Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows Task Manager or Ad-Aware will not open

Posted on 2009-12-21
7
Medium Priority
?
584 Views
Last Modified: 2012-05-08
Had some malware, and now now task manager or lavasoft adaware wont open. Its not disabled, just wont open. I downloaded procexp.exe and i can see taskmanager there running, but it wont open. I had Norton up to date and did not find any viruses, and spy bot got rid of the malware so PC seems clean now. Any ideas? Thanks!
0
Comment
Question by:Cubbybulin
7 Comments
 
LVL 10

Expert Comment

by:jasfout
ID: 26098376
It is likely that your are either still infected, have corrupted system files, or both.
A few things to try:
System Restore to a date when it was working properly.
From command line: chkdsk /f.
From run box with XP cd handy:  sfc /scannow
Slave the drive to another machine and do a thorough malware scan of the drive.
Window Repair Install.
Nuke & Pave.
0
 
LVL 1

Accepted Solution

by:
CooGuru earned 1200 total points
ID: 26098530
I would Suggest downloading ComboFix to your desktop, Disable all Antivirus, then run the app directly from your desktop.  This app will run itself via the CMDPromp, and fix many if these issues.
0
 
LVL 22

Assisted Solution

by:optoma
optoma earned 400 total points
ID: 26100174
What malware was removed?
If other scanners are unable to open try renaming them prior to saving them to the desktop. For example rename Combofix.exe to fc.exe

You can also try Malwarebytes and also rename it prior to saving it. Rename to bm.exe.

Attach both logfiles here after as Combofix's logfile can then be reviewed by other experts

Malwarebytes http://www.malwarebytes.org/mbam-download.php
Combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 400 total points
ID: 26104089
You can also use TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
The user can then post the log to be analyzed.
 
IF some nasties blocked Combofix, MBAM or any .exes from executing then rename(as suggested) prior to downloading the file.

If you can't run .exes in an infected system:
http://www.experts-exchange.com/articles/Software/Internet_Email/Anti-Virus/CAN%27T-RUN-EXES-IN-AN-INFECTED-SYSTEM.html 



0
 

Author Comment

by:Cubbybulin
ID: 26104476
I ran combofix (I had to rename it) and now task manager comes up and ad-aware is running! YEAY!
Here is the log:

ComboFix 09-12-21.04 - Administrator 12/22/2009   8:18.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1429 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ab.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\BLACKB~1\System\NTSVc.ocx
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\system32\regsvr.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BHDRVX86
-------\Service_BHDrvx86


(((((((((((((((((((((((((   Files Created from 2009-11-22 to 2009-12-22  )))))))))))))))))))))))))))))))
.

