Link to home
Start Free TrialLog in
Avatar of Cubbybulin
Cubbybulin

asked on

Windows Task Manager or Ad-Aware will not open

Had some malware, and now now task manager or lavasoft adaware wont open. Its not disabled, just wont open. I downloaded procexp.exe and i can see taskmanager there running, but it wont open. I had Norton up to date and did not find any viruses, and spy bot got rid of the malware so PC seems clean now. Any ideas? Thanks!
Avatar of jasfout
jasfout
Flag of United States of America image
It is likely that your are either still infected, have corrupted system files, or both.
A few things to try:
System Restore to a date when it was working properly.
From command line: chkdsk /f.
From run box with XP cd handy:  sfc /scannow
Slave the drive to another machine and do a thorough malware scan of the drive.
Window Repair Install.
Nuke & Pave.
ASKER CERTIFIED SOLUTION
Avatar of CooGuru
CooGuru
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of optoma
optoma
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Cubbybulin
Cubbybulin

ASKER

I ran combofix (I had to rename it) and now task manager comes up and ad-aware is running! YEAY!
Here is the log:

ComboFix 09-12-21.04 - Administrator 12/22/2009   8:18.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1429 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ab.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\BLACKB~1\System\NTSVc.ocx
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\system32\regsvr.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BHDRVX86
-------\Service_BHDrvx86


(((((((((((((((((((((((((   Files Created from 2009-11-22 to 2009-12-22  )))))))))))))))))))))))))))))))
.

