Inactive [InActive] Cleaned trogan can't start programs from desktop winxp

attbell · 2008/11/20

Can not open programs from Desktop Icons or from Start / Programs . I can right click, RunAs, unclick Protect my computer and click OK and the program will start??
I have scan for virus and clean some Trogans. Does the same thing in Safe Mode also.
Thanks , ATTBELL

LOG ------------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Norma1 at 2008-11-19 17:15:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (35%) free of 57 GB
Total RAM: 478 MB (22% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Symantec Drmc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2008-05-22 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-03-09 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7370F91F-6994-4595-9949-601FA2261C8D}]
Gamevance Text - C:\Program Files\Gamevance\gvtl.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c1ce531-09e9-4fc5-9803-1c2956615786}]
IeCaptureBho Object - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll [2008-11-15 103936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-10-25 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-22 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨Ã£¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-12-18 817936]
{E1BACF55-35E1-4E47-9247-2D48660E5545}
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-22 262144]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-10-25 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ddoctorv2 "=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
" "= []
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-12-12 71328]
"MRT "=C:\WINDOWS\system32\MRT.exe [2008-11-03 17318336]
"Symantec NetDriver Monitor "=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2008-11-15 95960]
"Google Desktop Search "=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-15 29744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"Uniblue RegistryBooster 2009 "=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Alarm Manager.LNK - C:\Program Files\palmOne\AlarmApp.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

C:\Documents and Settings\Norma1\Start Menu\Programs\Startup
PersonalBrain 4.lnk - C:\Program Files\PersonalBrain\PersonalBrainS.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-30 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00E789E]
C:\WINDOWS\system32\__c00E789E.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-04-03 81616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe "= "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink "
"C:\WINDOWS\system32\mshta.exe "= "C:\WINDOWS\system32\mshta.exe:*isabled:Microsoft (R) HTML Application host "
"C:\Program Files\HP\HP Software Update\HPWUCli.exe "= "C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client "
"C:\Program Files\Netscape\Netscape Browser\netscape.exe "= "C:\Program Files\Netscape\Netscape Browser\netscape.exe:*:Enabled:Netscape "
"C:\Documents and Settings\Norma1\Application Data\U3\0DC116601152FA58\BBD53C04-8853-4202-B4B5-5194B0BC1696\Exec\AV\AntiVirusApplication.exe "= "C:\Documents and Settings\Norma1\Application Data\U3\0DC116601152FA58\BBD53C04-8853-4202-B4B5-5194B0BC1696\Exec\AV\AntiVirusApplication.exe:*:EnabledluginAntivirus DLL "
"C:\WINDOWS\system32\fxsclnt.exe "= "C:\WINDOWS\system32\fxsclnt.exe:*isabled:Microsoft Fax Console "
"C:\Program Files\Grisoft\AVG Free\avginet.exe "= "C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe "
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe "= "C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe "
"C:\Program Files\Grisoft\AVG Free\avgcc.exe "= "C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe "
"C:\Program Files\Grisoft\AVG Free\avgemc.exe "= "C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe "= "C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable "
"C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe "= "C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe:*:Enabled:Skyworks Ten Pin Championship Bowling "
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe "= "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax "
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe "= "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager "
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "
"D:\setup\HPZNET01.EXE "= "D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe "
"D:\setup\HPONICIFS01.EXE "= "D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe "
"C:\WINDOWS\system32\spoolsv.exe "= "C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\Program Files\Internet Explorer\iexplore.exe "= "C:\Program Files\Internet Explorer\iexplore.exe:*isabled:Internet Explorer "
"C:\WINDOWS\locker.exe "= "C:\WINDOWS\locker.exe:*:Enabled:locker "
"C:\Program Files\Real\RealPlayer\realplay.exe "= "C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer "
"C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe "= "C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f508790-1ab7-11db-ba57-00c09f4f8722}]
shell\AutoRun\command - J:\LaunchU3.exe

