hijackthis.log heres my hijack log godez1

heres my highjackthis.log for yall:

Logfile of HijackThis v1.99.1
Scan saved at 5:15:55 PM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Spencer Parenteau\Desktop\Playstation\ePSXe.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Spencer Parenteau\Desktop\Classes\Philosophy 110\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{079A932E-2DF8-4D57-B0F4-383EFDD26D9C}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{297326BC-84BF-4FE1-A2CA-0CE0D20E517D}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS2\Services\Tcpip\..\{079A932E-2DF8-4D57-B0F4-383EFDD26D9C}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O17 - HKLM\System\CS3\Services\Tcpip\..\{079A932E-2DF8-4D57-B0F4-383EFDD26D9C}: NameServer = 85.255.116.131,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

.. there thats it.. i hope that is what i was suppose to do as for posting this hijack log file please do telll if i did it wrong

 

Whereas I can see something amiss in your log, I don't think it is related to your folder problems.

Lets fix whats wrong.

Please follow these instructions, exactly, for proper HJT installation. Please place HJT into ITS OWN PERMANANT FOLDER. It also needs to be removed from the desktop.

You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. (C:\HJT\HijackThis.exe)Move HijackThis.exe into this folder. When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.

Run HJT, and place a check next to the following lines, then, with all browsers and windows closed, hit 'Fix checked':


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/myway


O17 - HKLM\System\CCS\Services\Tcpip\..\{079A932E-2DF8-4D57-B0F4-383EFDD26D9C}: NameServer = 85.255.116.131,85.255.112.206

O17 - HKLM\System\CCS\Services\Tcpip\..\{297326BC-84BF-4FE1-A2CA-0CE0D20E517D}: NameServer = 85.255.116.131,85.255.112.206

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206

O17 - HKLM\System\CS2\Services\Tcpip\..\{079A932E-2DF8-4D57-B0F4-383EFDD26D9C}: NameServer = 85.255.116.131,85.255.112.206

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206

O17 - HKLM\System\CS3\Services\Tcpip\..\{079A932E-2DF8-4D57-B0F4-383EFDD26D9C}: NameServer = 85.255.116.131,85.255.112.206

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.206


Reboot, run HJT, if the above are gone, no need to repost with new log.

 

aight those are gone.. what will that help ne ways.. but ya it didnt fix my folder problemo.. lol ne more advice lol ive been fixin things left and right and to know avail lol

 

Like I said:

You have something else going on here, I'd be very surprised if it turned out to be malware. But it won't hurt to poke around some and see what we find.

Download combofix.exe

• Double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


And lets get a start up list too:

Open HJT, click the 'None of the above, just start the program' button.
Then click the 'Config' button in the lower right hand of the program.
Then select the 'Misc Tools' button.
In the upper left hand side of the program tick the two boxes 'List also minor sections (full)' button and the 'List empty sections (complete)' button and select 'Yes' when promted by the dialog box. The resultant scan will produce a notepad log file, please paste that log file back here for me to review.

 

uhh.. i ran that combofix and i got back to my comp and the desktop isnt showing up and combofix isnt in the taskbar ne more.. whats going on?

 

It wouldn't be in the taskbar once it has run. It runs and produces a log, which pops up, in notepad. Did you see any log?? The desktop does disappear breifly, but comes back.

 

but it didnt leave a log.. :S should i just run it again or wat

 

Yes, that would be fine, no harm done.

 

ok i ran it agian.. and i still cant find the log file from it.. i will try running it agian.. what would the name of the log file be? or is something wrong ... shouldnt it prompt me and say what i would like to save it as.. or were.

ps.. after i run it if i open up a folder or browser that doesnt take up the whole screen my desktop goes blank. then i have to bring up a folder or browser that takes up the whole screen to get it back whats up with that.

Another thing ive noticed is when combofix starts up the folder shows a number of diffent icons then they dissapear after it begins and the text shows up on the screen.

bah i did a search and i found it.. i couldnt search before because it was looking through My Documents and crashing. But i found it at last ill post its contents now.

