oh (expletive deleted)! I don't think I made a recovery CD, but I'll check as I may have done one ages ago. If not, should I just go straight to reformatting and starting over from scratch?
How come all these virus scans never picked up any infection? I am concerned about all the other PCs on my network now. Should I run combofix on those too? What about my backups, how can I be sure they are not infected? Would you believe in 20 years of computing, this is the first time I've ever had a virus? Frank. Frank Cazabon Samaan Systems Ltd. - Developing Solutions www.SamaanSystems.com Referrals are important to us. If you know of anyone who would benefit from our services, please contact me. We would appreciate the opportunity to work with them. On 10/08/2010 10:48 AM, Nicholas Geti wrote: > That list of deletions indicates serious virus infections. Probably damaged > some Windows files. > Delete everything in the ....\Data\Test folder. > Download and run a registry cleaner. I use Registry Repair Pro > http://www.3bsoftware.com/ > > If you didn't make a recovery CD before the crash event you are probably out > of luck. I have never been able to repair a Windows system once its files > have been damaged. > > You might try a restore to an earlier date. But again I never have much luck > with this either because backups are incremental and you must go back to the > original backup then come forward until the most recent. Unfortunately I > usually don't know what the original one is and often it gets erased due to > the allotted space getting filled up. > > > ----- Original Message ----- > From: "Frank Cazabon"<[email protected]> > To:<[email protected]> > Sent: Tuesday, August 10, 2010 10:04 AM > Subject: Re: [NF] Windows Shell Explorer Hangs > > >> Thanks Nicholas, >> >> I am afraid it still hung up after it ran. :( >> >> The problem started up on 5th August, I think after the icofx got >> installed. Here's the first couple sections, I don't know if anything >> will jump out at anybody: >> >> ComboFix 10-08-09.02 - frank 09/08/2010 22:20:19.1.2 - x86 >> Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.2287 >> [GMT -4:00] >> Running from: c:\documents and settings\frank\Desktop\ComboFix.exe >> . >> >> ((((((((((((((((((((((((((((((((((((((( Other Deletions >> ))))))))))))))))))))))))))))))))))))))))))))))))) >> . >> >> c:\docume~1\frank\LOCALS~1\Temp\IadHide5.dll >> c:\documents and settings\frank\Application Data\Test >> c:\documents and settings\frank\Application >> Data\Test\WcfHostWeb.dll_Url_5ua5a1vzqs3jbrbbrgzzueyjzln04f1h\1.0.0.0\user.config >> c:\documents and settings\frank\Application >> Data\Test\WcfHostWeb.dll_Url_hhn11402t1w3yn5l4m0eaxle1hpflkzy\1.0.0.0\user.config >> c:\documents and settings\frank\Application >> Data\Test\WcfHostWeb.vshost.dll_Url_5ua5a1vzqs3jbrbbrgzzueyjzln04f1h\1.0.0.0\user.config >> c:\documents and settings\frank\Application >> Data\Test\WcfHostWeb.vshost.dll_Url_hhn11402t1w3yn5l4m0eaxle1hpflkzy\1.0.0.0\user.config >> c:\documents and settings\frank\g2mdlhlpx.exe >> c:\documents and settings\frank\Local Settings\Temp\IadHide5.dll >> c:\program files\INSTALL.LOG >> c:\program files\pdfforge Toolbar\SearchSettings.dll >> c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll >> c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll >> c:\program files\test\test.exe >> c:\windows\frank.exe >> c:\windows\My.ini >> c:\windows\system32\Cache >> >> . >> ((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 >> ))))))))))))))))))))))))))))))) >> . >> >> 2010-08-09 01:24 . 2010-08-09 01:24 -------- d-----w- >> c:\program files\CCleaner >> 2010-08-07 18:22 . 2010-08-07 18:26 -------- d-----w- >> c:\documents and settings\frank\Application Data\QuickScan >> 2010-08-07 18:00 . 2010-08-07 12:13 287744 ----a-r- >> c:\windows\system32\Rmvirus.exe >> 2010-08-06 18:05 . 2010-08-06 18:05 -------- d-sh--w- >> c:\documents and settings\Francis Cazabon\IETldCache >> 2010-08-06 12:18 . 2010-08-10 01:19 -------- d-----w- >> c:\documents and settings\frank\Local Settings\Application >> Data\MediaMonkey >> 2010-08-06 12:18 . 2010-08-06 12:19 -------- d-----w- >> c:\program files\MediaMonkey >> 2010-08-05 20:05 . 2010-08-05 20:14 -------- d-----w- >> c:\program files\ShellExView >> 2010-08-05 12:11 . 2010-08-05 12:14 -------- d-----w- >> c:\documents and settings\frank\Application Data\IcoFX >> 2010-08-05 12:11 . 