======File associations======

.exe - open - C:\WINDOWS\system32\drivers\spools.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-11-19 17:15:29 ----D---- C:\Program Files\trend micro
2008-11-19 17:15:28 ----D---- C:\rsit
2008-11-15 17:31:23 ----D---- C:\Program Files\SymNetDrv
2008-11-15 16:59:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-13 22:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 22:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 22:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-26 19:07:35 ----D---- C:\Program Files\Fix-It Utilities 8 (D)
2008-10-26 14:52:19 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-10-26 14:51:09 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-10-25 13:30:10 ----A---- C:\WINDOWS\rundll32.exe
2008-10-25 12:05:03 ----D---- C:\_Backup.RC
2008-10-25 07:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-25 07:18:35 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of files/folders modified in the last 1 months======

2008-11-19 17:15:29 ----RD---- C:\Program Files
2008-11-19 17:04:02 ----D---- C:\Documents and Settings\Norma1\Application Data\Google
2008-11-19 15:48:37 ----D---- C:\WINDOWS\Temp
2008-11-19 14:17:12 ----D---- C:\Documents and Settings\Norma1\Application Data\AVG7
2008-11-15 18:58:41 ----D---- C:\WINDOWS\system32
2008-11-15 18:58:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-15 18:57:19 ----D---- C:\My Download Files
2008-11-15 18:54:40 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2008-11-15 18:41:01 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-15 18:30:05 ----D---- C:\Program Files\Mozilla Firefox
2008-11-15 17:31:43 ----D---- C:\Program Files\Symantec
2008-11-15 17:31:32 ----SHD---- C:\WINDOWS\Installer
2008-11-15 17:31:23 ----HD---- C:\Config.Msi
2008-11-15 17:31:23 ----D---- C:\Program Files\Common Files
2008-11-15 17:30:59 ----D---- C:\WINDOWS\system32\drivers
2008-11-15 12:44:25 ----D---- C:\WINDOWS
2008-11-13 22:04:13 ----A---- C:\WINDOWS\system32\MRT.INI
2008-11-13 22:01:57 ----HD---- C:\WINDOWS\inf
2008-11-13 22:01:56 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-13 22:01:48 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 22:01:45 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 22:00:24 ----D---- C:\WINDOWS\WinSxS
2008-11-13 21:08:25 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-03 18:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-26 19:26:40 ----D---- C:\WINDOWS\system32\config
2008-10-26 14:52:19 ----D---- C:\Program Files\Uniblue
2008-10-26 14:52:19 ----D---- C:\Documents and Settings\Norma1\Application Data\Uniblue
2008-10-25 15:11:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-25 14:51:03 ----D---- C:\Program Files\Google
2008-10-25 12:32:18 ----D---- C:\Documents and Settings\Norma1\Application Data\Sonic
2008-10-25 12:15:22 ----N---- C:\WINDOWS\system32\xrxwiadr.dll
2008-10-25 12:15:21 ----N---- C:\WINDOWS\system32\xrxscnui.dll
2008-10-25 12:15:21 ----N---- C:\WINDOWS\system32\vfwwdm32.dll
2008-10-25 12:15:21 ----N---- C:\WINDOWS\system32\tp4mon.exe
2008-10-25 12:15:20 ----N---- C:\WINDOWS\system32\snmptrap.exe
2008-10-25 12:15:20 ----N---- C:\WINDOWS\system32\snmpmib.dll
2008-10-25 12:15:20 ----N---- C:\WINDOWS\system32\snmp.exe
2008-10-25 12:15:19 ----N---- C:\WINDOWS\system32\RW450Ext.dll
2008-10-25 12:15:19 ----N---- C:\WINDOWS\system32\RW430Ext.dll
2008-10-25 12:15:18 ----N---- C:\WINDOWS\system32\RW330Ext.dll
2008-10-25 12:15:18 ----N---- C:\WINDOWS\system32\RW001Ext.dll
2008-10-25 12:15:17 ----N---- C:\WINDOWS\system32\psisdecd.dll
2008-10-25 12:15:17 ----N---- C:\WINDOWS\system32\perm3dd.dll
2008-10-25 12:15:16 ----N---- C:\WINDOWS\system32\perm2dll.dll
2008-10-25 12:15:16 ----N---- C:\WINDOWS\system32\mtstocom.exe
2008-10-25 12:15:16 ----N---- C:\WINDOWS\system32\msiregmv.exe
2008-10-25 12:15:15 ----N---- C:\WINDOWS\system32\lprmon.dll
2008-10-25 12:15:15 ----N---- C:\WINDOWS\system32\lpdsvc.dll
2008-10-25 12:15:14 ----N---- C:\WINDOWS\system32\lmmib2.dll
2008-10-25 12:15:13 ----N---- C:\WINDOWS\system32\kdsusd.dll