2009-12-22 13:03 . 2009-12-02 13:19      64288      ----a-w-      c:\windows\system32\drivers\Lbd.sys
2009-12-22 13:02 . 2009-12-22 13:02      --------      dc-h--w-      c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-22 13:01 . 2009-12-22 13:01      --------      d-----w-      c:\program files\Lavasoft
2009-12-21 19:23 . 2004-08-04 10:00      4677      ----a-w-      c:\windows\system32\dllcache\zeeverm.dll
2009-12-21 19:23 . 2004-08-04 10:00      29760      ----a-w-      c:\windows\system32\dllcache\znetm.dll
2009-12-21 19:23 . 2004-08-04 10:00      13894      ----a-w-      c:\windows\system32\dllcache\zonelibm.dll
2009-12-21 19:23 . 2004-08-04 10:00      113222      ----a-w-      c:\windows\system32\dllcache\zoneclim.dll
2009-12-21 19:23 . 2004-08-04 10:00      41029      ----a-w-      c:\windows\system32\dllcache\zcorem.dll
2009-12-21 19:23 . 2004-08-04 10:00      36937      ----a-w-      c:\windows\system32\dllcache\zclientm.exe
2009-12-21 19:23 . 2008-04-14 01:12      116224      ----a-w-      c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-21 19:23 . 2001-08-18 03:36      23040      ----a-w-      c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-21 19:23 . 2008-04-14 01:12      18944      ----a-w-      c:\windows\system32\dllcache\xrxscnui.dll
2009-12-21 19:23 . 2001-08-18 03:37      27648      ----a-w-      c:\windows\system32\dllcache\xrxftplt.exe
2009-12-21 19:23 . 2001-08-18 03:37      4608      ----a-w-      c:\windows\system32\dllcache\xrxflnch.exe
2009-12-21 19:22 . 2001-08-18 03:37      99865      ----a-w-      c:\windows\system32\dllcache\xlog.exe
2009-12-21 19:22 . 2001-08-17 17:11      16970      ----a-w-      c:\windows\system32\dllcache\xem336n5.sys
2009-12-21 19:22 . 2004-08-04 03:29      19455      ----a-w-      c:\windows\system32\dllcache\wvchntxx.sys
2009-12-21 19:22 . 2008-04-13 19:46      19200      ----a-w-      c:\windows\system32\dllcache\wstcodec.sys
2009-12-21 19:22 . 2004-08-04 03:29      12063      ----a-w-      c:\windows\system32\dllcache\wsiintxx.sys
2009-12-21 19:22 . 2008-04-14 01:12      8192      ----a-w-      c:\windows\system32\dllcache\wshirda.dll
2009-12-21 19:22 . 2008-04-13 19:36      8832      ----a-w-      c:\windows\system32\dllcache\wmiacpi.sys
2009-12-21 19:22 . 2004-08-04 03:31      154624      ----a-w-      c:\windows\system32\dllcache\wlluc48.sys
2009-12-21 19:22 . 2001-08-17 17:12      34890      ----a-w-      c:\windows\system32\dllcache\wlandrv2.sys
2009-12-21 19:22 . 2001-08-17 18:28      771581      ----a-w-      c:\windows\system32\dllcache\winacisa.sys
2009-12-21 19:22 . 2001-08-18 03:36      53760      ----a-w-      c:\windows\system32\dllcache\wiamsmud.dll
2009-12-21 19:20 . 2001-08-17 18:49      24576      ----a-w-      c:\windows\system32\dllcache\viairda.sys
2009-12-21 19:19 . 2001-08-18 03:36      26624      ----a-w-      c:\windows\system32\dllcache\umaxu22.dll
2009-12-21 19:18 . 2001-08-17 17:12      34375      ----a-w-      c:\windows\system32\dllcache\tpro4.sys
2009-12-21 19:17 . 2001-08-17 17:50      36640      ----a-w-      c:\windows\system32\dllcache\t2r4mini.sys
2009-12-21 19:16 . 2004-08-04 10:00      101376      ----a-w-      c:\windows\system32\dllcache\srusbusd.dll
2009-12-21 19:15 . 2001-08-17 17:10      35913      ----a-w-      c:\windows\system32\dllcache\smcirda.sys
2009-12-21 19:14 . 2001-08-17 17:50      68608      ----a-w-      c:\windows\system32\dllcache\sis6306p.sys
2009-12-21 19:13 . 2001-08-17 18:51      23936      ----a-w-      c:\windows\system32\dllcache\sccmusbm.sys
2009-12-21 19:12 . 2004-08-04 10:00      753236      ----a-w-      c:\windows\system32\dllcache\rvseres.dll
2009-12-21 19:11 . 2008-04-13 19:40      6016      ----a-w-      c:\windows\system32\dllcache\qic157.sys
2009-12-21 19:10 . 2001-08-18 03:36      16384      ----a-w-      c:\windows\system32\dllcache\philcam1.dll
2009-12-21 19:09 . 2001-08-17 19:05      28032      ----a-w-      c:\windows\system32\dllcache\ovcd.sys
2009-12-21 19:08 . 2001-08-17 17:20      126080      ----a-w-      c:\windows\system32\dllcache\nm5a2wdm.sys
2009-12-21 19:07 . 2001-08-18 03:36      19968      ----a-w-      c:\windows\system32\dllcache\mxicfg.dll
2009-12-21 19:07 . 2001-08-17 18:50      21888      ----a-w-      c:\windows\system32\dllcache\mxcard.sys