2009-12-22 13:03 . 2009-12-02 13:19      64288      ----a-w-      c:\windows\system32\drivers\Lbd.sys
2009-12-22 13:02 . 2009-12-22 13:02      --------      dc-h--w-      c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-22 13:01 . 2009-12-22 13:01      --------      d-----w-      c:\program files\Lavasoft
2009-12-21 19:23 . 2004-08-04 10:00      4677      ----a-w-      c:\windows\system32\dllcache\zeeverm.dll
2009-12-21 19:23 . 2004-08-04 10:00      29760      ----a-w-      c:\windows\system32\dllcache\znetm.dll
2009-12-21 19:23 . 2004-08-04 10:00      13894      ----a-w-      c:\windows\system32\dllcache\zonelibm.dll
2009-12-21 19:23 . 2004-08-04 10:00      113222      ----a-w-      c:\windows\system32\dllcache\zoneclim.dll
2009-12-21 19:23 . 2004-08-04 10:00      41029      ----a-w-      c:\windows\system32\dllcache\zcorem.dll
2009-12-21 19:23 . 2004-08-04 10:00      36937      ----a-w-      c:\windows\system32\dllcache\zclientm.exe
2009-12-21 19:23 . 2008-04-14 01:12      116224      ----a-w-      c:\windows\system32\dllcache\xrxwiadr.dll
2009-12-21 19:23 . 2001-08-18 03:36      23040      ----a-w-      c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-21 19:23 . 2008-04-14 01:12      18944      ----a-w-      c:\windows\system32\dllcache\xrxscnui.dll
2009-12-21 19:23 . 2001-08-18 03:37      27648      ----a-w-      c:\windows\system32\dllcache\xrxftplt.exe
2009-12-21 19:23 . 2001-08-18 03:37      4608      ----a-w-      c:\windows\system32\dllcache\xrxflnch.exe
2009-12-21 19:22 . 2001-08-18 03:37      99865      ----a-w-      c:\windows\system32\dllcache\xlog.exe
2009-12-21 19:22 . 2001-08-17 17:11      16970      ----a-w-      c:\windows\system32\dllcache\xem336n5.sys
2009-12-21 19:22 . 2004-08-04 03:29      19455      ----a-w-      c:\windows\system32\dllcache\wvchntxx.sys
2009-12-21 19:22 . 2008-04-13 19:46      19200      ----a-w-      c:\windows\system32\dllcache\wstcodec.sys
2009-12-21 19:22 . 2004-08-04 03:29      12063      ----a-w-      c:\windows\system32\dllcache\wsiintxx.sys
2009-12-21 19:22 . 2008-04-14 01:12      8192      ----a-w-      c:\windows\system32\dllcache\wshirda.dll
2009-12-21 19:22 . 2008-04-13 19:36      8832      ----a-w-      c:\windows\system32\dllcache\wmiacpi.sys
2009-12-21 19:22 . 2004-08-04 03:31      154624      ----a-w-      c:\windows\system32\dllcache\wlluc48.sys
2009-12-21 19:22 . 2001-08-17 17:12      34890      ----a-w-      c:\windows\system32\dllcache\wlandrv2.sys
2009-12-21 19:22 . 2001-08-17 18:28      771581      ----a-w-      c:\windows\system32\dllcache\winacisa.sys
2009-12-21 19:22 . 2001-08-18 03:36      53760      ----a-w-      c:\windows\system32\dllcache\wiamsmud.dll
2009-12-21 19:20 . 2001-08-17 18:49      24576      ----a-w-      c:\windows\system32\dllcache\viairda.sys
2009-12-21 19:19 . 2001-08-18 03:36      26624      ----a-w-      c:\windows\system32\dllcache\umaxu22.dll
2009-12-21 19:18 . 2001-08-17 17:12      34375      ----a-w-      c:\windows\system32\dllcache\tpro4.sys
2009-12-21 19:17 . 2001-08-17 17:50      36640      ----a-w-      c:\windows\system32\dllcache\t2r4mini.sys
2009-12-21 19:16 . 2004-08-04 10:00      101376      ----a-w-      c:\windows\system32\dllcache\srusbusd.dll
2009-12-21 19:15 . 2001-08-17 17:10      35913      ----a-w-      c:\windows\system32\dllcache\smcirda.sys
2009-12-21 19:14 . 2001-08-17 17:50      68608      ----a-w-      c:\windows\system32\dllcache\sis6306p.sys
2009-12-21 19:13 . 2001-08-17 18:51      23936      ----a-w-      c:\windows\system32\dllcache\sccmusbm.sys
2009-12-21 19:12 . 2004-08-04 10:00      753236      ----a-w-      c:\windows\system32\dllcache\rvseres.dll
2009-12-21 19:11 . 2008-04-13 19:40      6016      ----a-w-      c:\windows\system32\dllcache\qic157.sys
2009-12-21 19:10 . 2001-08-18 03:36      16384      ----a-w-      c:\windows\system32\dllcache\philcam1.dll
2009-12-21 19:09 . 2001-08-17 19:05      28032      ----a-w-      c:\windows\system32\dllcache\ovcd.sys
2009-12-21 19:08 . 2001-08-17 17:20      126080      ----a-w-      c:\windows\system32\dllcache\nm5a2wdm.sys
2009-12-21 19:07 . 2001-08-18 03:36      19968      ----a-w-      c:\windows\system32\dllcache\mxicfg.dll
2009-12-21 19:07 . 2001-08-17 18:50      21888      ----a-w-      c:\windows\system32\dllcache\mxcard.sys