2010-08-05 12:11 -------- d-----w- >> c:\program files\IcoFX 1.6 >> 2010-08-03 17:01 . 2010-08-03 17:01 -------- d-----w- >> c:\documents and settings\NetworkService\Local Settings\Application >> Data\Apple >> 2010-07-30 18:23 . 2010-07-30 18:23 -------- d-----w- >> c:\program files\VideoLAN >> 2010-07-30 16:40 . 2010-07-30 16:40 -------- d-----w- >> c:\temp\bhavbuti >> 2010-07-27 12:45 . 2010-07-27 12:45 -------- d-----w- >> c:\temp\Junnk >> 2010-07-24 12:50 . 2010-07-24 12:50 -------- d-----w- >> c:\documents and settings\All Users\Application Data\Logitech >> 2010-07-24 12:50 . 2010-07-24 12:50 -------- d-----w- >> c:\documents and settings\frank\Application Data\Leadertech >> 2010-07-24 12:50 . 2010-07-24 12:50 16400 ----a-w- >> c:\windows\system32\drivers\LNonPnP.sys >> 2010-07-24 12:49 . 2008-11-07 22:55 16928 ------w- >> c:\windows\system32\spmsgXP_2k3.dll >> 2010-07-24 12:48 . 2010-03-18 09:01 10448 ----a-w- >> c:\windows\system32\drivers\LBeepKE.sys >> 2010-07-24 12:48 . 2010-07-24 12:51 -------- d-----w- >> c:\documents and settings\All Users\Application Data\Logishrd >> 2010-07-24 12:42 . 2010-07-24 12:50 -------- d-----w- >> c:\program files\Common Files\LogiShrd >> 2010-07-24 12:41 . 2010-07-24 12:50 -------- d-----w- >> c:\documents and settings\frank\Application Data\Logitech >> 2010-07-24 12:41 . 2010-07-24 12:42 -------- d-----w- >> c:\documents and settings\frank\Application Data\Logishrd >> 2010-07-24 12:22 . 2008-04-14 00:11 21504 -c--a-w- >> c:\windows\system32\dllcache\hidserv.dll >> 2010-07-24 12:22 . 2008-04-14 00:11 21504 ----a-w- >> c:\windows\system32\hidserv.dll >> 2010-07-23 20:03 . 2010-07-23 20:21 -------- d-----w- >> c:\temp\Dunn >> 2010-07-20 20:52 . 2010-07-20 20:53 -------- d-----w- >> c:\documents and settings\frank\Application Data\Apple Computer >> 2010-07-20 20:51 . 2010-07-20 20:51 -------- d-----w- >> c:\program files\QuickTime >> 2010-07-20 20:51 . 2010-07-20 20:51 -------- d-----w- >> c:\documents and settings\All Users\Application Data\Apple Computer >> 2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w- >> c:\program files\Common Files\Apple >> 2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w- >> c:\documents and settings\frank\Local Settings\Application Data\Apple >> 2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w- >> c:\program files\Apple Software Update >> 2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w- >> c:\documents and settings\All Users\Application Data\Apple >> 2010-07-19 17:53 . 2010-07-19 17:53 -------- d-----w- >> c:\temp\vfp9sp2 hotfix >> 2010-07-17 12:45 . 2010-07-17 12:45 -------- d-----w- >> c:\documents and settings\frank\Local Settings\Application Data\Western >> Digital >> 2010-07-16 11:23 . 2010-07-16 11:23 -------- d-----w- >> c:\program files\Common Files\Skype >> 2010-07-15 14:02 . 2010-07-15 14:02 12536 ----a-w- >> c:\windows\system32\avgrsstx.dll >> 2010-07-14 06:54 . 2010-06-14 14:31 744448 -c----w- >> c:\windows\system32\dllcache\helpsvc.exe >> >> Frank. >> >> Frank Cazabon >> Samaan Systems Ltd. - Developing Solutions >> www.SamaanSystems.com >> >> Referrals are important to us. >> If you know of anyone who would benefit from our services, please contact >> me. We would appreciate the opportunity to work with them. >> >> >> On 10/08/2010 09:23 AM, Nicholas Geti wrote: >>> The first section of the log tells you what files were deleted. These are >>> the virus-infected/damaged files. >>> Also look in the second section for the most recent files installed. >>> Sometimes it is obvious from the name that it may be a virus file. One >>> time >>> I found a bad file listed and I manually deleted it. Then ran a registry >>> cleaner program which took out all references to that file. >>> >>> If you didn't see anything in the first section, then Combofix didn't >>> find >>> any infected files. You will have to run other software to find >>> additional >>> viruses. >>> >>> ----- Original Message ----- >>> From: "Frank Cazabon"<[email protected]> >>> To:<[email protected]> >>> Sent: Tuesday, August 10, 2010 7:00 AM >>> Subject: Re: [NF] Windows Shell Explorer Hangs >>> >>> >>>> Michael, >>>> >>>> I ran combofix and it gave me a log. I don't see it saying that it >>>> found anything, but then I'm not "a trained user" :) Can I email it to >>>> you to have a quick look at so you can tell me if it found