Combofix Log: (i dont know if this is the log or not.. :S)
Spencer Parenteau - 06-11-02 8:51:53.73 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\combofix "

 

I'm not sure what you're doing wrong, but the log is likely to be very long. Most of what you're describing, the icons that appear and disappear is correct.

How long are you waiting before you look for it? It shouldn't take more than a few minutes to run and pop up the log.

Do you see the blue command prompt box pop up, saying that it is scanning and it will take some time, be patient, so forth?

Let me know.

 

The scan comes up and finishes (i assume it does finish not just closes cuz i dont get ne prompts that say the scan is done it just closes and dissapears.). where should i look for this log?

 

Look in the folder you installed ComboFix to, should be there.

 

nope all there is are these 3 note pad files called combofix, combofix2 and combofix3. They alll say the same thing its what i posted up above when i thought i had the log file... and there is nothign ... but the odd thing is that these text files show up in C:/*, where as my folder is like so C:/combofix/combofix.. why arent they in the folder

i just found a folder in my C drive calld sUBs and it has combofix in it.. but no logs.. maybe i need to run combofix from there.. :S

there we go i got it now here it is :

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini080806-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Tue Aug 8 12:27:54.624 2006 (GMT-6)
System Uptime: 0 days 17:58:24.098
Loading Kernel Symbols
.................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..................
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ialmdev5.DLL -
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, bf04b03a, a8737940, 0}

Probably caused by : ialmdev5.DLL ( ialmdev5!GmmGetFctTable+3e1a )

Followup: MachineOwner
---------

kd> !analyze -v;r;kv;lmtn;.logclose;q
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: bf04b03a, The address that the exception occurred at
Arg3: a8737940, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx ". The memory could not be "%s ".

FAULTING_IP:
ialmdev5!GmmGetFctTable+3e1a
bf04b03a 8908 mov dword ptr [eax],ecx

TRAP_FRAME: a8737940 -- (.trap ffffffffa8737940)
.trap ffffffffa8737940
ErrCode = 00000002
eax=00000000 ebx=828f0000 ecx=00000000 edx=00000000 esi=e103fb38 edi=e103f000
eip=bf04b03a esp=a87379b4 ebp=00000000 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
ialmdev5!GmmGetFctTable+0x3e1a:
bf04b03a 8908 mov dword ptr [eax],ecx ds:0023:00000000=????????
.trap
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: LimeWire.exe

LAST_CONTROL_TRANSFER: from 00000000 to bf04b03a

STACK_TEXT:
00000000 00000000 00000000 00000000 00000000 ialmdev5!GmmGetFctTable+0x3e1a


