Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[InActive] Cleaned trogan can't start programs from desktop winxp

Register FAQ Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 20th November 2008   #1
Member
 
Profile:
Join Date: Nov 2008
Posts: 6
Computer Experience:
intermediate
attbell Reputation Level
[InActive] Cleaned trogan can't start programs from desktop winxp
Can not open programs from Desktop Icons or from Start / Programs . I can right click, RunAs, unclick Protect my computer and click OK and the program will start??
I have scan for virus and clean some Trogans. Does the same thing in Safe Mode also.
Thanks , ATTBELL

LOG ------------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Norma1 at 2008-11-19 17:15:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (35%) free of 57 GB
Total RAM: 478 MB (22% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec Drmc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-05-22 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-03-09 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7370F91F-6994-4595-9949-601FA2261C8D}]
Gamevance Text - C:\Program Files\Gamevance\gvtl.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7c1ce531-09e9-4fc5-9803-1c2956615786}]
IeCaptureBho Object - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll [2008-11-15 103936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-10-25 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-22 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ăŚC - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-12-18 817936]
{E1BACF55-35E1-4E47-9247-2D48660E5545}
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-22 262144]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-10-25 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
""= []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-12-12 71328]
"MRT"=C:\WINDOWS\system32\MRT.exe [2008-11-03 17318336]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2008-11-15 95960]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-15 29744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Alarm Manager.LNK - C:\Program Files\palmOne\AlarmApp.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

C:\Documents and Settings\Norma1\Start Menu\Programs\Startup
PersonalBrain 4.lnk - C:\Program Files\PersonalBrain\PersonalBrainS.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-30 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00E789E]
C:\WINDOWS\system32\__c00E789E.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-04-03 81616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDef end]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*isabled:M icrosoft (R) HTML Application host"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\Program Files\Netscape\Netscape Browser\netscape.exe"="C:\Program Files\Netscape\Netscape Browser\netscape.exe:*:Enabled:Netscape"
"C:\Documents and Settings\Norma1\Application Data\U3\0DC116601152FA58\BBD53C04-8853-4202-B4B5-5194B0BC1696\Exec\AV\AntiVirusApplication.exe"="C:\Documents and Settings\Norma1\Application Data\U3\0DC116601152FA58\BBD53C04-8853-4202-B4B5-5194B0BC1696\Exec\AV\AntiVirusApplication.exe:*:Enabled:PluginAntivirus DLL"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*isabl ed:Microsoft Fax Console"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe"="C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe:*:Enabled:Skyworks Ten Pin Championship Bowling"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\setup\HPZNET01.EXE"="D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\setup\HPONICIFS01.EXE"="D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01. exe"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enable d:Spooler SubSystem App"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*isabled:Internet Explorer"
"C:\WINDOWS\locker.exe"="C:\WINDOWS\locker.exe:*:Enabled:locker"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe"="C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\J]
shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{2f508790-1ab7-11db-ba57-00c09f4f8722}]
shell\AutoRun\command - J:\LaunchU3.exe


======File associations======

.exe - open - C:\WINDOWS\system32\drivers\spools.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-11-19 17:15:29 ----D---- C:\Program Files\trend micro
2008-11-19 17:15:28 ----D---- C:\rsit
2008-11-15 17:31:23 ----D---- C:\Program Files\SymNetDrv
2008-11-15 16:59:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-13 22:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 22:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 22:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-26 19:07:35 ----D---- C:\Program Files\Fix-It Utilities 8 (D)
2008-10-26 14:52:19 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-10-26 14:51:09 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-10-25 13:30:10 ----A---- C:\WINDOWS\rundll32.exe
2008-10-25 12:05:03 ----D---- C:\_Backup.RC
2008-10-25 07:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-25 07:18:35 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of files/folders modified in the last 1 months======

