Nicholas/Michael,
I've run combofix a few times now. Please see my full log file below
and let me know if this is still saying that I have problems. It says
it has deleted
c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll but when
I run it again, the new log says it has deleted it again. I cannot find
that file on my hard drive.
Thanks for all the help with this, I appreciate it.
ComboFix 10-08-09.02 - Frank 08/11/2010 9:58.4.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.2935
[GMT -4:00]
Running from: c:\documents and settings\frank\My Documents\My Completed
Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11
)))))))))))))))))))))))))))))))
.
2010-08-11 13:54 . 2010-08-11 13:54 -------- d-sh--w-
c:\documents and settings\Francis Cazabon\PrivacIE
2010-08-11 00:24 . 2010-08-11 00:24 -------- d-----w-
c:\documents and settings\Francis Cazabon\Application Data\Malwarebytes
2010-08-10 23:57 . 2010-08-10 23:57 -------- d-----w-
c:\program files\Trend Micro
2010-08-10 19:10 . 2010-08-11 13:30 -------- d-----w-
c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-10 19:10 . 2010-08-10 19:10 -------- d-----w-
c:\program files\Alwil Software
2010-08-10 19:09 . 2010-08-10 19:09 -------- d-----w-
c:\documents and settings\Francis Cazabon\Local Settings\Application
Data\Opera
2010-08-10 19:07 . 2010-08-10 19:07 -------- d-----w-
c:\documents and settings\Francis Cazabon\Application Data\Logitech
2010-08-09 01:24 . 2010-08-09 01:24 -------- d-----w-
c:\program files\CCleaner
2010-08-07 18:22 . 2010-08-07 18:26 -------- d-----w-
c:\documents and settings\frank\Application Data\QuickScan
2010-08-07 18:00 . 2010-08-07 12:13 287744 ----a-r-
c:\windows\system32\Rmvirus.exe
2010-08-06 18:05 . 2010-08-06 18:05 -------- d-sh--w-
c:\documents and settings\Francis Cazabon\IETldCache
2010-08-06 12:18 . 2010-08-10 16:30 -------- d-----w-
c:\documents and settings\frank\Local Settings\Application Data\MediaMonkey
2010-08-06 12:18 . 2010-08-06 12:19 -------- d-----w-
c:\program files\MediaMonkey
2010-08-05 20:05 . 2010-08-05 20:14 -------- d-----w-
c:\program files\ShellExView
2010-08-03 17:01 . 2010-08-03 17:01 -------- d-----w-
c:\documents and settings\NetworkService\Local Settings\Application
Data\Apple
2010-07-30 18:23 . 2010-07-30 18:23 -------- d-----w-
c:\program files\VideoLAN
2010-07-30 16:40 . 2010-07-30 16:40 -------- d-----w-
c:\temp\bhavbuti
2010-07-27 12:45 . 2010-07-27 12:45 -------- d-----w- c:\temp\Junnk
2010-07-24 12:50 . 2010-07-24 12:50 -------- d-----w-
c:\documents and settings\All Users\Application Data\Logitech
2010-07-24 12:50 . 2010-07-24 12:50 -------- d-----w-
c:\documents and settings\frank\Application Data\Leadertech
2010-07-24 12:50 . 2010-07-24 12:50 16400 ----a-w-
c:\windows\system32\drivers\LNonPnP.sys
2010-07-24 12:49 . 2008-11-07 22:55 16928 ------w-
c:\windows\system32\spmsgXP_2k3.dll
2010-07-24 12:48 . 2010-03-18 09:01 10448 ----a-w-
c:\windows\system32\drivers\LBeepKE.sys
2010-07-24 12:48 . 2010-07-24 12:51 -------- d-----w-
c:\documents and settings\All Users\Application Data\Logishrd
2010-07-24 12:42 . 2010-07-24 12:50 -------- d-----w-
c:\program files\Common Files\LogiShrd
2010-07-24 12:41 . 2010-07-24 12:50 -------- d-----w-
c:\documents and settings\frank\Application Data\Logitech
2010-07-24 12:41 . 2010-07-24 12:42 -------- d-----w-
c:\documents and settings\frank\Application Data\Logishrd
2010-07-24 12:22 . 2008-04-14 00:11 21504 -c--a-w-
c:\windows\system32\dllcache\hidserv.dll
2010-07-24 12:22 . 2008-04-14 00:11 21504 ----a-w-
c:\windows\system32\hidserv.dll
2010-07-23 20:03 . 2010-07-23 20:21 -------- d-----w- c:\temp\Dunn
2010-07-20 20:52 . 2010-07-20 20:53 -------- d-----w-
c:\documents and settings\frank\Application Data\Apple Computer
2010-07-20 20:51 . 2010-07-20 20:51 -------- d-----w-
c:\program files\QuickTime
2010-07-20 20:51 . 2010-07-20 20:51 -------- d-----w-
c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w-
c:\program files\Common Files\Apple
2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w-
c:\documents and settings\frank\Local Settings\Application Data\Apple
2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w-
c:\program files\Apple Software Update
2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w-
c:\documents and settings\All Users\Application Data\Apple
2010-07-19 17:53 . 2010-07-19 17:53 -------- d-----w-
c:\temp\vfp9sp2 hotfix
2010-07-17 12:45 . 2010-07-17 12:45 -------- d-----w-
c:\documents and settings\frank\Local Settings\Application Data\Western
Digital
2010-07-16 11:23 . 2010-07-16 11:23 -------- d-----w-
