please help, desktop and icons disappeared

fmonte · 05-19-2008, 06:25 AM

Well, I googled "flat bottom boats" and when I clicked on a link for building instructions, I got a porn site and a number of virus warnings. My AVG software healed all the virus warning popups and then I let the AVG software do a complete scan but now when I go to boot up, my desktop and icons appear for a few seconds and then goes black and then comes on again for a few more seconds and then goes black and this cycle continues 3 times. The last time it turns black and freezes up. During the 3 cycles, I can execute programs but I must get them up and running before that third time. I tried to go to a earlier restore point but it seems that that feature is not working because I am not seeing any bold dates. Please help. Thank you. Frank

**mep916** · 05-19-2008, 06:43 AM

Post a hijackthis log. Download the program here.

fmonte · 05-19-2008, 01:32 PM

Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:02 AM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
O4 - HKLM\..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
O4 - HKLM\..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe -1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panasonic Local Printer Service - Panasonic Communications Co., Ltd. - C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
O23 - Service: Panasonic Trap Monitor Service - Panasonic - C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe

--
End of file - 7767 bytes

cohen · 05-19-2008, 01:44 PM

Read more tommorow i'm going to bed! I'll post something tommorow

Punk · 05-19-2008, 06:17 PM

You're HJT log doesn't show any spyware. let's look deeper:
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file from one of the three below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

fmonte · 05-19-2008, 08:35 PM

Here is the log that you asked for. The whole process only took about 10 minutes. By the way, I was not online during this process. I downloaded the file from my other computer. I was told to stay offline on the infected computer. Please let me know if I need to rerun combo fix again while being online. Thank you.

ComboFix 08-05-15.3 - Frank 2008-05-19 14:25:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1342 [GMT -4:00]
Running from: J:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Frank\g2mdlhlpx.exe
C:\WINDOWS\system32\JjlSBJlm.ini
C:\WINDOWS\system32\JjlSBJlm.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-19 14:24 . 2008-05-19 14:25 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.da t.LOG
2008-05-19 07:26 . 2008-05-19 07:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 07:11 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-05-18 21:47 . 2008-05-18 21:47 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Panasonic
2008-05-18 21:47 . 2008-05-18 21:47 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-05-18 21:42 . 2008-05-18 21:42 <DIR> d-------- C:\Documents and Settings\Problem correction\Application Data\Panasonic
2008-05-18 21:42 . 2008-05-18 21:42 <DIR> d-------- C:\Documents and Settings\Problem correction\Application Data\AVG7
2008-05-18 18:47 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-18 18:47 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-18 18:47 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-18 18:47 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-18 18:47 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-18 18:47 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-18 18:47 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-18 18:47 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-18 15:24 . 2008-05-18 15:24 1,390,340 --a------ C:\SmitfraudFix.exe
2008-05-18 13:40 . 2008-05-18 18:48 3,050 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-18 13:28 . 2008-05-18 13:28 <DIR> d-------- C:\Documents and Settings\Guest
2008-05-18 13:28 . 2008-05-19 14:28 1,024 --ah----- C:\Documents and Settings\Guest\ntuser.dat.LOG
2008-05-18 13:20 . 2006-02-28 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-18 13:19 . 2008-05-18 13:19 <DIR> d-------- C:\Documents and Settings\Problem correction
2008-05-18 13:19 . 2008-05-19 14:28 1,024 --ah----- C:\Documents and Settings\Problem correction\ntuser.dat.LOG
2008-05-18 10:53 . 2008-05-18 10:53 319,872 --a------ C:\WINDOWS\system32\mlJBSljJ.dll
2008-05-18 10:48 . 2008-05-18 10:48 <DIR> dr-h----- C:\$VAULT$.AVG
2008-05-18 10:48 . 2008-05-17 17:14 286,720 --a------ C:\WINDOWS\pxgdslro.dll
2008-05-18 10:48 . 2008-05-17 17:15 245,760 --a------ C:\WINDOWS\nldfmtappek.dll
2008-05-18 10:48 . 2008-05-18 10:48 28,800 --a------ C:\WINDOWS\system32\cbXQkhFu.dll
2008-05-07 17:43 . 2008-05-08 13:51 <DIR> d-------- C:\Program Files\Avalon Health Care
2008-05-03 11:53 . 2008-05-03 11:53 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-03 11:52 . 2008-05-03 11:53 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-03 11:50 . 2008-05-03 11:50 <DIR> d-------- C:\Program Files\Real
2008-04-28 11:21 . 2008-04-28 11:21 <DIR> d-------- C:\Program Files\SiteChallenge
2008-04-28 11:21 . 2007-05-03 10:15 68,496 --a------ C:\WINDOWS\system32\MLSecurityCOM.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-19 04:13 --------- d-----w C:\Program Files\LogMeIn
2008-05-18 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-17 13:12 --------- d-----w C:\Program Files\COMODO
2008-05-17 13:12 --------- d-----w C:\Documents and Settings\Frank\Application Data\Comodo
2008-05-12 15:34 --------- d-----w C:\Documents and Settings\Frank\Application Data\AdobeUM
2008-04-15 12:09 1,880 ----a-w C:\WINDOWS\AUTOLNCH.REG
2008-04-02 15:27 --------- d-----w C:\Program Files\Microsoft Works
2008-03-30 14:44 --------- d-----w C:\Program Files\2nd Story Software
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47551F98-CC7F-4701-A650-D7231EEA60BD}]
2008-05-18 10:48 28800 --a------ C:\WINDOWS\system32\cbXQkhFu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{966CE0C2-7AD7-40CE-ABB9-87D9E632FD50}]
2008-05-18 10:53 319872 --a------ C:\WINDOWS\system32\mlJBSljJ.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 08:15 579584]
"HP Lamp"="C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" [2001-04-27 12:00 53248]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 05:46 196608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 19:26 217088]
"nwiz"="nwiz.exe" [2007-06-28 12:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2003-09-06 01:16 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2003-09-06 01:35 40960]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 12:43 8466432]
"Panasonic Device Monitor Wakeup"="C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe" [2006-11-02 15:54 303104]
"Panasonic Device Manager for Multi-Function Station software"="C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe" [2007-05-21 13:46 126976]
"Panasonic PCFAX for Multi-Function Station software"="C:\Program Files\Panasonic\MFStation\KmPcFax.exe" [2007-05-29 11:31 757760]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-03 11:52 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-02 11:19 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-12-16 02:47:49 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 05:54 38400]
"{47551F98-CC7F-4701-A650-D7231EEA60BD}"= C:\WINDOWS\system32\cbXQkhFu.dll [2008-05-18 10:48 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXQkhFu]
cbXQkhFu.dll 2008-05-18 10:48 28800 C:\WINDOWS\system32\cbXQkhFu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
--------- 2005-01-07 18:30 864256 C:\Program Files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-02-28 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2007-08-03 16:09 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-28 12:43 8466432 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2007-12-05 11:47 160592 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-07-18 18:23 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-05-01 19:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-01 09:48 16208384 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--------- 2004-11-11 18:14 49152 C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-09-28 14:16 185896 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
--a------ 2000-02-14 18:36 43008 C:\WINDOWS\system32\WFXSNT40.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=2 (0x2)
"WZCSVC"=2 (0x2)
"W32Time"=2 (0x2)
"CiSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Panasonic\\TrapMonitor\\Trapmnnt.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 16:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sy s [2007-08-03 16:09]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service;C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe [2004-08-03 05:33]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 14:12]
S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 14:12]
S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 14:12]
S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 18:39]
S4 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-02-14 18:36]