2008-11-19 17:15:29 ----RD---- C:\Program Files
2008-11-19 17:04:02 ----D---- C:\Documents and Settings\Norma1\Application Data\Google
2008-11-19 15:48:37 ----D---- C:\WINDOWS\Temp
2008-11-19 14:17:12 ----D---- C:\Documents and Settings\Norma1\Application Data\AVG7
2008-11-15 18:58:41 ----D---- C:\WINDOWS\system32
2008-11-15 18:58:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-15 18:57:19 ----D---- C:\My Download Files
2008-11-15 18:54:40 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2008-11-15 18:41:01 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-15 18:30:05 ----D---- C:\Program Files\Mozilla Firefox
2008-11-15 17:31:43 ----D---- C:\Program Files\Symantec
2008-11-15 17:31:32 ----SHD---- C:\WINDOWS\Installer
2008-11-15 17:31:23 ----HD---- C:\Config.Msi
2008-11-15 17:31:23 ----D---- C:\Program Files\Common Files
2008-11-15 17:30:59 ----D---- C:\WINDOWS\system32\drivers
2008-11-15 12:44:25 ----D---- C:\WINDOWS
2008-11-13 22:04:13 ----A---- C:\WINDOWS\system32\MRT.INI
2008-11-13 22:01:57 ----HD---- C:\WINDOWS\inf
2008-11-13 22:01:56 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-13 22:01:48 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 22:01:45 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 22:00:24 ----D---- C:\WINDOWS\WinSxS
2008-11-13 21:08:25 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-03 18:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-26 19:26:40 ----D---- C:\WINDOWS\system32\config
2008-10-26 14:52:19 ----D---- C:\Program Files\Uniblue
2008-10-26 14:52:19 ----D---- C:\Documents and Settings\Norma1\Application Data\Uniblue
2008-10-25 15:11:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-25 14:51:03 ----D---- C:\Program Files\Google
2008-10-25 12:32:18 ----D---- C:\Documents and Settings\Norma1\Application Data\Sonic
2008-10-25 12:15:22 ----N---- C:\WINDOWS\system32\xrxwiadr.dll
2008-10-25 12:15:21 ----N---- C:\WINDOWS\system32\xrxscnui.dll
2008-10-25 12:15:21 ----N---- C:\WINDOWS\system32\vfwwdm32.dll
2008-10-25 12:15:21 ----N---- C:\WINDOWS\system32\tp4mon.exe
2008-10-25 12:15:20 ----N---- C:\WINDOWS\system32\snmptrap.exe
2008-10-25 12:15:20 ----N---- C:\WINDOWS\system32\snmpmib.dll
2008-10-25 12:15:20 ----N---- C:\WINDOWS\system32\snmp.exe
2008-10-25 12:15:19 ----N---- C:\WINDOWS\system32\RW450Ext.dll
2008-10-25 12:15:19 ----N---- C:\WINDOWS\system32\RW430Ext.dll
2008-10-25 12:15:18 ----N---- C:\WINDOWS\system32\RW330Ext.dll
2008-10-25 12:15:18 ----N---- C:\WINDOWS\system32\RW001Ext.dll
2008-10-25 12:15:17 ----N---- C:\WINDOWS\system32\psisdecd.dll
2008-10-25 12:15:17 ----N---- C:\WINDOWS\system32\perm3dd.dll
2008-10-25 12:15:16 ----N---- C:\WINDOWS\system32\perm2dll.dll
2008-10-25 12:15:16 ----N---- C:\WINDOWS\system32\mtstocom.exe
2008-10-25 12:15:16 ----N---- C:\WINDOWS\system32\msiregmv.exe
2008-10-25 12:15:15 ----N---- C:\WINDOWS\system32\lprmon.dll
2008-10-25 12:15:15 ----N---- C:\WINDOWS\system32\lpdsvc.dll
2008-10-25 12:15:14 ----N---- C:\WINDOWS\system32\lmmib2.dll
2008-10-25 12:15:13 ----N---- C:\WINDOWS\system32\kdsusd.dll
2008-10-25 12:15:13 ----N---- C:\WINDOWS\system32\kdsui.dll
2008-10-25 12:15:12 ----N---- C:\WINDOWS\system32\kbdlk41j.dll
2008-10-25 12:15:12 ----N---- C:\WINDOWS\system32\kbdlk41a.dll
2008-10-25 12:15:12 ----N---- C:\WINDOWS\system32\kbdibm02.dll
2008-10-25 12:15:11 ----N---- C:\WINDOWS\system32\kbdax2.dll
2008-10-25 12:15:11 ----N---- C:\WINDOWS\system32\kbd106n.dll
2008-10-25 12:15:11 ----N---- C:\WINDOWS\system32\kbd106.dll
2008-10-25 12:15:10 ----N---- C:\WINDOWS\system32\kbd101.dll
2008-10-25 12:15:10 ----N---- C:\WINDOWS\system32\iprip.dll
2008-10-25 12:15:10 ----N---- C:\WINDOWS\system32\i81xdnt5.dll
2008-10-25 12:15:09 ----N---- C:\WINDOWS\system32\hostmib.dll
2008-10-25 12:15:09 ----N---- C:\WINDOWS\system32\f3ahvoas.dll
2008-10-25 12:15:08 ----N---- C:\WINDOWS\system32\evntwin.exe
2008-10-25 12:15:08 ----N---- C:\WINDOWS\system32\evntcmd.exe
2008-10-25 12:15:08 ----N---- C:\WINDOWS\system32\evntagnt.dll
2008-10-25 12:15:07 ----N---- C:\WINDOWS\system32\ctmasetp.dll
2008-10-25 12:15:05 ----N---- C:\WINDOWS\system32\Camext30.dll
2008-10-25 12:15:05 ----N---- C:\WINDOWS\system32\c_g18030.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-26 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-01-24 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-23 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-22 10760]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-01-24 4960]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-07 120798]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-07 98938]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-08-04 341760]
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-04-29 292352]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-04-29 274688]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-03-10 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-03-10 199552]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-11-07 94075]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2004-04-27 69504]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-26 182720]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-03-10 682624]
S2 pciinfo;HP Pci Information; \??\C:\DOCUME~1\Norma1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []
S2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRTPEL.SYS []
S3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-11-07 33847]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-05-24 50896]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-05-24 16112]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-05-24 50276]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-05-24 18928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030814.007\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030814.007\NAVEX15.SYS []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-03-05 16694]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SAVRT;SAVRT; \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRT.SYS []
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-03-22 1657344]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-26 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-01-24 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-22 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-12-12 255648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-12-12 235168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 OneStepSearch Service;OneStepSearch Service; C:\Program Files\OneStep\onestep.exe [2008-09-18 5632]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-10-18 585728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2003-06-24 66784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-12-12 87712]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-15 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-25 138168]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-17 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-05-24 77824]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------
attbell is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 21st November 2008   #2
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Hi attbell