c:\program files\Common Files\Skype
2010-07-15 14:02 . 2010-07-15 14:02 12536 ----a-w-
c:\windows\system32\avgrsstx.dll
2010-07-14 06:54 . 2010-06-14 14:31 744448 -c----w-
c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 13:54 . 2008-08-23 14:23 -------- d-----w-
c:\documents and settings\All Users\Application Data\SpeedBit
2010-08-11 11:32 . 2007-01-05 20:04 -------- d-----w-
c:\documents and settings\frank\Application Data\Skype
2010-08-11 11:07 . 2008-07-30 10:57 -------- d-----w-
c:\documents and settings\frank\Application Data\skypePM
2010-08-11 04:01 . 2008-11-21 01:59 -------- d-----w-
c:\program files\LogMeIn
2010-08-10 23:57 . 2010-08-10 23:57 388096 ----a-r-
c:\documents and settings\Francis Cazabon\Application
Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-10 15:47 . 2008-12-19 20:27 95744 ----a-w- c:\documents
and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-08-10 14:05 . 2009-07-31 19:16 -------- d-----w-
c:\program files\johnsadventures.com
2010-08-10 14:05 . 2009-07-31 19:17 -------- d-----w-
c:\documents and settings\frank\Application Data\johnsadventures.com
2010-08-10 02:27 . 2010-01-13 15:54 -------- d-----w-
c:\program files\Test
2010-08-10 02:27 . 2010-01-11 15:13 -------- d-----w-
c:\program files\pdfforge Toolbar
2010-08-10 01:29 . 2008-02-29 00:41 -------- d-----w-
c:\documents and settings\All Users\Application Data\Spybot - Search &
Destroy
2010-08-10 01:19 . 2006-09-28 12:47 -------- d-----w-
c:\program files\Time and Billing
2010-08-09 18:34 . 2010-06-09 17:49 -------- d-----w-
c:\program files\Microsoft Visual FoxPro 9
2010-08-08 20:29 . 2006-09-27 19:47 -------- d-----w-
c:\program files\Microsoft Visual FoxPro 9 SP1
2010-08-08 11:54 . 2007-11-20 19:04 -------- d-----w-
c:\documents and settings\frank\Application Data\U3
2010-08-08 11:41 . 2006-09-28 13:09 -------- d-----w-
c:\program files\vmpReader
2010-08-08 01:06 . 2006-09-27 20:18 -------- d-----w-
c:\program files\Mozilla Thunderbird
2010-08-07 12:03 . 2006-05-12 20:17 -------- d-----w-
c:\program files\Common Files\Java
2010-08-07 12:02 . 2006-05-12 20:17 -------- d-----w-
c:\program files\Java
2010-08-04 13:13 . 2010-08-04 13:13 503808 ----a-w-
c:\documents and settings\frank\Application
Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2db7eaa6-n\msvcp71.dll
2010-08-04 13:13 . 2010-08-04 13:13 499712 ----a-w-
c:\documents and settings\frank\Application
Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2db7eaa6-n\jmc.dll
2010-08-04 13:13 . 2010-08-04 13:13 348160 ----a-w-
c:\documents and settings\frank\Application
Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2db7eaa6-n\msvcr71.dll
2010-08-04 13:13 . 2010-08-04 13:13 61440 ----a-w- c:\documents
and settings\frank\Application
Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-75cec3cc-n\decora-sse.dll
2010-08-04 13:13 . 2010-08-04 13:13 12800 ----a-w- c:\documents
and settings\frank\Application
Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-75cec3cc-n\decora-d3d.dll
2010-08-01 14:59 . 2009-01-08 20:25 -------- d-----w-
c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-07-27 02:30 . 2010-08-08 17:43 705208 ----a-w-
c:\documents and settings\frank\Application
Data\Mozilla\Firefox\Profiles\t06slnd1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-07-27 02:30 . 2010-08-08 17:43 978664 ----a-w-
c:\documents and settings\frank\Application
Data\Mozilla\Firefox\Profiles\t06slnd1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-07-24 12:50 . 2010-07-24 12:50 53248 ----a-r- c:\documents
and settings\frank\Application
Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-24 12:50 . 2010-07-24 12:50 0 ---ha-w-
c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-24 12:48 . 2006-09-28 12:16 -------- d-----w-
c:\program files\Logitech
2010-07-21 14:25 . 2009-02-03 20:19 -------- d-----w-
c:\documents and settings\frank\Application Data\TeamViewer
2010-07-21 12:42 . 2007-10-26 19:03 164880 ---ha-w-
c:\documents and settings\frank\Application Data\Microsoft\Virtual
PC\VPCKeyboard.dll
2010-07-20 15:59 . 2007-10-03 18:08 -------- d-----w-
c:\documents and settings\frank\Application Data\GHOSTSCRIPT
2010-07-17 09:00 . 2010-05-06 21:01 423656 ----a-w-
c:\windows\system32\deployJava1.dll
2010-07-15 19:30 . 2009-03-11 14:28 -------- d-----w-
c:\documents and settings\frank\Application Data\Winamp
2010-07-15 14:02 . 2008-05-23 10:35 243024 ----a-w-
c:\windows\system32\drivers\avgtdix.sys
2010-07-15 14:01 . 2008-05-23 10:35 216400 ----a-w-
c:\windows\system32\drivers\avgldx86.sys