STACK_COMMAND: kb

FOLLOWUP_IP:
ialmdev5!GmmGetFctTable+3e1a
bf04b03a 8908 mov dword ptr [eax],ecx

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: ialmdev5

IMAGE_NAME: ialmdev5.DLL

DEBUG_FLR_IMAGE_TIMESTAMP: 435039fe

SYMBOL_NAME: ialmdev5!GmmGetFctTable+3e1a

FAILURE_BUCKET_ID: 0x8E_ialmdev5!GmmGetFctTable+3e1a

BUCKET_ID: 0x8E_ialmdev5!GmmGetFctTable+3e1a

Followup: MachineOwner
---------

eax=00000000 ebx=828f0000 ecx=00000000 edx=00000000 esi=e103fb38 edi=e103f000
eip=bf04b03a esp=a87379b4 ebp=00000000 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
ialmdev5!GmmGetFctTable+0x3e1a:
bf04b03a 8908 mov dword ptr [eax],ecx ds:0023:00000000=????????
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
00000000 00000000 00000000 00000000 00000000 ialmdev5!GmmGetFctTable+0x3e1a
start end module name
804d7000 806cd280 nt ntkrnlpa.exe Tue Mar 01 18:34:37 2005 (42250A1D)
806ce000 806ee380 hal halaacpi.dll Tue Aug 03 23:59:05 2004 (41107B29)
a86de000 a8707f00 kmixer kmixer.sys Wed Aug 04 00:07:46 2004 (41107D32)
a8f7a000 a8fba280 HTTP HTTP.sys Thu Mar 16 18:33:09 2006 (441A03C5)
a941b000 a942cee0 NAVENG NAVENG.Sys Fri Jul 28 18:07:55 2006 (44CAA6DB)
a942d000 a94f5f20 NavEx15 NavEx15.Sys Fri Jul 28 18:34:41 2006 (44CAAD21)
a94f6000 a954e000 SAVRT SAVRT.SYS Fri Aug 26 15:11:23 2005 (430F857B)
a97fb000 a980f400 wdmaud wdmaud.sys Wed Aug 04 00:15:03 2004 (41107EE7)
a98d0000 a98ded80 sysaudio sysaudio.sys Wed Aug 04 00:15:54 2004 (41107F1A)
a9c20000 a9c71400 srv srv.sys Fri Apr 21 00:12:25 2006 (444877C9)
a9cc2000 a9cee400 mrxdav mrxdav.sys Wed Aug 04 00:00:49 2004 (41107B91)
a9dd7000 a9dd9e40 mdmxsdk mdmxsdk.sys Wed Mar 17 13:04:10 2004 (4058A12A)
a9f9f000 a9fa8520 SbcpHid SbcpHid.sys Fri May 13 20:46:51 2005 (4285669B)
aa23f000 aa2578c0 tfsnudfa tfsnudfa.sys Tue May 31 16:50:00 2005 (429CEA18)
aa258000 aa270160 tfsnudf tfsnudf.sys Tue May 31 16:49:19 2005 (429CE9EF)
aa271000 aa286320 tfsnifs tfsnifs.sys Tue May 31 16:49:14 2005 (429CE9EA)
aa2a3000 aa2a6280 ndisuio ndisuio.sys Wed Aug 04 00:03:10 2004 (41107C1E)
aa2a7000 aa2aae60 AegisP AegisP.sys Fri Nov 19 14:55:14 2004 (419E5DB2)
aa2fb000 aa2feaa0 tfsnopio tfsnopio.sys Tue May 31 16:49:37 2005 (429CEA01)
aa3c7000 aa3de480 dump_atapi dump_atapi.sys Tue Aug 03 23:59:41 2004 (41107B4D)
aa3df000 aa431000 eeCtrl eeCtrl.sys Fri May 26 19:32:35 2006 (4477AC33)
aa459000 aa4c7a00 mrxsmb mrxsmb.sys Fri May 05 03:41:42 2006 (445B1DD6)
aa4c8000 aa4f2a00 rdbss rdbss.sys Fri May 05 03:47:55 2006 (445B1F4B)
aa4f3000 aa507000 SAVRTPEL SAVRTPEL.SYS Fri Aug 26 15:11:25 2005 (430F857D)
aa507000 aa528d00 afd afd.sys Wed Aug 04 00:14:13 2004 (41107EB5)
aa529000 aa550c00 netbt netbt.sys Wed Aug 04 00:14:36 2004 (41107ECC)
aa551000 aa580700 symidsco symidsco.sys Tue Jan 10 20:55:48 2006 (43C473B4)
aa581000 aa5a9dc0 SYMFW SYMFW.SYS Tue Apr 05 12:11:07 2005 (4252D4BB)