2009-12-21 19:07 . 2004-08-04 10:00      229439      ----a-w-      c:\windows\system32\dllcache\multibox.dll
2009-12-21 19:07 . 2001-08-17 17:50      103296      ----a-w-      c:\windows\system32\dllcache\mtxvideo.sys
2009-12-21 19:07 . 2008-04-13 19:39      5504      ----a-w-      c:\windows\system32\dllcache\mstee.sys
2009-12-21 19:07 . 2008-04-13 19:46      49024      ----a-w-      c:\windows\system32\dllcache\mstape.sys
2009-12-21 19:07 . 2001-08-17 18:48      12416      ----a-w-      c:\windows\system32\dllcache\msriffwv.sys
2009-12-21 19:07 . 2001-08-17 19:00      2944      ----a-w-      c:\windows\system32\dllcache\msmpu401.sys
2009-12-21 19:07 . 2008-04-13 19:54      22016      ----a-w-      c:\windows\system32\dllcache\msircomm.sys
2009-12-21 19:07 . 2004-08-04 10:00      98304      ----a-w-      c:\windows\system32\dllcache\msir3jp.dll
2009-12-21 19:07 . 2001-08-17 19:02      35200      ----a-w-      c:\windows\system32\dllcache\msgame.sys
2009-12-21 19:07 . 2001-08-17 18:48      6016      ----a-w-      c:\windows\system32\dllcache\msfsio.sys
2009-12-21 19:07 . 2008-04-13 19:46      51200      ----a-w-      c:\windows\system32\dllcache\msdv.sys
2009-12-21 19:05 . 2001-08-17 18:28      727786      ----a-w-      c:\windows\system32\dllcache\ltck000c.sys
2009-12-21 19:04 . 2001-08-17 19:55      5632      ----a-w-      c:\windows\system32\dllcache\kbd103.dll
2009-12-21 19:03 . 2001-08-17 19:06      100992      ----a-w-      c:\windows\system32\dllcache\icam5usb.sys
2009-12-21 19:02 . 2001-08-17 18:28      57471      ----a-w-      c:\windows\system32\dllcache\hsf_samp.sys
2009-12-21 19:01 . 2001-08-18 03:36      119296      ----a-w-      c:\windows\system32\dllcache\hpdigwia.dll
2009-12-21 19:00 . 2001-08-18 03:36      71680      ----a-w-      c:\windows\system32\dllcache\fnfilter.dll
2009-12-21 18:59 . 2001-08-17 17:17      629952      ----a-w-      c:\windows\system32\dllcache\eqn.sys
2009-12-21 18:58 . 2001-08-17 17:11      29696      ----a-w-      c:\windows\system32\dllcache\dm9pci5.sys
2009-12-21 18:57 . 2001-08-17 17:12      117760      ----a-w-      c:\windows\system32\dllcache\d100ib5.sys
2009-12-21 18:56 . 2001-08-17 17:13      49182      ----a-w-      c:\windows\system32\dllcache\cem56n5.sys
2009-12-21 18:55 . 2001-08-18 03:36      12800      ----a-w-      c:\windows\system32\dllcache\brevif.dll
2009-12-21 18:54 . 2001-08-17 17:19      747392      ----a-w-      c:\windows\system32\dllcache\adm8830.sys
2009-12-21 18:53 . 2004-08-04 10:00      7680      ----a-w-      c:\windows\system32\dllcache\inetmgr.exe
2009-12-21 18:53 . 2004-08-04 10:00      19968      ----a-w-      c:\windows\system32\dllcache\inetsloc.dll
2009-12-21 18:53 . 2004-08-04 10:00      169984      ----a-w-      c:\windows\system32\dllcache\iisui.dll
2009-12-21 18:53 . 2004-08-04 10:00      5632      ----a-w-      c:\windows\system32\dllcache\iisrstap.dll
2009-12-21 18:53 . 2004-08-04 10:00      14336      ----a-w-      c:\windows\system32\dllcache\iisreset.exe
2009-12-21 18:53 . 2004-08-04 10:00      6144      ----a-w-      c:\windows\system32\dllcache\ftpsapi2.dll
2009-12-21 18:02 . 2009-12-22 13:13      --------      d-----w-      c:\documents and settings\Administrator\Application Data\U3
2009-12-21 17:15 . 2009-12-21 17:15      88000      ----a-w-      c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 16:07 . 2009-12-21 16:07      --------      d-----w-      C:\_OTM
2009-12-21 16:01 . 2009-12-21 16:01      --------      d-----w-      c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-12-21 16:01 . 2009-12-21 16:01      --------      d-----w-      c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-12-21 16:01 . 2009-12-21 16:01      --------      d-----w-      c:\documents and settings\Administrator\Local Settings\Application Data\LogMeIn
2009-12-21 15:51 . 2009-12-21 15:51      --------      d-sh--w-      c:\documents and settings\Administrator\PrivacIE
2009-12-21 15:49 . 2009-12-21 15:49      --------      d-----w-      c:\documents and settings\Administrator\Application Data\Windows Search
2009-12-21 15:08 . 2009-12-21 15:51      --------      d-----w-      c:\documents and settings\Administrator
2009-12-09 08:01 . 2009-12-11 12:54      --------      d-----w-      c:\windows\ie8updates