2010-07-13 18:52 . 2009-03-11 14:28 -------- d-----w-
c:\program files\Winamp
2010-07-13 18:52 . 2010-01-22 13:12 -------- d-----w-
c:\program files\Winamp Detect
2010-07-12 17:45 . 2008-09-03 20:41 -------- d-----w-
c:\documents and settings\frank\Application Data\gtk-2.0
2010-07-12 14:38 . 2007-03-07 17:51 -------- d-----w-
c:\program files\Microsoft ActiveSync
2010-07-06 17:30 . 2010-07-06 17:06 -------- d-----w-
c:\documents and settings\frank\Application Data\Mp3tag
2010-07-06 17:06 . 2010-07-06 17:06 -------- d-----w-
c:\program files\Mp3tag
2010-07-03 17:31 . 2008-07-10 17:45 -------- d-----w-
c:\program files\Opera
2010-06-25 13:48 . 2009-02-19 19:33 -------- d-----w-
c:\documents and settings\frank\Application Data\FileZilla
2010-06-25 12:19 . 2010-06-25 12:17 -------- d-----w-
c:\program files\PDFCreator
2010-06-16 16:45 . 2009-06-30 13:21 -------- d-----w-
c:\program files\FileZilla FTP Client
2010-06-14 14:31 . 2006-05-12 18:55 744448 ----a-w-
c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-02 13:04 . 2008-05-23 10:35 29584 ----a-w-
c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 15:44 . 2010-07-05 18:04 3907584 ----a-w-
c:\documents and settings\frank\Application
data\mozilla\firefox\profiles\t06slnd1.default\extensions\[email protected]\plugins\npractrl.dll
2010-05-26 13:13 . 2010-05-26 13:13 503808 ----a-w-
c:\documents and settings\frank\Application
Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1555d683-n\msvcp71.dll
2010-05-26 13:13 . 2010-05-26 13:13 499712 ----a-w-
c:\documents and settings\frank\Application
Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1555d683-n\jmc.dll
2010-05-26 13:13 . 2010-05-26 13:13 348160 ----a-w-
c:\documents and settings\frank\Application
Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1555d683-n\msvcr71.dll
2010-05-26 13:13 . 2010-05-26 13:13 61440 ----a-w- c:\documents
and settings\frank\Application
Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-62aa0784-n\decora-sse.dll
2010-05-26 13:13 . 2010-05-26 13:13 12800 ----a-w- c:\documents
and settings\frank\Application
Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-62aa0784-n\decora-d3d.dll
2008-07-30 20:28 . 2008-07-30 20:28 44360 ----a-w- c:\program
files\mozilla firefox\plugins\atgpcdec.dll
2008-07-30 20:29 . 2008-07-30 20:29 107928 ----a-w- c:\program
files\mozilla firefox\plugins\atgpcext.dll
2007-09-12 14:19 . 2006-11-17 21:10 8784 ----a-w- c:\program
files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 14:22 . 2006-11-17 21:10 245408 ----a-w- c:\program
files\mozilla firefox\plugins\unicows.dll
2010-03-05 11:54 . 2008-08-23 14:25 251392 ----a-w- c:\program
files\opera\program\plugins\dapop.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program
files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2009-03-29 13:40 140880 ----a-w- c:\progra~1\DAP\dapieloader.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program
files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30
65536]
"LDM"="c:\program files\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-11-20 36864]
"LightScribe Control Panel"="c:\program files\Common
Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"TSkrMain"="c:\program files\TOSHIBA\Acceleration
Utilities\Shaker\TSkrMain.exe" [2004-06-30 49152]
"TRot.exe"="c:\program files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
[2005-11-29 266240]
"TPSODDCtl"="TPSODDCtl.exe" [2006-04-25 110592]
"TPSMain"="TPSMain.exe" [2006-04-25 315392]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-29 126976]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
[2005-05-17 49152]
"TOSDCR"="TOSDCR.EXE" [2005-12-13 57344]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14
126976]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-02-23
86016]
"TFNF5"="TFNF5.exe" [2006-04-11 622592]
"TFncKy"="TFncKy.exe" [BU]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe"
[2006-04-28 344144]
"TAcelMgr"="c:\program files\TOSHIBA\Acceleration
Utilities\TAcelMgr\TAcelMgr.exe" [2004-12-16 90112]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"TabletTip"="c:\program files\Common Files\microsoft
shared\ink\tabtip.exe" [2008-04-14 271872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java
Update\jusched.exe" [2010-05-14 248552]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming
Utility\SmoothView.exe" [2005-05-23 122880]
"SkyTel"="SkyTel.EXE" [2006-04-24 1448960]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe"
[2010-01-08 974848]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-09 16207360]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
