Thanks Nicholas, I am afraid it still hung up after it ran. :(
The problem started up on 5th August, I think after the icofx got installed. Here's the first couple sections, I don't know if anything will jump out at anybody: ComboFix 10-08-09.02 - frank 09/08/2010 22:20:19.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.2287 [GMT -4:00] Running from: c:\documents and settings\frank\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\frank\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\frank\Application Data\Test c:\documents and settings\frank\Application Data\Test\WcfHostWeb.dll_Url_5ua5a1vzqs3jbrbbrgzzueyjzln04f1h\1.0.0.0\user.config c:\documents and settings\frank\Application Data\Test\WcfHostWeb.dll_Url_hhn11402t1w3yn5l4m0eaxle1hpflkzy\1.0.0.0\user.config c:\documents and settings\frank\Application Data\Test\WcfHostWeb.vshost.dll_Url_5ua5a1vzqs3jbrbbrgzzueyjzln04f1h\1.0.0.0\user.config c:\documents and settings\frank\Application Data\Test\WcfHostWeb.vshost.dll_Url_hhn11402t1w3yn5l4m0eaxle1hpflkzy\1.0.0.0\user.config c:\documents and settings\frank\g2mdlhlpx.exe c:\documents and settings\frank\Local Settings\Temp\IadHide5.dll c:\program files\INSTALL.LOG c:\program files\pdfforge Toolbar\SearchSettings.dll c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll c:\program files\test\test.exe c:\windows\frank.exe c:\windows\My.ini c:\windows\system32\Cache . ((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 ))))))))))))))))))))))))))))))) . 2010-08-09 01:24 . 2010-08-09 01:24 -------- d-----w- c:\program files\CCleaner 2010-08-07 18:22 . 2010-08-07 18:26 -------- d-----w- c:\documents and settings\frank\Application Data\QuickScan 2010-08-07 18:00 . 2010-08-07 12:13 287744 ----a-r- c:\windows\system32\Rmvirus.exe 2010-08-06 18:05 . 2010-08-06 18:05 -------- d-sh--w- c:\documents and settings\Francis Cazabon\IETldCache 2010-08-06 12:18 . 2010-08-10 01:19 -------- d-----w- c:\documents and settings\frank\Local Settings\Application Data\MediaMonkey 2010-08-06 12:18 . 2010-08-06 12:19 -------- d-----w- c:\program files\MediaMonkey 2010-08-05 20:05 . 2010-08-05 20:14 -------- d-----w- c:\program files\ShellExView 2010-08-05 12:11 . 2010-08-05 12:14 -------- d-----w- c:\documents and settings\frank\Application Data\IcoFX 2010-08-05 12:11 . 2010-08-05 12:11 -------- d-----w- c:\program files\IcoFX 1.6 2010-08-03 17:01 . 2010-08-03 17:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2010-07-30 18:23 . 2010-07-30 18:23 -------- d-----w- c:\program files\VideoLAN 2010-07-30 16:40 . 2010-07-30 16:40 -------- d-----w- c:\temp\bhavbuti 2010-07-27 12:45 . 2010-07-27 12:45 -------- d-----w- c:\temp\Junnk 2010-07-24 12:50 . 2010-07-24 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech 2010-07-24 12:50 . 2010-07-24 12:50 -------- d-----w- c:\documents and settings\frank\Application Data\Leadertech 2010-07-24 12:50 . 2010-07-24 12:50 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2010-07-24 12:49 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-07-24 12:48 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys 2010-07-24 12:48 . 2010-07-24 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd 2010-07-24 12:42 . 2010-07-24 12:50 -------- d-----w- c:\program files\Common Files\LogiShrd 2010-07-24 12:41 . 2010-07-24 12:50 -------- d-----w- c:\documents and settings\frank\Application Data\Logitech 2010-07-24 12:41 . 2010-07-24 12:42 -------- d-----w- c:\documents and settings\frank\Application Data\Logishrd 2010-07-24 12:22 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2010-07-24 12:22 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll 2010-07-23 20:03 . 2010-07-23 20:21 -------- d-----w- c:\temp\Dunn 2010-07-20 20:52 . 2010-07-20 20:53 -------- d-----w- c:\documents and settings\frank\Application Data\Apple Computer 2010-07-20 20:51 . 2010-07-20 20:51 -------- d-----w- c:\program files\QuickTime 2010-07-20 20:51 . 2010-07-20 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w- c:\program files\Common Files\Apple 2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w- c:\documents and settings\frank\Local Settings\Application Data\Apple 2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w- c:\program files\Apple Software Update 2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-07-19 17:53 . 2010-07-19 17:53 -------- d-----w- c:\temp\vfp9sp2 hotfix 2010-07-17 12:45 . 2010-07-17 12:45 -------- d-----w- c:\documents and settings\frank\Local Settings\Application Data\Western Digital 2010-07-16 11:23 . 2010-07-16 11:23 -------- d-----w- c:\program files\Common Files\Skype 2010-07-15 14:02 . 