll
    2006-06-21 06:34 294912 --a------ C:\WINDOWS\system32\dpu11.dll
    2006-06-21 06:34 294912 --a------ C:\WINDOWS\system32\dpu10.dll
    2006-06-21 06:34 200704 --a------ C:\WINDOWS\system32\dtu100.dll
    2006-06-21 06:33 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2006-06-21 06:33 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
    2006-06-01 17:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
    2006-06-01 17:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
    2006-06-01 17:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
    2006-06-01 17:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
    2006-06-01 17:22 7618560 --a------ C:\WINDOWS\system32\nvcpl.dll
    2006-06-01 17:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
    2006-06-01 17:22 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll
    2006-06-01 17:22 5632000 --a------ C:\WINDOWS\system32\nvoglnt.dll
    2006-06-01 17:22 5246976 --a------ C:\WINDOWS\system32\nvdispsr.dll
    2006-06-01 17:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
    2006-06-01 17:22 462848 --a------ C:\WINDOWS\system32\nvmccssr.dll
    2006-06-01 17:22 4529408 --a------ C:\WINDOWS\system32\nv4_disp.dll
    2006-06-01 17:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
    2006-06-01 17:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
    2006-06-01 17:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
    2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
    2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
    2006-06-01 17:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
    2006-06-01 17:22 3100672 --a------ C:\WINDOWS\system32\nvgames.dll
    2006-06-01 17:22 2977792 --a------ C:\WINDOWS\system32\nvvitvsr.dll
    2006-06-01 17:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
    2006-06-01 17:22 2916352 --a------ C:\WINDOWS\system32\nvgamesr.dll
    2006-06-01 17:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
    2006-06-01 17:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
    2006-06-01 17:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
    2006-06-01 17:22 196608 --a------ C:\WINDOWS\system32\nvapi.dll
    2006-06-01 17:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
    2006-06-01 17:22 1740800 --a------ C:\WINDOWS\system32\nvwssr.dll
    2006-06-01 17:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
    2006-06-01 17:22 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
    2006-06-01 17:22 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
    2006-06-01 17:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
    2006-06-01 17:22 1466368 --a------ C:\WINDOWS\system32\nview.dll
    2006-06-01 17:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
    2006-06-01 17:22 1257472 --a------ C:\WINDOWS\system32\nvwss.dll
    2006-06-01 17:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
    2006-06-01 17:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
    "type32 "= "\ "C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\" "
    "IntelliPoint "= "\ "C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\" "
    "HostManager "= "C:\\Program Files\\Common Files\\AOL\\1154048045\\ee\\AOLSoftware.exe "
    "IPHSend "= "C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe "
    "iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
    "QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
    "NvMediaCenter "= "RunDLL32.exe NvMCTray.dll,NvTaskbarInit "
    "CTHelper "= "CTHELPER.EXE "
    "Windows Defender "= "\ "C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide "
    "DAEMON Tools "= "\ "C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033 "
    "SunJavaUpdateSched "= "C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe "
    "HP Software Update "= "C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe "
    "!ewido "= "\ "C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized "

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6 "= "\ "C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp "
    "Steam "= "\ "C:\\Program Files\\Valve\\Steam\\Steam.exe\" -silent "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "dontdisplaylastusername "=dword:00000000
    "legalnoticecaption "=" "
    "legalnoticetext "=" "
    "shutdownwithoutlogon "=dword:00000001
    "undockwithoutlogon "=dword:00000001

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion "=dword:00000110
    "DeskHtmlMinorVersion "=dword:00000005
    "Settings "=dword:00000001
    "GeneralFlags "=dword:00000001

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "= "Microsoft AntiMalware ShellExecuteHook "
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "ewido anti-spyware 4.0 "

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: Fri 09/01/2006 21:26:03.92
    ComboFix.txt
    ComboFix2.txt
     
    Tron,
    #21
  2. 2006/09/02
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    :eek: Wow....I forgot we hadn't killed all those files. My eyeballs popped outta my head when I first saw 'em!!:eek:

    Lets kill a bunch of junk.

    1) Please download the Killbox.
    Save it to the desktop and run it.

    2) Select "Delete on Reboot ", and then select "All files ".

    3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
    C:\WINDOWS\system32\fvthfgyw.exe
    C:\WINDOWS\system32\dldanvjd.exe
    C:\WINDOWS\system32\jsnapsti.exe
    C:\WINDOWS\system32\blijsdtq.exe
    C:\WINDOWS\system32\kjuululj.exe
    C:\WINDOWS\system32\xmbohopq.exe
    C:\WINDOWS\system32\vtkojeav.exe
    C:\WINDOWS\system32\mrgsrvqx.exe
    C:\WINDOWS\system32\lnvycogs.exe
    C:\WINDOWS\system32\yynrnutw.exe
    C:\WINDOWS\system32\jcxighru.exe
    C:\WINDOWS\system32\mwxmakre.exe
    C:\WINDOWS\system32\jankhpqd.exe
    C:\WINDOWS\system32\sqiophhm.exe
    C:\WINDOWS\system32\bpwkrrwo.exe
    C:\WINDOWS\system32\vrdmnmbv.exe
    C:\WINDOWS\system32\sxcpkgfv.exe
    C:\WINDOWS\system32\tdnxyhci.exe
    C:\WINDOWS\system32\degytjiq.exe
    C:\WINDOWS\system32\weevsotx.exe
    C:\WINDOWS\system32\ulnuueee.exe
    C:\WINDOWS\system32\notbigod.exe
    C:\WINDOWS\system32\hrauetsk.exe
    C:\WINDOWS\system32\mbwrqhqw.exe
    C:\WINDOWS\system32\hedtftue.exe
    C:\WINDOWS\system32\hgsgutii.exe
    C:\WINDOWS\system32\fihbnnlk.exe
    C:\WINDOWS\system32\dgrqswjn.exe
    C:\WINDOWS\system32\esatoycr.exe
    C:\WINDOWS\system32\xstefykh.exe
    C:\WINDOWS\system32\giajgbdv.exe
    C:\WINDOWS\system32\xcdvufpk.exe
    C:\WINDOWS\system32\pdfyvhtu.exe
    C:\WINDOWS\system32\onkjbtwr.exe
    C:\WINDOWS\system32\rqkklqdg.exe
    C:\WINDOWS\system32\eywnipkk.exe
    C:\WINDOWS\system32\ddargtaw.exe
    C:\WINDOWS\system32\xgmngkmg.exe
    C:\WINDOWS\system32\cpkrcoru.exe
    C:\WINDOWS\system32\bggwwkqn.exe
    C:\WINDOWS\system32\ayxjbfvx.exe
    C:\WINDOWS\system32\ygijdund.exe
    C:\WINDOWS\system32\oedglnem.exe
    C:\WINDOWS\system32\chchaahn.exe
    C:\WINDOWS\system32\ltwyvyyq.exe
    C:\WINDOWS\system32\ljltpdyk.exe
    C:\WINDOWS\system32\byoniqon.exe
    C:\WINDOWS\system32\alpsoysi.exe
    C:\WINDOWS\system32\qvuuoato.exe
    C:\WINDOWS\system32\lvtyrgur.exe
    C:\WINDOWS\system32\wnstssv.exe

    4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard ".

    5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

    Reboot and run ComboFix first, then HJT and post both logs back into this thread.
     
    TeMerc,
    #22


  3. to hide this advert.

Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...