[2007-03-15 71216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe"
[2006-05-06 30208]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"NDSTray.exe"="NDSTray.exe" [BU]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [BU]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe"
[2005-08-12 1121792]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe"
[2008-07-24 63048]
"LanguageShortcut"="c:\program
files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe"
[2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe"
[2005-11-28 602182]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26
1311312]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"CrossMenu"="c:\program files\Toshiba\CrossMenu\CrossMenu.exe"
[2006-04-12 798720]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader
9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[2010-06-09 976832]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-04-26 258048]
"000StTHK"="000StTHK.exe" [BU]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ClipX.lnk - c:\program files\ClipX\clipx.exe [2005-11-30 68608]
LaunchU3.exe.lnk -
c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_2cd672ae.exe
[2007-11-20
1078]
Microsoft Office.lnk - c:\program files\Microsoft
Office\Office10\OSA.EXE [2001-2-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-5-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 14:02 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common
Files\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 00:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common
Files\Microsoft Shared\Ink\loginkey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\psfus]
2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\TSigNP]
2006-03-02 21:51 53248 ----a-w- c:\windows\system32\TSigNP.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group
policy\state\S-1-5-21-3116592656-1382619253-2517815336-1106\Scripts\Logon\0\0]
"Script"=Logon.Bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Logitech\\Desktop
Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program
files\Microsoft
ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI
Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program
files\Microsoft
ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync
Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program
files\Microsoft
ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync
Application
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Thpdrv;TOSHIBA HDD Protection
Driver;c:\windows\system32\drivers\thpdrv.sys [12/28/2004 2:31 AM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor
Driver;c:\windows\system32\drivers\Thpevm.sys [5/12/2006 5:16 PM 6144]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 4:26
PM 35968]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID
Driver;c:\windows\system32\drivers\TBtnKey.sys [5/12/2006 4:56 PM 8832]
R3 WacomPen;Wacom Serial Pen HID
Driver;c:\windows\system32\drivers\wacompen.sys [5/12/2006 7:50 AM 14208]
S1 AvgLdx86;AVG AVI Loader Driver
x86;c:\windows\system32\drivers\avgldx86.sys [5/23/2008 6:35 AM 216400]
S1 AvgTdiX;AVG8 Network
Redirector;c:\windows\system32\drivers\avgtdix.sys [5/23/2008 6:35 AM
243024]
S1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [5/12/2006 5:05
PM 5888]
S2 Application Updater;Application Updater;c:\program files\Application
Updater\ApplicationUpdater.exe [1/8/2010 12:51 AM 380928]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe
[7/15/2010 10:02 AM 308136]
S2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite
QL\Drivers\FdRedir.sys [5/5/2006 9:00 PM 13568]
S2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common
Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 8:59 PM 33024]
S2 LBeepKE;Logitech Beep Suppression
Driver;c:\windows\system32\drivers\LBeepKE.sys [7/24/2010 8:48 AM 10448]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program
files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
S2 MSSQL$SQLEXPRESS2008;SQL Server (SQLEXPRESS2008);c:\program
files\Microsoft SQL
Server\MSSQL10.SQLEXPRESS2008\MSSQL\Binn\sqlservr.exe [8/15/2008 2:47 PM
40999448]
S2 smihlp;SMI helper driver;c:\program files\Protector Suite
QL\smihlp.sys [5/5/2006 8:33 PM 3456]
S2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [5/12/2006
5:05 PM 126976]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SpeedBit
Video Accelerator\VideoAcceleratorService.exe -start -scm -->
c:\progra~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
-start -scm [?]