2009-12-21 19:07 . 2004-08-04 10:00      229439      ----a-w-      c:\windows\system32\dllcache\multibox.dll
2009-12-21 19:07 . 2001-08-17 17:50      103296      ----a-w-      c:\windows\system32\dllcache\mtxvideo.sys
2009-12-21 19:07 . 2008-04-13 19:39      5504      ----a-w-      c:\windows\system32\dllcache\mstee.sys
2009-12-21 19:07 . 2008-04-13 19:46      49024      ----a-w-      c:\windows\system32\dllcache\mstape.sys
2009-12-21 19:07 . 2001-08-17 18:48      12416      ----a-w-      c:\windows\system32\dllcache\msriffwv.sys
2009-12-21 19:07 . 2001-08-17 19:00      2944      ----a-w-      c:\windows\system32\dllcache\msmpu401.sys
2009-12-21 19:07 . 2008-04-13 19:54      22016      ----a-w-      c:\windows\system32\dllcache\msircomm.sys
2009-12-21 19:07 . 2004-08-04 10:00      98304      ----a-w-      c:\windows\system32\dllcache\msir3jp.dll
2009-12-21 19:07 . 2001-08-17 19:02      35200      ----a-w-      c:\windows\system32\dllcache\msgame.sys
2009-12-21 19:07 . 2001-08-17 18:48      6016      ----a-w-      c:\windows\system32\dllcache\msfsio.sys
2009-12-21 19:07 . 2008-04-13 19:46      51200      ----a-w-      c:\windows\system32\dllcache\msdv.sys
2009-12-21 19:05 . 2001-08-17 18:28      727786      ----a-w-      c:\windows\system32\dllcache\ltck000c.sys
2009-12-21 19:04 . 2001-08-17 19:55      5632      ----a-w-      c:\windows\system32\dllcache\kbd103.dll
2009-12-21 19:03 . 2001-08-17 19:06      100992      ----a-w-      c:\windows\system32\dllcache\icam5usb.sys
2009-12-21 19:02 . 2001-08-17 18:28      57471      ----a-w-      c:\windows\system32\dllcache\hsf_samp.sys
2009-12-21 19:01 . 2001-08-18 03:36      119296      ----a-w-      c:\windows\system32\dllcache\hpdigwia.dll
2009-12-21 19:00 . 2001-08-18 03:36      71680      ----a-w-      c:\windows\system32\dllcache\fnfilter.dll
2009-12-21 18:59 . 2001-08-17 17:17      629952      ----a-w-      c:\windows\system32\dllcache\eqn.sys
2009-12-21 18:58 . 2001-08-17 17:11      29696      ----a-w-      c:\windows\system32\dllcache\dm9pci5.sys
2009-12-21 18:57 . 2001-08-17 17:12      117760      ----a-w-      c:\windows\system32\dllcache\d100ib5.sys
2009-12-21 18:56 . 2001-08-17 17:13      49182      ----a-w-      c:\windows\system32\dllcache\cem56n5.sys
2009-12-21 18:55 . 2001-08-18 03:36      12800      ----a-w-      c:\windows\system32\dllcache\brevif.dll
2009-12-21 18:54 . 2001-08-17 17:19      747392      ----a-w-      c:\windows\system32\dllcache\adm8830.sys
2009-12-21 18:53 . 2004-08-04 10:00      7680      ----a-w-      c:\windows\system32\dllcache\inetmgr.exe
2009-12-21 18:53 . 2004-08-04 10:00      19968      ----a-w-      c:\windows\system32\dllcache\inetsloc.dll
2009-12-21 18:53 . 2004-08-04 10:00      169984      ----a-w-      c:\windows\system32\dllcache\iisui.dll
2009-12-21 18:53 . 2004-08-04 10:00      5632      ----a-w-      c:\windows\system32\dllcache\iisrstap.dll
2009-12-21 18:53 . 2004-08-04 10:00      14336      ----a-w-      c:\windows\system32\dllcache\iisreset.exe
2009-12-21 18:53 . 2004-08-04 10:00      6144      ----a-w-      c:\windows\system32\dllcache\ftpsapi2.dll
2009-12-21 18:02 . 2009-12-22 13:13      --------      d-----w-      c:\documents and settings\Administrator\Application Data\U3
2009-12-21 17:15 . 2009-12-21 17:15      88000      ----a-w-      c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 16:07 . 2009-12-21 16:07      --------      d-----w-      C:\_OTM
2009-12-21 16:01 . 2009-12-21 16:01      --------      d-----w-      c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-12-21 16:01 . 2009-12-21 16:01      --------      d-----w-      c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-12-21 16:01 . 2009-12-21 16:01      --------      d-----w-      c:\documents and settings\Administrator\Local Settings\Application Data\LogMeIn
2009-12-21 15:51 . 2009-12-21 15:51      --------      d-sh--w-      c:\documents and settings\Administrator\PrivacIE
2009-12-21 15:49 . 2009-12-21 15:49      --------      d-----w-      c:\documents and settings\Administrator\Application Data\Windows Search
2009-12-21 15:08 . 2009-12-21 15:51      --------      d-----w-      c:\documents and settings\Administrator
2009-12-09 08:01 . 2009-12-11 12:54      --------      d-----w-      c:\windows\ie8updates