2009-12-08 23:16 . 2009-10-29 07:45      594432      ------w-      c:\windows\system32\dllcache\msfeeds.dll
2009-12-08 23:16 . 2009-10-29 07:45      12800      ------w-      c:\windows\system32\dllcache\xpshims.dll
2009-12-08 23:16 . 2009-10-29 07:45      55296      ------w-      c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-08 23:16 . 2009-10-29 07:45      1985536      ------w-      c:\windows\system32\dllcache\iertutil.dll
2009-12-08 23:16 . 2009-10-29 07:45      246272      ------w-      c:\windows\system32\dllcache\ieproxy.dll
2009-12-08 23:16 . 2009-10-29 07:45      11069952      ------w-      c:\windows\system32\dllcache\ieframe.dll
2009-12-08 19:23 . 2009-12-09 17:11      --------      d-----w-      c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-12-08 19:19 . 2009-12-08 19:19      --------      d-----w-      c:\documents and settings\dtrick\Local Settings\Application Data\Identities
2009-12-08 19:19 . 2009-12-08 19:19      --------      d-----w-      c:\documents and settings\dtrick\Application Data\Windows Desktop Search
2009-12-08 19:19 . 2009-12-11 12:53      --------      d-----w-      c:\program files\Windows Desktop Search
2009-12-08 19:19 . 2009-12-08 19:19      --------      d-----w-      c:\windows\system32\GroupPolicy
2009-12-08 19:00 . 2009-12-22 13:03      --------      dc----w-      c:\windows\system32\DRVSTORE
2009-12-08 18:56 . 2009-12-08 18:56      --------      d-sh--w-      c:\documents and settings\LocalService\IETldCache
2009-12-08 18:55 . 2009-12-08 18:55      --------      d-----w-      c:\documents and settings\dtrick\Local Settings\Application Data\LogMeIn
2009-12-08 18:55 . 2009-12-08 18:55      --------      d-----w-      c:\documents and settings\All Users\Application Data\LogMeIn
2009-12-08 18:55 . 2009-12-08 18:55      --------      d-----w-      c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-12-08 18:55 . 2009-09-29 00:34      47416      ----a-w-      c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2009-12-08 18:55 . 2009-09-29 00:34      83288      ----a-w-      c:\windows\system32\LMIRfsClientNP.dll
2009-12-08 18:55 . 2009-09-29 00:34      28984      ----a-w-      c:\windows\system32\LMIport.dll
2009-12-08 18:55 . 2008-08-11 17:41      47640      ----a-w-      c:\windows\system32\drivers\LMIRfsDriver.sys
2009-12-08 18:55 . 2009-09-29 00:34      87352      ----a-w-      c:\windows\system32\LMIinit.dll
2009-12-08 18:54 . 2009-12-22 13:05      --------      d-----w-      c:\program files\LogMeIn
2009-12-08 18:52 . 2009-12-22 13:01      --------      d-----w-      c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-08 17:52 . 2009-12-08 17:52      --------      d-----w-      C:\a58cacb4d45445f6ef82d1b1a360
2009-12-08 17:51 . 2009-12-08 17:52      --------      d-----w-      C:\ae465e7bd8dcd50a7abf704b000cd7
2009-12-08 17:34 . 2009-12-17 13:39      --------      d-----w-      c:\program files\Microsoft Works
2009-12-08 17:33 . 2009-12-08 17:33      --------      d-----w-      c:\program files\MSBuild
2009-12-08 17:31 . 2009-12-08 17:31      --------      d-----w-      c:\program files\Microsoft.NET
2009-12-08 17:11 . 2009-12-08 17:11      --------      d-----w-      c:\documents and settings\dtrick\Local Settings\Application Data\Microsoft Help
2009-12-08 17:10 . 2009-12-22 13:12      --------      d-----w-      c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-08 16:58 . 2009-12-08 16:58      --------      d-----r-      C:\MSOCache
2009-12-08 16:48 . 2009-12-08 16:48      --------      d-sh--w-      c:\documents and settings\dtrick\IECompatCache
2009-12-08 16:47 . 2009-12-08 16:48      --------      d-sh--w-      c:\documents and settings\dtrick\PrivacIE
2009-12-08 16:29 . 2009-12-08 16:29      --------      d-sh--w-      c:\documents and settings\dtrick\IETldCache
2009-12-08 16:25 . 2009-12-08 16:33      --------      d-----w-      c:\program files\Spybot - Search & Destroy
2009-12-08 16:25 . 2009-12-08 16:26      --------      d-----w-      c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-08 16:23 . 2009-12-08 16:24      --------      dc-h--w-      c:\windows\ie8
2009-12-08 16:21 . 2009-12-08 16:26      --------      d-----w-      C:\d38c2c431ddb372f9209dd51