S3 INIDVD;Initio USB DVD Filter
Driver;c:\windows\system32\drivers\inidvd.sys [6/4/2010 3:35 PM 7936]
S3 Netrics Search Server;Netrics Search Server;c:\program files\Netrics
Search Server\netricsd.exe [7/31/2008 11:14 AM 434176]
S3 NSS for SCB;NSS for SCB;c:\program files\Netrics Search
Server\netricsd.exe [7/31/2008 11:14 AM 434176]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program
files\Microsoft SQL Server\MSSQL.3\Reporting
Services\ReportServer\bin\ReportingServicesService.exe [12/18/2008 4:24
AM 13656]
S3 sffp_mmc;SFF Storage Protocol Driver for
MMC;c:\windows\system32\drivers\sffp_mmc.sys [5/12/2006 4:02 PM 10240]
S3 TEchoCan;Toshiba Audio
Effect;c:\windows\system32\drivers\TEchoCan.sys [5/31/2006 2:10 PM 641152]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program
files\Microsoft SQL Server\100\Shared\sqladhlp.exe [8/15/2008 2:47 PM 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program
files\Microsoft Visual Studio 8\Common7\IDE\Remote
Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys
[7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS2008;SQL Server Agent (SQLEXPRESS2008);c:\program
files\Microsoft SQL
Server\MSSQL10.SQLEXPRESS2008\MSSQL\Binn\SQLAGENT.EXE [8/15/2008 2:47 PM
369688]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 16:27 451872 ----a-w- c:\program files\Common
Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30
16:34]
2010-08-11 c:\windows\Tasks\SyncBack Firefox.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-27 22:45]
2010-08-11 c:\windows\Tasks\SyncBack Opera Profile.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-27 22:45]
2010-08-11 c:\windows\Tasks\SyncBack Outlook.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-27 22:45]
2010-08-05 c:\windows\Tasks\SyncBack SQL Server.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-27 22:45]
2010-08-11 c:\windows\Tasks\SyncBack Thunderbird.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-27 22:45]
2010-08-11 c:\windows\Tasks\SyncBack Time and Billing Management System.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-27 22:45]
2010-08-01 c:\windows\Tasks\SyncBack VFP Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-27 22:45]
2010-08-11 c:\windows\Tasks\SyncBack VFP9 Development.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-27 22:45]
2010-08-11 c:\windows\Tasks\SyncBack Visual SourceSafe.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-27 22:45]
2010-08-11 c:\windows\Tasks\SyncBack Visual Studio Projects.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-02-27 22:45]
2010-08-11
c:\windows\Tasks\User_Feed_Synchronization-{85612EBF-B196-4920-94B1-C72D86263502}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = localhost
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Google Search - c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program
files\google\GoogleToolbar2.dll/cmcache.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel -
c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
LSP: c:\progra~1\SpeedBit Video Accelerator\sblsp.dll
TCP: {095A3E7D-C4A7-4F38-99E3-AADC02DEDA39} = 200.1.104.35,200.1.104.36
TCP: {F95C9E0D-D438-45A9-8E34-63A1780A87E9} = 200.1.104.35,200.1.104.36
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
c:\program files\Logitech\Desktop
Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Francis Cazabon\Application
Data\Mozilla\Firefox\Profiles\y82oeb1v.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant:
{20a82645-c095-46ed-80e3-08825760534b} -
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js -
pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js -
pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref",
true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js -
pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js -
pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js -
pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",
"chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",
"chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js -
pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 10:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61F22E4F-B27F-AFC4-A522A9C3D24CB12E}\{1AB70131-6AEF-F29E-373C8656BA527ED6}\{4909E9D0-65F5-FEDD-EF93FC8CC6374EF9}*]
"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,
9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes
---------------------
- - - - - - - > 'winlogon.exe'(264)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\TSigNP.dll
c:\program files\Protector Suite QL\crypto.dll
- - - - - - - > 'lsass.exe'(320)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
Completion time: 2010-08-11 10:22:17
ComboFix-quarantined-files.txt 2010-08-11 14:22
ComboFix2.txt 2010-08-11 13:45
ComboFix3.txt 2010-08-11 12:36
ComboFix4.txt 2010-08-10 10:48
Pre-Run: 21,215,784,960 bytes free
Post-Run: 21,197,590,528 bytes free
- - End Of File - - 65EACA66B1C5BE2685D62D10746B2B7A
Frank.
Frank Cazabon
Samaan Systems Ltd. - Developing Solutions
www.SamaanSystems.com
Referrals are important to us.
If you know of anyone who would benefit from our services, please contact me.
We would appreciate the opportunity to work with them.
On 10/08/2010 10:48 AM, Nicholas Geti wrote:
> That list of deletions indicates serious virus infections. Probably damaged
> some Windows files.
> Delete everything in the ....\Data\Test folder.
> Download and run a registry cleaner. I use Registry Repair Pro
> http://www.3bsoftware.com/
>
> If you didn't make a recovery CD before the crash event you are probably out
> of luck. I have never been able to repair a Windows system once its files
> have been damaged.