Any idea what happened to the HijackThis section of the log?

Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.
  • Close all open programs and windows
  • Double click ComboFix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
noahdfear is offline   Reply With Quote
Old 24th November 2008   #3
Member
 
Profile:
Join Date: Nov 2008
Posts: 6
Computer Experience:
intermediate
attbell Reputation Level
combo txt file
ComboFix 08-11-23.01 - Norma1 2008-11-23 20:54:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.66 [GMT -6:00]
Running from: c:\documents and settings\Norma1\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Starware316
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware316\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware316\images\walertXP.bmp
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\Norma1\Application Data\DriveCleaner Free
c:\documents and settings\Norma1\Application Data\DriveCleaner Free\Logs\update.log
c:\documents and settings\Norma1\Application Data\Starware316
c:\documents and settings\Norma1\Application Data\Starware316\Games\GamesOptions.xml
c:\documents and settings\Norma1\Application Data\Starware316\Games\GamesOptions.xml.backup
c:\documents and settings\Norma1\Application Data\Starware316\Games\images\active\Games0.bmp
c:\documents and settings\Norma1\Application Data\Starware316\Movies\images\active\Movies0.bmp
c:\documents and settings\Norma1\Application Data\Starware316\Movies\MoviesOptions.xml
c:\documents and settings\Norma1\Application Data\Starware316\Movies\MoviesOptions.xml.backup
c:\documents and settings\Norma1\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
c:\documents and settings\Norma1\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
c:\documents and settings\Norma1\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversM arketingSitePager0.bmp
c:\documents and settings\Norma1\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePa gerOptions.xml
c:\documents and settings\Norma1\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePa gerOptions.xml.backup
c:\documents and settings\Norma1\Application Data\Starware316\Tem16D.tmp
c:\documents and settings\Norma1\Application Data\Starware316\Tem294.tmp
c:\documents and settings\Norma1\Application Data\Starware316\Tem3FC.tmp
c:\program files\MyWebSearch
c:\program files\Starware316
c:\program files\Starware316\bin\Starware316.dll
c:\program files\Starware316\icons\star_16.ico
c:\windows\rundll32.exe
c:\windows\system32\__c00400E6.exe
c:\windows\system32\__c0072F35.exe
c:\windows\wl.exe
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-19 17:15 . 2008-11-19 17:15 <DIR> d-------- C:\rsit
2008-11-19 17:15 . 2008-11-19 17:15 <DIR> d-------- c:\program files\trend micro
2008-11-15 17:31 . 2008-11-15 17:31 <DIR> d-------- c:\program files\SymNetDrv
2008-11-15 16:59 . 2008-11-15 17:26 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-13 21:08 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 21:08 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-26 19:07 . 2008-10-26 19:08 <DIR> d-------- c:\program files\Fix-It Utilities 8 (D)
2008-10-26 14:52 . 2008-10-26 14:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-10-26 14:51 . 2008-10-26 14:52 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-10-25 12:05 . 2008-10-25 12:05 <DIR> d-------- C:\_Backup.RC
2008-10-25 07:18 . 2008-10-15 10:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 02:59 --------- d-----w c:\program files\OneStep
2008-11-19 23:13 --------- d-----w c:\documents and settings\Norma1\Application Data\U3
2008-11-19 20:17 --------- d-----w c:\documents and settings\Norma1\Application Data\AVG7
2008-11-16 00:41 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-15 23:31 --------- d-----w c:\program files\Symantec
2008-10-26 20:52 --------- d-----w c:\program files\Uniblue
2008-10-26 20:52 --------- d-----w c:\documents and settings\Norma1\Application Data\Uniblue
2008-10-25 21:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-25 20:51 --------- d-----w c:\program files\Google
2008-10-25 18:32 --------- d-----w c:\documents and settings\Norma1\Application Data\Sonic
2008-10-25 18:14 85,248 ------w c:\windows\system32\drivers\NABTSFEC.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 00:39 --------- d-----w c:\program files\RegCure
2008-10-20 00:04 --------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-19 21:54 --------- d-----w c:\program files\CA Yahoo! Anti-Spy
2008-10-18 20:58 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-18 20:58 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-18 20:50 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-18 18:43 --------- d-----w c:\program files\Norton SystemWorks
2008-10-18 18:41 2,397 ----a-w c:\windows\system32\drivers\symlcbrd.sys
2008-10-18 02:31 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-17 03:49 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2008-10-17 01:50 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7
2008-10-15 00:58 --------- d-----w c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-10-14 01:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-13 00:44 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-07 01:33 --------- d-----w c:\documents and settings\Norma1\Application Data\Share-to-Web Upload Folder
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 15:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 14:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-27 08:24 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2006-12-22 04:13 337,824 ----a-w c:\program files\Danny.sc3
2005-12-05 01:12 774,144 ----a-w c:\program files\RngInterstitial.dll
2004-08-04 08:00 94,784 --sh--w c:\windows\twain.dll
2008-04-14 00:12 50,688 --sh--w c:\windows\twain_32.dll
2008-04-14 00:12 57,344 --sh--w c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343,040 --sha-w c:\windows\system32\msvcrt.dll
2008-04-14 00:12 551,936 --sh--w c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84,992 --sh--w c:\windows\system32\olepro32.dll
2008-04-14 00:12 11,776 --sh--w c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-05-22 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-05-22 20:57 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2008-11-15 95960]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-15 29744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-26 219136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 OneStep Service;OneStep Service;"c:\program files\OneStep\onestep.exe" "c:\program files\OneStep\onestep.dll" Service []
S2 pciinfo;HP Pci Information;\??\c:\docume~1\Norma1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-27 29744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe

*Newly Created Service* - GOOGLEDESKTOPMANAGER-061008-081103
.
Contents of the 'Scheduled Tasks' folder

2008-06-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 17:12]

2008-11-24 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2003-09-12 19:16]

2008-11-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 15:21]

2008-11-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 15:21]

2008-11-24 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-10 03:48]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7370F91F-6994-4595-9949-601FA2261C8D} - (no file)
Notify-__c00E789E - c:\windows\system32\__c00E789E.dat


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Norma1\Application Data\Mozilla\Firefox\Profiles\cj0pilq6.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://yahoo.com
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 21:00:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\WgaLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\OneStep\onestep.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\OneStep\onestep.exe
c:\program files\palmOne\AlarmApp.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-11-23 21:14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-24 03:14:42

Pre-Run: 20,908,199,936 bytes free
Post-Run: 20,849,278,976 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

266 --- E O F --- 2008-11-14 04:04:29
attbell is offline   Reply With Quote
Old 24th November 2008   #4
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Looks really good. Lets remove one remaining thing that I can see. Click Start>Run and type the following bolded command (or copy it and paste it in) then hit Enter.

sc delete pciinfo


Now, lets do an online scan. Do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.
noahdfear is offline   Reply With Quote
Old 26th November 2008   #5
Member
 
Profile:
Join Date: Nov 2008
Posts: 6
Computer Experience:
intermediate
attbell Reputation Level
Thanks to all, ComboFix repair my Laptop. Y'all the best.
Alex
attbell is offline   Reply With Quote
Old 26th November 2008   #6
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,521
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Hi Alex,

Glad to hear all seems well. You're welcome.

Do you intend to do the recommended Kaspersky scan?
noahdfear is offline   Reply With Quote
Reply

« [InActive] Regcreatekeyex Error 1019 or malware? | [InActive] Problems with PC.. HJT Log included »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
log layout/size noahdfear Test Posts 34 28th March 2008 20:59
[Resolved]Also have "Cancelled due to Restrictions in effect on this computer." chip4687 Malware and Virus Removal 36 29th October 2007 05:18
[Resolved] lots of pop up in windows xp, lots of infection not sure what kind yet mva5493 Malware and Virus Removal 88 30th September 2007 23:32
looking for HJT log Spyware/Adware removal help. Shorerider Malware and Virus Removal 14 5th October 2006 03:05
Lots of spyware on my computer sugarfree311 Malware and Virus Removal 8 21st August 2006 00:49


All times are GMT +1. The time now is 01:32.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0
Copyright Š 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33