2009-12-08 23:16 . 2009-10-29 07:45      594432      ------w-      c:\windows\system32\dllcache\msfeeds.dll
2009-12-08 23:16 . 2009-10-29 07:45      12800      ------w-      c:\windows\system32\dllcache\xpshims.dll
2009-12-08 23:16 . 2009-10-29 07:45      55296      ------w-      c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-08 23:16 . 2009-10-29 07:45      1985536      ------w-      c:\windows\system32\dllcache\iertutil.dll
2009-12-08 23:16 . 2009-10-29 07:45      246272      ------w-      c:\windows\system32\dllcache\ieproxy.dll
2009-12-08 23:16 . 2009-10-29 07:45      11069952      ------w-      c:\windows\system32\dllcache\ieframe.dll
2009-12-08 19:23 . 2009-12-09 17:11      --------      d-----w-      c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-12-08 19:19 . 2009-12-08 19:19      --------      d-----w-      c:\documents and settings\dtrick\Local Settings\Application Data\Identities
2009-12-08 19:19 . 2009-12-08 19:19      --------      d-----w-      c:\documents and settings\dtrick\Application Data\Windows Desktop Search
2009-12-08 19:19 . 2009-12-11 12:53      --------      d-----w-      c:\program files\Windows Desktop Search
2009-12-08 19:19 . 2009-12-08 19:19      --------      d-----w-      c:\windows\system32\GroupPolicy
2009-12-08 19:00 . 2009-12-22 13:03      --------      dc----w-      c:\windows\system32\DRVSTORE
2009-12-08 18:56 . 2009-12-08 18:56      --------      d-sh--w-      c:\documents and settings\LocalService\IETldCache
2009-12-08 18:55 . 2009-12-08 18:55      --------      d-----w-      c:\documents and settings\dtrick\Local Settings\Application Data\LogMeIn
2009-12-08 18:55 . 2009-12-08 18:55      --------      d-----w-      c:\documents and settings\All Users\Application Data\LogMeIn
2009-12-08 18:55 . 2009-12-08 18:55      --------      d-----w-      c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-12-08 18:55 . 2009-09-29 00:34      47416      ----a-w-      c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2009-12-08 18:55 . 2009-09-29 00:34      83288      ----a-w-      c:\windows\system32\LMIRfsClientNP.dll
2009-12-08 18:55 . 2009-09-29 00:34      28984      ----a-w-      c:\windows\system32\LMIport.dll
2009-12-08 18:55 . 2008-08-11 17:41      47640      ----a-w-      c:\windows\system32\drivers\LMIRfsDriver.sys
2009-12-08 18:55 . 2009-09-29 00:34      87352      ----a-w-      c:\windows\system32\LMIinit.dll
2009-12-08 18:54 . 2009-12-22 13:05      --------      d-----w-      c:\program files\LogMeIn
2009-12-08 18:52 . 2009-12-22 13:01      --------      d-----w-      c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-08 17:52 . 2009-12-08 17:52      --------      d-----w-      C:\a58cacb4d45445f6ef82d1b1a360
2009-12-08 17:51 . 2009-12-08 17:52      --------      d-----w-      C:\ae465e7bd8dcd50a7abf704b000cd7
2009-12-08 17:34 . 2009-12-17 13:39      --------      d-----w-      c:\program files\Microsoft Works
2009-12-08 17:33 . 2009-12-08 17:33      --------      d-----w-      c:\program files\MSBuild
2009-12-08 17:31 . 2009-12-08 17:31      --------      d-----w-      c:\program files\Microsoft.NET
2009-12-08 17:11 . 2009-12-08 17:11      --------      d-----w-      c:\documents and settings\dtrick\Local Settings\Application Data\Microsoft Help
2009-12-08 17:10 . 2009-12-22 13:12      --------      d-----w-      c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-08 16:58 . 2009-12-08 16:58      --------      d-----r-      C:\MSOCache
2009-12-08 16:48 . 2009-12-08 16:48      --------      d-sh--w-      c:\documents and settings\dtrick\IECompatCache
2009-12-08 16:47 . 2009-12-08 16:48      --------      d-sh--w-      c:\documents and settings\dtrick\PrivacIE
2009-12-08 16:29 . 2009-12-08 16:29      --------      d-sh--w-      c:\documents and settings\dtrick\IETldCache
2009-12-08 16:25 . 2009-12-08 16:33      --------      d-----w-      c:\program files\Spybot - Search & Destroy
2009-12-08 16:25 . 2009-12-08 16:26      --------      d-----w-      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-08 16:23 . 2009-12-08 16:24      --------      dc-h--w-      c:\windows\ie8
2009-12-08 16:21 . 2009-12-08 16:26      --------      d-----w-      C:\d38c2c431ddb372f9209dd51