>
> You might try a restore to an earlier date. But again I never have much luck
> with this either because backups are incremental and you must go back to the
> original backup then come forward until the most recent. Unfortunately I
> usually don't know what the original one is and often it gets erased due to
> the allotted space getting filled up.
>
>
> ----- Original Message -----
> From: "Frank Cazabon"<[email protected]>
> To:<[email protected]>
> Sent: Tuesday, August 10, 2010 10:04 AM
> Subject: Re: [NF] Windows Shell Explorer Hangs
>
>
>> Thanks Nicholas,
>>
>> I am afraid it still hung up after it ran. :(
>>
>> The problem started up on 5th August, I think after the icofx got
>> installed. Here's the first couple sections, I don't know if anything
>> will jump out at anybody:
>>
>> ComboFix 10-08-09.02 - frank 09/08/2010 22:20:19.1.2 - x86
>> Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.2287
>> [GMT -4:00]
>> Running from: c:\documents and settings\frank\Desktop\ComboFix.exe
>> .
>>
>> ((((((((((((((((((((((((((((((((((((((( Other Deletions
>> )))))))))))))))))))))))))))))))))))))))))))))))))
>> .
>>
>> c:\docume~1\frank\LOCALS~1\Temp\IadHide5.dll
>> c:\documents and settings\frank\Application Data\Test
>> c:\documents and settings\frank\Application
>> Data\Test\WcfHostWeb.dll_Url_5ua5a1vzqs3jbrbbrgzzueyjzln04f1h\1.0.0.0\user.config
>> c:\documents and settings\frank\Application
>> Data\Test\WcfHostWeb.dll_Url_hhn11402t1w3yn5l4m0eaxle1hpflkzy\1.0.0.0\user.config
>> c:\documents and settings\frank\Application
>> Data\Test\WcfHostWeb.vshost.dll_Url_5ua5a1vzqs3jbrbbrgzzueyjzln04f1h\1.0.0.0\user.config
>> c:\documents and settings\frank\Application
>> Data\Test\WcfHostWeb.vshost.dll_Url_hhn11402t1w3yn5l4m0eaxle1hpflkzy\1.0.0.0\user.config
>> c:\documents and settings\frank\g2mdlhlpx.exe
>> c:\documents and settings\frank\Local Settings\Temp\IadHide5.dll
>> c:\program files\INSTALL.LOG
>> c:\program files\pdfforge Toolbar\SearchSettings.dll
>> c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
>> c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
>> c:\program files\test\test.exe
>> c:\windows\frank.exe
>> c:\windows\My.ini
>> c:\windows\system32\Cache
>>
>> .
>> ((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10
>> )))))))))))))))))))))))))))))))
>> .
>>
>> 2010-08-09 01:24 . 2010-08-09 01:24 -------- d-----w-
>> c:\program files\CCleaner
>> 2010-08-07 18:22 . 2010-08-07 18:26 -------- d-----w-
>> c:\documents and settings\frank\Application Data\QuickScan
>> 2010-08-07 18:00 . 2010-08-07 12:13 287744 ----a-r-
>> c:\windows\system32\Rmvirus.exe
>> 2010-08-06 18:05 . 2010-08-06 18:05 -------- d-sh--w-
>> c:\documents and settings\Francis Cazabon\IETldCache
>> 2010-08-06 12:18 . 2010-08-10 01:19 -------- d-----w-
>> c:\documents and settings\frank\Local Settings\Application
>> Data\MediaMonkey
>> 2010-08-06 12:18 . 2010-08-06 12:19 -------- d-----w-
>> c:\program files\MediaMonkey
>> 2010-08-05 20:05 . 2010-08-05 20:14 -------- d-----w-
>> c:\program files\ShellExView
>> 2010-08-05 12:11 . 2010-08-05 12:14 -------- d-----w-
>> c:\documents and settings\frank\Application Data\IcoFX
>> 2010-08-05 12:11 . 2010-08-05 12:11 -------- d-----w-
>> c:\program files\IcoFX 1.6
>> 2010-08-03 17:01 . 2010-08-03 17:01 -------- d-----w-
>> c:\documents and settings\NetworkService\Local Settings\Application
>> Data\Apple
>> 2010-07-30 18:23 . 2010-07-30 18:23 -------- d-----w-
>> c:\program files\VideoLAN
>> 2010-07-30 16:40 . 2010-07-30 16:40 -------- d-----w-
>> c:\temp\bhavbuti
>> 2010-07-27 12:45 . 2010-07-27 12:45 -------- d-----w-
>> c:\temp\Junnk
>> 2010-07-24 12:50 . 2010-07-24 12:50 -------- d-----w-
>> c:\documents and settings\All Users\Application Data\Logitech
>> 2010-07-24 12:50 . 2010-07-24 12:50 -------- d-----w-
>> c:\documents and settings\frank\Application Data\Leadertech