aa5aa000 aa5c6ac0 SYMEVENT SYMEVENT.SYS Mon Jan 16 13:39:30 2006 (43CBF672)
aa5c7000 aa5e7f00 ipnat ipnat.sys Wed Sep 29 16:28:36 2004 (415B3714)
aa5e8000 aa627ce0 SYMTDI SYMTDI.SYS Tue Apr 05 12:10:52 2005 (4252D4AC)
aa628000 aa67fd80 tcpip tcpip.sys Thu Apr 20 05:51:47 2006 (444775D3)
aa680000 aa692400 ipsec ipsec.sys Wed Aug 04 00:14:27 2004 (41107EC3)
aa6e3000 aa6eb7e0 tfsncofs tfsncofs.sys Tue May 31 16:49:32 2005 (429CE9FC)
aa6f3000 aa6fc5a0 drvnddm drvnddm.sys Thu Apr 21 14:43:05 2005 (42681059)
aa74b000 aa74d900 Dxapi Dxapi.sys Fri Aug 17 14:53:19 2001 (3B7D843F)
aa76d000 aa79f680 UdfReadr UdfReadr.SYS Thu Aug 01 01:16:28 2002 (3D48E04C)
bf000000 bf011580 dxg dxg.sys Wed Aug 04 00:00:51 2004 (41107B93)
bf012000 bf020000 ialmrnt5 ialmrnt5.dll Fri Oct 14 17:06:56 2005 (43503A10)
bf020000 bf042000 ialmdnt5 ialmdnt5.dll Fri Oct 14 17:06:50 2005 (43503A0A)
bf042000 bf0760a0 ialmdev5 ialmdev5.DLL Fri Oct 14 17:06:38 2005 (435039FE)
bf077000 bf15a000 ialmdd5 ialmdd5.DLL Fri Oct 14 17:14:14 2005 (43503BC6)
bf800000 bf9c1180 win32k win32k.sys Wed Oct 05 18:05:44 2005 (43446A58)
f793f000 f7941f80 mouhid mouhid.sys Fri Aug 17 14:47:57 2001 (3B7D82FD)
f7943000 f7945580 hidusb hidusb.sys Fri Aug 17 15:02:16 2001 (3B7D8658)
f794f000 f7982200 update update.sys Tue Aug 03 23:58:32 2004 (41107B08)
f7983000 f7993e00 psched psched.sys Wed Aug 04 00:04:16 2004 (41107C60)
f7994000 f79aa680 ndiswan ndiswan.sys Wed Aug 04 00:14:30 2004 (41107EC6)
f79ab000 f79d79a0 SynTP SynTP.sys Thu May 13 20:19:20 2004 (40A42CA8)
f79d8000 f7a7f400 HSF_CNXT HSF_CNXT.sys Thu Jun 17 16:55:36 2004 (40D22168)
f7a80000 f7b7e480 HSF_DP HSF_DP.sys Thu Jun 17 16:55:00 2004 (40D22144)
f7b7f000 f7bafd80 HSFHWICH HSFHWICH.sys Thu Jun 17 16:57:01 2004 (40D221BD)
f7bb0000 f7bd2680 ks ks.sys Wed Aug 04 00:15:20 2004 (41107EF8)
f7bd3000 f7bf6980 portcls portcls.sys Wed Aug 04 00:15:47 2004 (41107F13)
f7bf7000 f7c39a00 STAC97 STAC97.sys Thu Mar 10 16:56:01 2005 (4230D081)
f803a000 f805fa00 e100b325 e100b325.sys Tue Feb 10 16:49:11 2004 (40295FE7)
f8060000 f80ba180 bcmwl5 bcmwl5.sys Sat Nov 27 22:28:52 2004 (41A95404)
f80bb000 f80dde80 USBPORT USBPORT.SYS Wed Aug 04 00:08:34 2004 (41107D62)
f80de000 f80f1780 VIDEOPRT VIDEOPRT.SYS Wed Aug 04 00:07:04 2004 (41107D08)
f80f2000 f82300a0 ialmnt5 ialmnt5.sys Fri Oct 14 17:15:16 2005 (43503C04)
f8251000 f8253280 rasacd rasacd.sys Fri Aug 17 14:55:39 2001 (3B7D84CB)
f82aa000 f82c4580 Mup Mup.sys Wed Aug 04 00:15:20 2004 (41107EF8)
f82c5000 f82f1a80 NDIS NDIS.sys Wed Aug 04 00:14:27 2004 (41107EC3)
f82f2000 f837e480 Ntfs Ntfs.sys Wed Aug 04 00:15:06 2004 (41107EEA)
f837f000 f8395780 KSecDD KSecDD.sys Tue Aug 03 23:59:45 2004 (41107B51)
f8396000 f83ab0c0 drvmcdb drvmcdb.sys Fri Apr 22 16:56:10 2005 (4269810A)
f83ac000 f83bdf00 sr sr.sys Wed Aug 04 00:06:22 2004 (41107CDE)
