# windows explorer keeps popping up



## twinkl1ng (Jun 26, 2005)

Hi, I don't know why but the windows explorer thing keeps popping up, I can't press the Start button or the tabs on the bottom to change programs and my desktop is gone- 'Active Desktop Recovery.' Everytime I try to click 'Don't Send', it comes right back. I don't think this is normal.. hehe.

Here's my Logfile and thank you for any help! 

Logfile of HijackThis v1.99.1
Scan saved at 13:04, on 07-08-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\qpqwmpsA.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\WINDOWS\system32\lxbscoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [*iismfc] C:\WINDOWS\msagent\intl\iismfc.exe
O4 - HKLM\..\Run: [*netdvd] C:\WINDOWS\msagent\netdvd.exe
O4 - HKLM\..\Run: [*mfclib] C:\WINDOWS\repair\mfclib.exe
O4 - HKLM\..\Run: [*runkey] C:\WINDOWS\Drivers\USBStick\runkey.exe
O4 - HKLM\..\Run: [*tapianti] C:\WINDOWS\msagent\tapianti.exe
O4 - HKLM\..\Run: [*faxmfc] C:\WINDOWS\Web\printers\faxmfc.exe
O4 - HKLM\..\Run: [*wsvc] C:\WINDOWS\repair\wsvc.exe
O4 - HKLM\..\Run: [*infokey] C:\WINDOWS\Help\infokey.exe
O4 - HKLM\..\Run: [*nutad] C:\WINDOWS\addins\nutad.exe
O4 - HKLM\..\Run: [*dvdcom] C:\WINDOWS\dvdcom.exe
O4 - HKLM\..\Run: [*binmp3] C:\WINDOWS\inf\binmp3.exe
O4 - HKLM\..\Run: [*catsvr] C:\WINDOWS\catsvr.exe
O4 - HKLM\..\Run: [*drvxml] C:\WINDOWS\Cursors\drvxml.exe
O4 - HKLM\..\Run: [*swave] C:\WINDOWS\security\templates\swave.exe
O4 - HKLM\..\Run: [*svrcat] C:\WINDOWS\addins\svrcat.exe
O4 - HKLM\..\Run: [*fontacc] C:\WINDOWS\java\classes\fontacc.exe
O4 - HKLM\..\Run: [e9DBjMk] C:\WINDOWS\klnmhfkq.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [qpqwmpsA] C:\WINDOWS\qpqwmpsA.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,[email protected]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


----------



## Blue Zee (May 18, 2007)

It seems you may need malware expert help.

Post your HJT log at

http://forums.techguy.org/54-malware-removal-hijackthis-logs/

Zee


----------



## cybertech (Apr 16, 2002)

Closing duplicate thread.

http://forums.techguy.org/malware-removal-hijackthis-logs/631659-files-all-moved.html


----------