>> 2010-07-24 12:50 . 2010-07-24 12:50 16400 ----a-w-
>> c:\windows\system32\drivers\LNonPnP.sys
>> 2010-07-24 12:49 . 2008-11-07 22:55 16928 ------w-
>> c:\windows\system32\spmsgXP_2k3.dll
>> 2010-07-24 12:48 . 2010-03-18 09:01 10448 ----a-w-
>> c:\windows\system32\drivers\LBeepKE.sys
>> 2010-07-24 12:48 . 2010-07-24 12:51 -------- d-----w-
>> c:\documents and settings\All Users\Application Data\Logishrd
>> 2010-07-24 12:42 . 2010-07-24 12:50 -------- d-----w-
>> c:\program files\Common Files\LogiShrd
>> 2010-07-24 12:41 . 2010-07-24 12:50 -------- d-----w-
>> c:\documents and settings\frank\Application Data\Logitech
>> 2010-07-24 12:41 . 2010-07-24 12:42 -------- d-----w-
>> c:\documents and settings\frank\Application Data\Logishrd
>> 2010-07-24 12:22 . 2008-04-14 00:11 21504 -c--a-w-
>> c:\windows\system32\dllcache\hidserv.dll
>> 2010-07-24 12:22 . 2008-04-14 00:11 21504 ----a-w-
>> c:\windows\system32\hidserv.dll
>> 2010-07-23 20:03 . 2010-07-23 20:21 -------- d-----w-
>> c:\temp\Dunn
>> 2010-07-20 20:52 . 2010-07-20 20:53 -------- d-----w-
>> c:\documents and settings\frank\Application Data\Apple Computer
>> 2010-07-20 20:51 . 2010-07-20 20:51 -------- d-----w-
>> c:\program files\QuickTime
>> 2010-07-20 20:51 . 2010-07-20 20:51 -------- d-----w-
>> c:\documents and settings\All Users\Application Data\Apple Computer
>> 2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w-
>> c:\program files\Common Files\Apple
>> 2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w-
>> c:\documents and settings\frank\Local Settings\Application Data\Apple
>> 2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w-
>> c:\program files\Apple Software Update
>> 2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w-
>> c:\documents and settings\All Users\Application Data\Apple
>> 2010-07-19 17:53 . 2010-07-19 17:53 -------- d-----w-
>> c:\temp\vfp9sp2 hotfix
>> 2010-07-17 12:45 . 2010-07-17 12:45 -------- d-----w-
>> c:\documents and settings\frank\Local Settings\Application Data\Western
>> Digital
>> 2010-07-16 11:23 . 2010-07-16 11:23 -------- d-----w-
>> c:\program files\Common Files\Skype
>> 2010-07-15 14:02 . 2010-07-15 14:02 12536 ----a-w-
>> c:\windows\system32\avgrsstx.dll
>> 2010-07-14 06:54 . 2010-06-14 14:31 744448 -c----w-
>> c:\windows\system32\dllcache\helpsvc.exe
>>
>> Frank.
>>
>> Frank Cazabon
>> Samaan Systems Ltd. - Developing Solutions
>> www.SamaanSystems.com
>>
>> Referrals are important to us.
>> If you know of anyone who would benefit from our services, please contact
>> me. We would appreciate the opportunity to work with them.
>>
>>
>> On 10/08/2010 09:23 AM, Nicholas Geti wrote:
>>> The first section of the log tells you what files were deleted. These are
>>> the virus-infected/damaged files.
>>> Also look in the second section for the most recent files installed.
>>> Sometimes it is obvious from the name that it may be a virus file. One
>>> time
>>> I found a bad file listed and I manually deleted it. Then ran a registry
>>> cleaner program which took out all references to that file.
>>>
>>> If you didn't see anything in the first section, then Combofix didn't
>>> find
>>> any infected files. You will have to run other software to find
>>> additional
>>> viruses.
>>>
>>> ----- Original Message -----
>>> From: "Frank Cazabon"<[email protected]>
>>> To:<[email protected]>
>>> Sent: Tuesday, August 10, 2010 7:00 AM
>>> Subject: Re: [NF] Windows Shell Explorer Hangs
>>>
>>>
>>>> Michael,
>>>>
>>>> I ran combofix and it gave me a log. I don't see it saying that it
>>>> found anything, but then I'm not "a trained user" :) Can I email it to
>>>> you to have a quick look at so you can tell me if it found anything?
>>>>
>>>> Frank.
>>>>
>>>> Frank Cazabon
>>>> Samaan Systems Ltd. - Developing Solutions
>>>> www.SamaanSystems.com
>>>>
>>>> Referrals are important to us.