anything? >>>> >>>> Frank. >>>> >>>> Frank Cazabon >>>> Samaan Systems Ltd. - Developing Solutions >>>> www.SamaanSystems.com >>>> >>>> Referrals are important to us. >>>> If you know of anyone who would benefit from our services, please >>>> contact >>>> me. We would appreciate the opportunity to work with them. >>>> >>>> >>>> On 08/08/2010 04:29 PM, Michael Madigan wrote: >>>>> Here's a thought >>>>> >>>>> take a look at the system event log, sometimes bad disk blocks mimic >>>>> viruses because the system tries and retries to write and read from a >>>>> bad >>>>> block. >>>>> >>>>> Then I would run ccleaner to remove all junk from the disk. >>>>> >>>>> Also I would run combofix once which will clean up other known issues. >>>>> Make sure you have backup copies of everything since combofix has been >>>>> known to identify scanner drivers as malware and delete them. >>>>> >>>>> >>>>> >>>>> --- On Sun, 8/8/10, john harvey<[email protected]> wrote: >>>>> >>>>>> From: john harvey<[email protected]> >>>>>> Subject: RE: [NF] Windows Shell Explorer Hangs >>>>>> To: "'ProFox Email List'"<[email protected]> >>>>>> Date: Sunday, August 8, 2010, 11:54 AM >>>>>> Dump the current after you get the >>>>>> new one working. >>>>>> >>>>>> John >>>>>> >>>>>> -----Original Message----- >>>>>> From: [email protected] >>>>>> [mailto:[email protected]] >>>>>> On Behalf >>>>>> Of Frank Cazabon >>>>>> Sent: Sunday, August 08, 2010 6:05 AM >>>>>> To: [email protected] >>>>>> Subject: Re: [NF] Windows Shell Explorer Hangs >>>>>> >>>>>> Hi John, >>>>>> >>>>>> so you are saying basically dump the user I currently use >>>>>> and only use >>>>>> the new one? Or just use the new one to download and >>>>>> run avast, then I >>>>>> can switch back to the old user? >>>>>> >>>>>> Frank. >>>>>> >>>>>> Frank Cazabon >>>>>> Samaan Systems Ltd. - Developing Solutions >>>>>> www.SamaanSystems.com >>>>>> >>>>>> Referrals are important to us. >>>>>> If you know of anyone who would benefit from our services, >>>>>> please contact >>>>>> me. We would appreciate the opportunity to work with them. >>>>>> >>>>>> >>>>>> On 07/08/2010 09:20 PM, john harvey wrote: >>>>>>> I have had luck removing such by creating a new user >>>>>> with admin rights, >>>>>>> downloading Avast (free) and installing, choosing the >>>>>> option to scan the >>>>>>> entire computer before booting windows, then logging >>>>>> in as the new user. >>>>>> You >>>>>>> might have to reinstall some software, but it beats >>>>>> formatting and >>>>>> reloading >>>>>>> everything. >>>>>>> >>>>>>> John >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: [email protected] >>>>>> [mailto:[email protected]] >>>>>> On Behalf >>>>>>> Of Frank Cazabon >>>>>>> Sent: Saturday, August 07, 2010 7:38 PM >>>>>>> To: [email protected] >>>>>>> Subject: [NF] Windows Shell Explorer Hangs >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I recently started getting a weird one on my PC >>>>>> (windows XP, fully up to >>>>>>> date with Windows patches): I am not able to >>>>>> access the taskbar, yet I >>>>>>> can l Alt + Tab to switch between programs and I can >>>>>> bring up Task >>>>>>> Manager to then use the File | New Task menu option to >>>>>> start up other >>>>>>> programs. Sometime the hang only lasts for 10 >>>>>> minutes and then I get >>>>>>> control back, other times I have waited longer than >>>>>> that and then >>>>>>> restarted the computer. >>>>>>> >>>>>>> This smells of a virus or malware so I ran malware >>>>>> bytes and it fixed >>>>>>> some problems, but this issue still happens. >>>>>> While this was running, my >>>>>>> antivirus said it had found a virus Win32/Elkern.C and >>>>>> quarantined it. >>>>>>> I then ran a full scan on my computer and it reported >>>>>> three files signed >>>>>>> with a broken digital signature. Using the >>>>>> option to remove selected >>>>>>> infections doesn't appear to do anything. I also >>>>>> downloaded the removal >>>>>>> tool from AVG on a non-infected PC and put the files >>>>>> on a CD and ran it >>>>>>> on my PC from there. No problems found. >>>>>>> >>>>>>> I scanned with BitDefender's on-line quickscan and it >>>>>> didn't find any >>>>>>> problems. I am now trying other on-line >>>>>> scanners. >>>>>>> Has anyone ever seen anything like this and know what >>>>>> to do? It seems [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