2010-07-15 14:02 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-14 06:54 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe Frank. Frank Cazabon Samaan Systems Ltd. - Developing Solutions www.SamaanSystems.com Referrals are important to us. If you know of anyone who would benefit from our services, please contact me. We would appreciate the opportunity to work with them. On 10/08/2010 09:23 AM, Nicholas Geti wrote: > The first section of the log tells you what files were deleted. These are > the virus-infected/damaged files. > Also look in the second section for the most recent files installed. > Sometimes it is obvious from the name that it may be a virus file. One time > I found a bad file listed and I manually deleted it. Then ran a registry > cleaner program which took out all references to that file. > > If you didn't see anything in the first section, then Combofix didn't find > any infected files. You will have to run other software to find additional > viruses. > > ----- Original Message ----- > From: "Frank Cazabon"<[email protected]> > To:<[email protected]> > Sent: Tuesday, August 10, 2010 7:00 AM > Subject: Re: [NF] Windows Shell Explorer Hangs > > >> Michael, >> >> I ran combofix and it gave me a log. I don't see it saying that it >> found anything, but then I'm not "a trained user" :) Can I email it to >> you to have a quick look at so you can tell me if it found anything? >> >> Frank. >> >> Frank Cazabon >> Samaan Systems Ltd. - Developing Solutions >> www.SamaanSystems.com >> >> Referrals are important to us. >> If you know of anyone who would benefit from our services, please contact >> me. We would appreciate the opportunity to work with them. >> >> >> On 08/08/2010 04:29 PM, Michael Madigan wrote: >>> Here's a thought >>> >>> take a look at the system event log, sometimes bad disk blocks mimic >>> viruses because the system tries and retries to write and read from a bad >>> block. >>> >>> Then I would run ccleaner to remove all junk from the disk. >>> >>> Also I would run combofix once which will clean up other known issues. >>> Make sure you have backup copies of everything since combofix has been >>> known to identify scanner drivers as malware and delete them. >>> >>> >>> >>> --- On Sun, 8/8/10, john harvey<[email protected]> wrote: >>> >>>> From: john harvey<[email protected]> >>>> Subject: RE: [NF] Windows Shell Explorer Hangs >>>> To: "'ProFox Email List'"<[email protected]> >>>> Date: Sunday, August 8, 2010, 11:54 AM >>>> Dump the current after you get the >>>> new one working. >>>> >>>> John >>>> >>>> -----Original Message----- >>>> From: [email protected] >>>> [mailto:[email protected]] >>>> On Behalf >>>> Of Frank Cazabon >>>> Sent: Sunday, August 08, 2010 6:05 AM >>>> To: [email protected] >>>> Subject: Re: [NF] Windows Shell Explorer Hangs >>>> >>>> Hi John, >>>> >>>> so you are saying basically dump the user I currently use >>>> and only use >>>> the new one? Or just use the new one to download and >>>> run avast, then I >>>> can switch back to the old user? >>>> >>>> Frank. >>>> >>>> Frank Cazabon >>>> Samaan Systems Ltd. - Developing Solutions >>>> www.SamaanSystems.com >>>> >>>> Referrals are important to us. >>>> If you know of anyone who would benefit from our services, >>>> please contact >>>> me. We would appreciate the opportunity to work with them. >>>> >>>> >>>> On 07/08/2010 09:20 PM, john harvey wrote: >>>>> I have had luck removing such by creating a new user >>>> with admin rights, >>>>> downloading Avast (free) and installing, choosing the >>>> option to scan the >>>>> entire computer before booting windows, then logging >>>> in as the new user. >>>> You >>>>> might have to reinstall some software, but it beats >>>> formatting and >>>> reloading >>>>> everything. >>>>> >>>>> John >>>>> >>>>> -----Original Message----- >>>>> From: [email protected] >>>> [mailto:[email protected]] >>>> On Behalf >>>>> Of Frank Cazabon >>>>> Sent: Saturday, August 07, 2010 7:38 PM >>>>> To: [email protected] >>>>> Subject: [NF] Windows Shell Explorer Hangs >>>>> >>>>> Hi, >>>>> >>>>> I recently started getting a weird one on my PC >>>> (windows XP, fully up to >>>>> date with Windows patches): I am not able to >>>> access the taskbar, yet I >>>>> can l Alt + Tab to switch between programs and I can >>>> bring up Task >>>>> Manager to then use the File | New Task menu option to >>>> start up other >>>>> programs. Sometime the hang only lasts for 10 >>>> minutes and then I get >>>>> control back, other times I have waited longer than >>>> that and then >>>>> restarted the computer. >>>>> >>>>> This smells of a virus or malware so I ran malware >>>> bytes and it fixed >>>>> some problems, but this issue still happens. >>>> While this was running, my >>>>> antivirus said it had found a virus Win32/Elkern.C and >>>> quarantined it. >>>>> I then ran a full scan on my computer and it reported >>>> three files signed >>>>> with a broken digital signature. Using the >>>> option to remove selected >>>>> infections doesn't appear to do anything. I also >>>> downloaded the removal >>>>> tool from AVG on a non-infected PC and put the files >>>> on a CD and ran it >>>>> on my PC from there. No problems found. >>>>> >>>>> I scanned with BitDefender's on-line quickscan and it >>>> didn't find any >>>>> problems. I am now trying other on-line >>>> scanners. >>>>> Has anyone ever seen anything like this and know what >>>> to do? It seems [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