>>>> If you know of anyone who would benefit from our services, please
>>>> contact
>>>> me. We would appreciate the opportunity to work with them.
>>>>
>>>>
>>>> On 08/08/2010 04:29 PM, Michael Madigan wrote:
>>>>> Here's a thought
>>>>>
>>>>> take a look at the system event log, sometimes bad disk blocks mimic
>>>>> viruses because the system tries and retries to write and read from a
>>>>> bad
>>>>> block.
>>>>>
>>>>> Then I would run ccleaner to remove all junk from the disk.
>>>>>
>>>>> Also I would run combofix once which will clean up other known issues.
>>>>> Make sure you have backup copies of everything since combofix has been
>>>>> known to identify scanner drivers as malware and delete them.
>>>>>
>>>>>
>>>>>
>>>>> --- On Sun, 8/8/10, john harvey<[email protected]> wrote:
>>>>>
>>>>>> From: john harvey<[email protected]>
>>>>>> Subject: RE: [NF] Windows Shell Explorer Hangs
>>>>>> To: "'ProFox Email List'"<[email protected]>
>>>>>> Date: Sunday, August 8, 2010, 11:54 AM
>>>>>> Dump the current after you get the
>>>>>> new one working.
>>>>>>
>>>>>> John
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: [email protected]
>>>>>> [mailto:[email protected]]
>>>>>> On Behalf
>>>>>> Of Frank Cazabon
>>>>>> Sent: Sunday, August 08, 2010 6:05 AM
>>>>>> To: [email protected]
>>>>>> Subject: Re: [NF] Windows Shell Explorer Hangs
>>>>>>
>>>>>> Hi John,
>>>>>>
>>>>>> so you are saying basically dump the user I currently use
>>>>>> and only use
>>>>>> the new one? Or just use the new one to download and
>>>>>> run avast, then I
>>>>>> can switch back to the old user?
>>>>>>
>>>>>> Frank.
>>>>>>
>>>>>> Frank Cazabon
>>>>>> Samaan Systems Ltd. - Developing Solutions
>>>>>> www.SamaanSystems.com
>>>>>>
>>>>>> Referrals are important to us.
>>>>>> If you know of anyone who would benefit from our services,
>>>>>> please contact
>>>>>> me. We would appreciate the opportunity to work with them.
>>>>>>
>>>>>>
>>>>>> On 07/08/2010 09:20 PM, john harvey wrote:
>>>>>>> I have had luck removing such by creating a new user
>>>>>> with admin rights,
>>>>>>> downloading Avast (free) and installing, choosing the
>>>>>> option to scan the
>>>>>>> entire computer before booting windows, then logging
>>>>>> in as the new user.
>>>>>> You
>>>>>>> might have to reinstall some software, but it beats
>>>>>> formatting and
>>>>>> reloading
>>>>>>> everything.
>>>>>>>
>>>>>>> John
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: [email protected]
>>>>>> [mailto:[email protected]]
>>>>>> On Behalf
>>>>>>> Of Frank Cazabon
>>>>>>> Sent: Saturday, August 07, 2010 7:38 PM
>>>>>>> To: [email protected]
>>>>>>> Subject: [NF] Windows Shell Explorer Hangs
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I recently started getting a weird one on my PC
>>>>>> (windows XP, fully up to
>>>>>>> date with Windows patches): I am not able to
>>>>>> access the taskbar, yet I
>>>>>>> can l Alt + Tab to switch between programs and I can
>>>>>> bring up Task
>>>>>>> Manager to then use the File | New Task menu option to
>>>>>> start up other
>>>>>>> programs. Sometime the hang only lasts for 10
>>>>>> minutes and then I get
>>>>>>> control back, other times I have waited longer than
>>>>>> that and then
>>>>>>> restarted the computer.
>>>>>>>
>>>>>>> This smells of a virus or malware so I ran malware
>>>>>> bytes and it fixed
>>>>>>> some problems, but this issue still happens.
>>>>>> While this was running, my
>>>>>>> antivirus said it had found a virus Win32/Elkern.C and
>>>>>> quarantined it.
>>>>>>> I then ran a full scan on my computer and it reported
>>>>>> three files signed
>>>>>>> with a broken digital signature. Using the
>>>>>> option to remove selected
>>>>>>> infections doesn't appear to do anything. I also
>>>>>> downloaded the removal
>>>>>>> tool from AVG on a non-infected PC and put the files
>>>>>> on a CD and ran it
>>>>>>> on my PC from there. No problems found.
>>>>>>>
>>>>>>> I scanned with BitDefender's on-line quickscan and it
>>>>>> didn't find any
>>>>>>> problems. I am now trying other on-line
>>>>>> scanners.
>>>>>>> Has anyone ever seen anything like this and know what
>>>>>> to do? It seems
[excessive quoting removed by server]
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message: http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