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 13:48 . 2008-11-17 15:15      88000      ----a-w-      c:\documents and settings\dtrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-10 09:00 . 2009-12-22 13:17      2747440      ----a-w-      c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091221.050\CCERASER.DLL
2009-12-08 14:55 . 2005-08-15 20:42      --------      d-----w-      c:\documents and settings\All Users\Application Data\AOL
2009-12-07 14:10 . 2009-12-22 13:02      2953352      -c--a-w-      c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-11-04 15:07 . 2009-10-05 14:02      --------      d-----w-      c:\documents and settings\dtrick\Application Data\HpUpdate
2009-10-29 07:45 . 2004-08-11 22:00      916480      ----a-w-      c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-11 22:00      75776      ----a-w-      c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-11 22:00      25088      ----a-w-      c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00      265728      ----a-w-      c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-11 22:00      270336      ----a-w-      c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-11 22:00      149504      ----a-w-      c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-11 22:00      79872      ----a-w-      c:\windows\system32\raschap.dll
2009-09-27 08:00 . 2009-12-22 13:17      259440      ----a-w-      c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091221.050\ECMSVR32.DLL
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-22 282624]
"D-Link RangeBooster G WDA-2320"="c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2005-12-15 2490368]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34      87352      ----a-w-      c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09      63712      ----a-w-      c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cisco Systems\\VPN Client\\cvpnd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/22/2009 8:03 AM 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1007020.00B\SymEFA.sys [9/9/2009 6:29 AM 310320]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1007020.00B\cchpx86.sys [9/9/2009 6:27 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [12/21/2009 3:01 PM 329592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1184912]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [12/8/2009 1:55 PM 47640]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [9/9/2009 6:28 AM 117640]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [8/25/2005 2:00 PM 466880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/18/2009 12:39 PM 102448]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 08:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1913989440-3093678438-2774681625-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,03,39,5a,96,df,e4,4d,8d,fe,98,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,03,39,5a,96,df,e4,4d,8d,fe,98,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1544)
c:\windows\system32\CSGina.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WININET.dll
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Lavasoft\Ad-Aware\ShellExt.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-12-22  08:34:41 - machine was rebooted
ComboFix-quarantined-files.txt  2009-12-22 13:34

Pre-Run: 16,570,699,776 bytes free
Post-Run: 16,544,915,456 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3061EC5342547EAD9F4531F426B42251
0
 

Author Comment

by:Cubbybulin
ID: 26104482
Thanks for all your help!
0
 
LVL 1

Expert Comment

by:CooGuru
ID: 26105345
No Problem at all.

I scanned you log file, and it looks as if your clean again.  I would stronlgy suggest that you reinstall your copy of Norton. I have seen numerous cases where this type of infection has caused problems for the installed AV.  It also looke as if one of the Norton Directories was blank.  This could be an indication of suck problems/
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question