2008-10-25 12:15:13 ----N---- C:\WINDOWS\system32\kdsui.dll
2008-10-25 12:15:12 ----N---- C:\WINDOWS\system32\kbdlk41j.dll
2008-10-25 12:15:12 ----N---- C:\WINDOWS\system32\kbdlk41a.dll
2008-10-25 12:15:12 ----N---- C:\WINDOWS\system32\kbdibm02.dll
2008-10-25 12:15:11 ----N---- C:\WINDOWS\system32\kbdax2.dll
2008-10-25 12:15:11 ----N---- C:\WINDOWS\system32\kbd106n.dll
2008-10-25 12:15:11 ----N---- C:\WINDOWS\system32\kbd106.dll
2008-10-25 12:15:10 ----N---- C:\WINDOWS\system32\kbd101.dll
2008-10-25 12:15:10 ----N---- C:\WINDOWS\system32\iprip.dll
2008-10-25 12:15:10 ----N---- C:\WINDOWS\system32\i81xdnt5.dll
2008-10-25 12:15:09 ----N---- C:\WINDOWS\system32\hostmib.dll
2008-10-25 12:15:09 ----N---- C:\WINDOWS\system32\f3ahvoas.dll
2008-10-25 12:15:08 ----N---- C:\WINDOWS\system32\evntwin.exe
2008-10-25 12:15:08 ----N---- C:\WINDOWS\system32\evntcmd.exe
2008-10-25 12:15:08 ----N---- C:\WINDOWS\system32\evntagnt.dll
2008-10-25 12:15:07 ----N---- C:\WINDOWS\system32\ctmasetp.dll
2008-10-25 12:15:05 ----N---- C:\WINDOWS\system32\Camext30.dll
2008-10-25 12:15:05 ----N---- C:\WINDOWS\system32\c_g18030.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-26 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-01-24 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-23 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-22 10760]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-01-24 4960]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-07 120798]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-07 98938]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-08-04 341760]
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-04-29 292352]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-04-29 274688]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-03-10 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-03-10 199552]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-11-07 94075]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2004-04-27 69504]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-26 182720]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-03-10 682624]
S2 pciinfo;HP Pci Information; \??\C:\DOCUME~1\Norma1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []
S2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRTPEL.SYS []
S3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-11-07 33847]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-05-24 50896]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-05-24 16112]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-05-24 50276]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-05-24 18928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030814.007\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030814.007\NAVEX15.SYS []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-03-05 16694]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SAVRT;SAVRT; \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRT.SYS []
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-03-22 1657344]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-26 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2007-01-24 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-22 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-12-12 255648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-12-12 235168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 OneStepSearch Service;OneStepSearch Service; C:\Program Files\OneStep\onestep.exe [2008-09-18 5632]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-10-18 585728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2003-06-24 66784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-12-12 87712]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-15 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-25 138168]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-17 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-05-24 77824]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------

noahdfear · 2008/11/20

Hi attbell

Any idea what happened to the HijackThis section of the log?

Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

attbell · 2008/11/23

combo txt file

ComboFix 08-11-23.01 - Norma1 2008-11-23 20:54:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.66 [GMT -6:00]
Running from: c:\documents and settings\Norma1\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Starware316
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware316\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware316\images\walertXP.bmp
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\Norma1\Application Data\DriveCleaner Free
c:\documents and settings\Norma1\Application Data\DriveCleaner Free\Logs\update.log
c:\documents and settings\Norma1\Application Data\Starware316
c:\documents and settings\Norma1\Application Data\Starware316\Games\GamesOptions.xml
c:\documents and settings\Norma1\Application Data\Starware316\Games\GamesOptions.xml.backup
c:\documents and settings\Norma1\Application Data\Starware316\Games\images\active\Games0.bmp
c:\documents and settings\Norma1\Application Data\Starware316\Movies\images\active\Movies0.bmp
c:\documents and settings\Norma1\Application Data\Starware316\Movies\MoviesOptions.xml
c:\documents and settings\Norma1\Application Data\Starware316\Movies\MoviesOptions.xml.backup
c:\documents and settings\Norma1\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
c:\documents and settings\Norma1\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
c:\documents and settings\Norma1\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\Norma1\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Norma1\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Norma1\Application Data\Starware316\Tem16D.tmp
c:\documents and settings\Norma1\Application Data\Starware316\Tem294.tmp
c:\documents and settings\Norma1\Application Data\Starware316\Tem3FC.tmp
c:\program files\MyWebSearch
c:\program files\Starware316
c:\program files\Starware316\bin\Starware316.dll
c:\program files\Starware316\icons\star_16.ico
c:\windows\rundll32.exe
c:\windows\system32\__c00400E6.exe
c:\windows\system32\__c0072F35.exe
c:\windows\wl.exe
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-19 17:15 . 2008-11-19 17:15 <DIR> d-------- C:\rsit
2008-11-19 17:15 . 2008-11-19 17:15 <DIR> d-------- c:\program files\trend micro
2008-11-15 17:31 . 2008-11-15 17:31 <DIR> d-------- c:\program files\SymNetDrv
2008-11-15 16:59 . 2008-11-15 17:26 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-13 21:08 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 21:08 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-26 19:07 . 2008-10-26 19:08 <DIR> d-------- c:\program files\Fix-It Utilities 8 (D)
2008-10-26 14:52 . 2008-10-26 14:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-10-26 14:51 . 2008-10-26 14:52 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-10-25 12:05 . 2008-10-25 12:05 <DIR> d-------- C:\_Backup.RC
2008-10-25 07:18 . 2008-10-15 10:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 02:59 --------- d-----w c:\program files\OneStep
2008-11-19 23:13 --------- d-----w c:\documents and settings\Norma1\Application Data\U3
2008-11-19 20:17 --------- d-----w c:\documents and settings\Norma1\Application Data\AVG7
2008-11-16 00:41 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-15 23:31 --------- d-----w c:\program files\Symantec
2008-10-26 20:52 --------- d-----w c:\program files\Uniblue
2008-10-26 20:52 --------- d-----w c:\documents and settings\Norma1\Application Data\Uniblue
2008-10-25 21:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-25 20:51 --------- d-----w c:\program files\Google
2008-10-25 18:32 --------- d-----w c:\documents and settings\Norma1\Application Data\Sonic
2008-10-25 18:14 85,248 ------w c:\windows\system32\drivers\NABTSFEC.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 00:39 --------- d-----w c:\program files\RegCure
2008-10-20 00:04 --------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-19 21:54 --------- d-----w c:\program files\CA Yahoo! Anti-Spy
2008-10-18 20:58 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-18 20:58 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-18 20:50 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-18 18:43 --------- d-----w c:\program files\Norton SystemWorks
2008-10-18 18:41 2,397 ----a-w c:\windows\system32\drivers\symlcbrd.sys
2008-10-18 02:31 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-17 03:49 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2008-10-17 01:50 --------- d-----w c:\documents and settings\Administrator\Application Data\AVG7
2008-10-15 00:58 --------- d-----w c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-10-14 01:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-13 00:44 --------- d-----w c:\program files\Windows Live Safety Center
2008-10-07 01:33 --------- d-----w c:\documents and settings\Norma1\Application Data\Share-to-Web Upload Folder
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 15:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 14:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-27 08:24 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2006-12-22 04:13 337,824 ----a-w c:\program files\Danny.sc3
2005-12-05 01:12 774,144 ----a-w c:\program files\RngInterstitial.dll
2004-08-04 08:00 94,784 --sh--w c:\windows\twain.dll
2008-04-14 00:12 50,688 --sh--w c:\windows\twain_32.dll
2008-04-14 00:12 57,344 --sh--w c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343,040 --sha-w c:\windows\system32\msvcrt.dll
2008-04-14 00:12 551,936 --sh--w c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84,992 --sh--w c:\windows\system32\olepro32.dll
2008-04-14 00:12 11,776 --sh--w c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} "= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-05-22 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-05-22 20:57 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"Uniblue RegistryBooster 2009 "= "c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ddoctorv2 "= "c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"Symantec NetDriver Monitor "= "c:\progra~1\SYMNET~1\SNDMon.exe" [2008-11-15 95960]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-15 29744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-26 219136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\mshta.exe "=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe "=
"c:\\WINDOWS\\system32\\fxsclnt.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe "=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\WINDOWS\\system32\\spoolsv.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R2 OneStep Service;OneStep Service; "c:\program files\OneStep\onestep.exe" "c:\program files\OneStep\onestep.dll" Service []
S2 pciinfo;HP Pci Information;\??\c:\docume~1\Norma1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-27 29744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe

*Newly Created Service* - GOOGLEDESKTOPMANAGER-061008-081103
.
Contents of the 'Scheduled Tasks' folder

2008-06-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 17:12]

2008-11-24 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2003-09-12 19:16]

2008-11-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 15:21]

2008-11-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 15:21]

2008-11-24 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-10 03:48]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7370F91F-6994-4595-9949-601FA2261C8D} - (no file)
Notify-__c00E789E - c:\windows\system32\__c00E789E.dat

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Norma1\Application Data\Mozilla\Firefox\Profiles\cj0pilq6.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://yahoo.com
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 21:00:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\WgaLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\OneStep\onestep.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\OneStep\onestep.exe
c:\program files\palmOne\AlarmApp.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-11-23 21:14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-24 03:14:42

Pre-Run: 20,908,199,936 bytes free
Post-Run: 20,849,278,976 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

266 --- E O F --- 2008-11-14 04:04:29

noahdfear · 2008/11/23

Looks really good. Lets remove one remaining thing that I can see. Click Start>Run and type the following bolded command (or copy it and paste it in) then hit Enter.

sc delete pciinfo

Now, lets do an online scan. Do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click View scan report at the bottom.

Click the Save Report As... button.

Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Post the Kaspersky log here.

attbell · 2008/11/25

Thanks to all, ComboFix repair my Laptop. Y'all the best.
Alex

noahdfear · 2008/11/25

Hi Alex,

Glad to hear all seems well. You're welcome.

Do you intend to do the recommended Kaspersky scan?

Log in or Sign up

Inactive [InActive] Cleaned trogan can't start programs from desktop winxp

attbell Well-Known Member Thread Starter

noahdfear Inactive

attbell Well-Known Member Thread Starter

noahdfear Inactive

attbell Well-Known Member Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Inactive [InActive] Cleaned trogan can't start programs from desktop winxp

attbell Well-Known Member Thread Starter

noahdfear Inactive

attbell Well-Known Member Thread Starter

noahdfear Inactive

attbell Well-Known Member Thread Starter

noahdfear Inactive

Share This Page

Useful Searches