f83be000 f83bf000 fltMgr fltMgr.sys unavailable (00000000)
f83dd000 f83f4480 atapi atapi.sys Tue Aug 03 23:59:41 2004 (41107B4D)
f83f5000 f8413880 ftdisk ftdisk.sys Fri Aug 17 14:52:41 2001 (3B7D8419)
f8414000 f8431480 pcmcia pcmcia.sys Wed Aug 04 00:07:45 2004 (41107D31)
f8432000 f8442a80 pci pci.sys Wed Aug 04 00:07:45 2004 (41107D31)
f8443000 f8470d80 ACPI ACPI.sys Wed Aug 04 00:07:35 2004 (41107D27)
f8572000 f857ac00 isapnp isapnp.sys Fri Aug 17 14:58:01 2001 (3B7D8559)
f8582000 f858c500 MountMgr MountMgr.sys Tue Aug 03 23:58:29 2004 (41107B05)
f8592000 f859ec80 VolSnap VolSnap.sys Wed Aug 04 00:00:14 2004 (41107B6E)
f85a2000 f85aae00 disk disk.sys Tue Aug 03 23:59:53 2004 (41107B59)
f85b2000 f85be200 CLASSPNP CLASSPNP.SYS Wed Aug 04 00:14:26 2004 (41107EC2)
f85f2000 f85fa700 wanarp wanarp.sys Wed Aug 04 00:04:57 2004 (41107C89)
f8602000 f860c180 SYMNDIS SYMNDIS.SYS Tue Apr 05 12:11:01 2005 (4252D4B5)
f8612000 f861a700 netbios netbios.sys Wed Aug 04 00:03:19 2004 (41107C27)
f8632000 f863a880 Fips Fips.SYS Fri Aug 17 19:31:49 2001 (3B7DC585)
f8652000 f865ad80 HIDCLASS HIDCLASS.SYS Wed Aug 04 00:08:18 2004 (41107D52)
f8662000 f8671900 Cdfs Cdfs.SYS Wed Aug 04 00:14:09 2004 (41107EB1)
f8702000 f870ad00 intelppm intelppm.sys Tue Aug 03 23:59:19 2004 (41107B37)
f8712000 f8720b80 drmk drmk.sys Wed Aug 04 00:07:54 2004 (41107D3A)
f8722000 f872ee00 i8042prt i8042prt.sys Wed Aug 04 00:14:36 2004 (41107ECC)
f8732000 f873c380 imapi imapi.sys Wed Aug 04 00:00:12 2004 (41107B6C)
f8742000 f874e180 cdrom cdrom.sys Tue Aug 03 23:59:52 2004 (41107B58)
f8752000 f8760080 redbook redbook.sys Tue Aug 03 23:59:34 2004 (41107B46)
f8762000 f876e880 rasl2tp rasl2tp.sys Wed Aug 04 00:14:21 2004 (41107EBD)
f8772000 f877c200 raspppoe raspppoe.sys Wed Aug 04 00:05:06 2004 (41107C92)
f8782000 f878dd00 raspptp raspptp.sys Wed Aug 04 00:14:26 2004 (41107EC2)
f8792000 f879a900 msgpc msgpc.sys Wed Aug 04 00:04:11 2004 (41107C5B)
f87b2000 f87bbf00 termdd termdd.sys Tue Aug 03 23:58:52 2004 (41107B1C)
f87c2000 f87cb480 NDProxy NDProxy.SYS Fri Aug 17 14:55:30 2001 (3B7D84C2)
f87e2000 f87f0100 usbhub usbhub.sys Wed Aug 04 00:08:40 2004 (41107D68)
f87f2000 f87f8200 PCIIDEX PCIIDEX.SYS Tue Aug 03 23:59:40 2004 (41107B4C)
f87fa000 f87fe900 PartMgr PartMgr.sys Fri Aug 17 19:32:23 2001 (3B7DC5A7)
f8802000 f8806e20 PxHelp20 PxHelp20.sys Tue Feb 01 17:23:42 2005 (42000F7E)
f8882000 f8888440 tfsnboio tfsnboio.sys Tue May 31 16:49:20 2005 (429CE9F0)
f88a2000 f88a7000 usbuhci usbuhci.sys Wed Aug 04 00:08:34 2004 (41107D62)
f88aa000 f88b0800 usbehci usbehci.sys Wed Aug 04 00:08:34 2004 (41107D62)
f88b2000 f88b9580 Modem Modem.SYS Wed Aug 04 00:08:04 2004 (41107D44)
f88ba000 f88bfa00 mouclass mouclass.sys Tue Aug 03 23:58:32 2004 (41107B08)
f88c2000 f88c8000 kbdclass kbdclass.sys Tue Aug 03 23:58:32 2004 (41107B08)