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 13:48 . 2008-11-17 15:15      88000      ----a-w-      c:\documents and settings\dtrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-10 09:00 . 2009-12-22 13:17      2747440      ----a-w-      c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091221.050\CCERASER.DLL
2009-12-08 14:55 . 2005-08-15 20:42      --------      d-----w-      c:\documents and settings\All Users\Application Data\AOL
2009-12-07 14:10 . 2009-12-22 13:02      2953352      -c--a-w-      c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-11-04 15:07 . 2009-10-05 14:02      --------      d-----w-      c:\documents and settings\dtrick\Application Data\HpUpdate
2009-10-29 07:45 . 2004-08-11 22:00      916480      ----a-w-      c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-11 22:00      75776      ----a-w-      c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-11 22:00      25088      ----a-w-      c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00      265728      ----a-w-      c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-11 22:00      270336      ----a-w-      c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-11 22:00      149504      ----a-w-      c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-11 22:00      79872      ----a-w-      c:\windows\system32\raschap.dll
2009-09-27 08:00 . 2009-12-22 13:17      259440      ----a-w-      c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091221.050\ECMSVR32.DLL
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-22 282624]
"D-Link RangeBooster G WDA-2320"="c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2005-12-15 2490368]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34      87352      ----a-w-      c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09      63712      ----a-w-      c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cisco Systems\\VPN Client\\cvpnd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/22/2009 8:03 AM 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1007020.00B\SymEFA.sys [9/9/2009 6:29 AM 310320]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1007020.00B\cchpx86.sys [9/9/2009 6:27 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [12/21/2009 3:01 PM 329592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1184912]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [12/8/2009 1:55 PM 47640]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [9/9/2009 6:28 AM 117640]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [8/25/2005 2:00 PM 466880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/18/2009 12:39 PM 102448]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 08:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1913989440-3093678438-2774681625-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,03,39,5a,96,df,e4,4d,8d,fe,98,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,03,39,5a,96,df,e4,4d,8d,fe,98,\

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1544)
c:\windows\system32\CSGina.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WININET.dll
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Lavasoft\Ad-Aware\ShellExt.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-12-22  08:34:41 - machine was rebooted
ComboFix-quarantined-files.txt  2009-12-22 13:34

Pre-Run: 16,570,699,776 bytes free
Post-Run: 16,544,915,456 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3061EC5342547EAD9F4531F426B42251
Avatar of Cubbybulin
Cubbybulin

ASKER

Thanks for all your help!
Avatar of CooGuru
CooGuru
No Problem at all.

I scanned you log file, and it looks as if your clean again.  I would stronlgy suggest that you reinstall your copy of Norton. I have seen numerous cases where this type of infection has caused problems for the installed AV.  It also looke as if one of the Norton Directories was blank.  This could be an indication of suck problems/