f88ca000 f88d1000 GEARAspiWDM GEARAspiWDM.sys Tue Feb 01 23:19:49 2005 (420062F5)
f88d2000 f88d6880 TDI TDI.SYS Wed Aug 04 00:07:47 2004 (41107D33)
f88da000 f88de580 ptilink ptilink.sys Fri Aug 17 14:49:53 2001 (3B7D8371)
f88e2000 f88e6080 raspti raspti.sys Fri Aug 17 14:55:32 2001 (3B7D84C4)
f88ea000 f88ee2c0 omci omci.sys Fri Feb 13 10:45:58 2004 (402CFF46)
f88fa000 f88ffbc0 ssrtln ssrtln.sys Fri May 13 11:37:18 2005 (4284E5CE)
f8902000 f8907200 vga vga.sys Wed Aug 04 00:07:06 2004 (41107D0A)
f890a000 f890b000 Msfs Msfs.SYS unavailable (00000000)
f8912000 f8919880 Npfs Npfs.SYS Wed Aug 04 00:00:38 2004 (41107B86)
f8922000 f89299a0 SYMIDS SYMIDS.SYS Tue Apr 05 12:11:16 2005 (4252D4C4)
f893a000 f8940180 HIDPARSE HIDPARSE.SYS Wed Aug 04 00:08:15 2004 (41107D4F)
f894a000 f894e500 watchdog watchdog.sys Wed Aug 04 00:07:32 2004 (41107D24)
f8982000 f8985000 BOOTVID BOOTVID.dll Fri Aug 17 14:49:09 2001 (3B7D8345)
f8986000 f8988480 compbatt compbatt.sys Fri Aug 17 14:57:58 2001 (3B7D8556)
f898a000 f898d700 BATTC BATTC.SYS Fri Aug 17 14:57:52 2001 (3B7D8550)
f8a12000 f8a14f60 SYMREDRV SYMREDRV.SYS Tue Apr 05 12:11:10 2005 (4252D4BE)
f8a2e000 f8a31f00 APPDRV APPDRV.SYS Wed Jun 30 09:39:34 2004 (40E2DEB6)
f8a3e000 f8a41700 CmBatt CmBatt.sys Wed Aug 04 00:07:39 2004 (41107D2B)
f8a46000 f8a48580 ndistapi ndistapi.sys Fri Aug 17 14:55:29 2001 (3B7D84C1)
f8a5a000 f8a5dc80 mssmbios mssmbios.sys Wed Aug 04 00:07:47 2004 (41107D33)
f8a72000 f8a73b80 kdcom kdcom.dll Fri Aug 17 14:49:10 2001 (3B7D8346)
f8a74000 f8a75100 WMILIB WMILIB.SYS Fri Aug 17 15:07:23 2001 (3B7D878B)
f8a76000 f8a77580 intelide intelide.sys Tue Aug 03 23:59:40 2004 (41107B4C)
f8a96000 f8a97280 USBD USBD.SYS Fri Aug 17 15:02:58 2001 (3B7D8682)
f8a98000 f8a995c0 sscdbhk5 sscdbhk5.sys Fri May 13 11:37:26 2005 (4284E5D6)
f8a9a000 f8a9b100 swenum swenum.sys Tue Aug 03 23:58:41 2004 (41107B11)
f8a9e000 f8aa0000 i2omgmt i2omgmt.SYS Wed Aug 04 00:00:50 2004 (41107B92)
f8aa2000 f8aa3000 Fs_Rec Fs_Rec.SYS unavailable (00000000)
f8aa4000 f8aa5080 Beep Beep.SYS Fri Aug 17 14:47:33 2001 (3B7D82E5)
f8aa6000 f8aa7080 mnmdd mnmdd.SYS Fri Aug 17 14:57:28 2001 (3B7D8538)
f8aa8000 f8aa9080 RDPCDD RDPCDD.sys Fri Aug 17 14:46:56 2001 (3B7D82C0)
f8aac000 f8aad620 SYMDNS SYMDNS.SYS Tue Apr 05 12:10:54 2005 (4252D4AE)
f8aba000 f8abb100 dump_WMILIB dump_WMILIB.SYS Fri Aug 17 15:07:23 2001 (3B7D878B)
f8b16000 f8b178a0 tfsnpool tfsnpool.sys Tue May 31 16:49:15 2005 (429CE9EB)
f8b3a000 f8b3ad00 pciide pciide.sys Fri Aug 17 14:51:49 2001 (3B7D83E5)
f8b75000 f8b75c00 audstub audstub.sys Fri Aug 17 14:59:40 2001 (3B7D85BC)
f8c40000 f8c40d00 dxgthk dxgthk.sys Fri Aug 17 14:53:12 2001 (3B7D8438)
f8c46000 f8c47000 Null Null.SYS unavailable (00000000)
f8cc2000 f8cc2880 tfsndres tfsndres.sys Tue May 31 16:50:05 2005 (429CEA1D)
f8cc4000 f8cc4fe0 tfsndrct tfsndrct.sys Tue May 31 16:49:36 2005 (429CEA00)

Unloaded modules:
f897a000 f8981000 DDMI2.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f885a000 f8861000 DDMI2.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f883a000 f8841000 DDMI2.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8832000 f8839000 DDMI2.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f881a000 f8821000 DDMI2.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8822000 f8829000 DDMI2.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8942000 f8949000 DDMI2.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f892a000 f8931000 DDMI2.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a87a8000 a87d2000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a970e000 a9738000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8bf5000 f8bf6000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a97d8000 a97fb000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9860000 a986d000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
a9870000 a987e000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8a86000 f8a88000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f8622000 f8632000 serial.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
f88f2000 f88f7000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
f8261000 f8264000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
Closing open log file c:\debuglog.txt

 

For the life of me I can't imagine what you're doing wrong. I have never had anyone have any trouble running the tool before and have never heard of this probelm with anyone either.

Delete all copies of ComboFix you have, remove all folders you have created and DL a fresh copy and install it as instructed. Follow the prompts and let me know what you see\do each step.

I run it out of a special folder with a bunch of other apps. If you're finding a folder called 'subs' then the tool has not run yet, it is a self deleting folder. The only folder it leaves behind is called 'QooBox'.

 

lol wats wrong with that log.. thats not it? hehe .. but ill do as u requested and delete em all aight. and ill keep u posted

and i think i have a problem .. my desktop disapears until i reboot my comp.. after running combofix that is... is this normal.. like i can get it back by simply right clicking the taskbar and clicking on show desk top but should it be like that? (when ever i open a window of any sort the desktop disapears)

 

No, that wasn't the log, you can see what one looks like here:
http://www.windowsbbs.com/showpost.php?p=316209&postcount=8

 

Hey.. uhh .. that looks like a diffent log dude.. it looks like a log file from hijack this.. are they kinda the same?

 

No, not really.

 

there is an odd folder in my C drive.. called symbols and i have no clue were its from could it be from combofix .. or hijackthis..
Another thing, will my desktop come back once combofix is done running..? Cuz i run it and it still hasnt come back ya know.. is there a certain length this thing should take.. like aroundish? Because im thinking that im may not be letting it run its full course before i start using the comp again.
(sorry if this post doenst make ne sense.. :S)
The file thats in that folder "symbols" is called ntkrnlpa.pdb

ps. thanx for this help man i really appriciate the days and days of troubleshooting youve been doing.

 

The scan shouldn't take more than a few minutes at most. I know I have run it many times with severly infected computers and it rarely takes long at all.