.
************************************************** ************************

disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\

scan completed successfully
hidden files:

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\cbXQkhFu.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\BRSS01A.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
.
************************************************** ************************
.
Completion time: 2008-05-19 14:30:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-19 18:30:29

Pre-Run: 279,903,870,976 bytes free
Post-Run: 280,056,901,632 bytes free

234 --- E O F --- 2008-05-18 19:42:34

cohen · 05-19-2008, 11:01 PM

Do a scan on the admin account

fmonte · 05-20-2008, 12:23 AM

Thank you Cohen but what do you mean "do a scan". Please advise in detail because I know very little about all of this.

cohen · 05-20-2008, 12:44 AM

Quote:

Originally Posted by fmonte

Thank you Cohen but what do you mean "do a scan". Please advise in detail because I know very little about all of this.

The log above that you posted you need to do it again but on the admin account so we can have more information.

fmonte · 05-20-2008, 01:23 AM

I'm confused. Before this problem I had two account show up. One is called Frank(computer admisistrator) and the other is called Guest(guest account is on). Yesterday when I asked for help, someone suggested I make a new account and see if that we make the computer work properly but it made no difference. So now I have a third account called Problem Correction(computer admisistrator). So, in other words, I think I have already provided what you have asked for above. By the way, should I just delete that new account since it did not do any good. Thanks again.

05-19-2008, 06:25 AM	#1 (permalink)
fmonte Silver Member Join Date: Nov 2007 Posts: 132	please help, desktop and icons disappeared Well, I googled "flat bottom boats" and when I clicked on a link for building instructions, I got a porn site and a number of virus warnings. My AVG software healed all the virus warning popups and then I let the AVG software do a complete scan but now when I go to boot up, my desktop and icons appear for a few seconds and then goes black and then comes on again for a few more seconds and then goes black and this cycle continues 3 times. The last time it turns black and freezes up. During the 3 cycles, I can execute programs but I must get them up and running before that third time. I tried to go to a earlier restore point but it seems that that feature is not working because I am not seeing any bold dates. Please help. Thank you. Frank

05-19-2008, 06:43 AM	#2 (permalink)
mep916 Moderator - F@H Guru Join Date: Aug 2007 Location: Northern Cali Age: 28 Posts: 5,228	Post a hijackthis log. Download the program here. __________________ Q9450 @ 3.4 GHz \|\| Zalman CNPS9700 ASUS Rampage Formula XFX GTX 280 4GB Ballistix Tracer @ 850 MHz 2X 150GB WD Raptors (RAID 0) 1TB Hitachi Deskstar Antec Nine Hundred Case 750W Quad Silencer FOLDING FOR THE GOOD OF MANKIND:F@H Team 44358 \|\| Team Stats \|\| My Stats \|\| Hardware Contributions: GTX 280/PS3/P4

05-19-2008, 01:44 PM	#4 (permalink)
cohen Diamond Member Join Date: Jan 2008 Location: Melbourne, Australia Age: 14 Posts: 8,179	Read more tommorow i'm going to bed! I'll post something tommorow __________________ My Website Desktop / Laptop Motherboard: Asus M2N X SE / Unknown CPU: AMD 4000+ 2.1GHZ x 2 / Intel Pentium M 1.60GHZ Ram: 2GB Transcend / 512MB Hard Drive: 320GB / 60GB Video Card: Both Intergrated Monitor: 19" Benq / 15.4" OS: Windows Vista Home Premium Service Pack 1 / Windows XP Professional Service Pack 3

05-19-2008, 06:17 PM	#5 (permalink)
Punk Diamond Member Join Date: Jan 2007 Location: France Age: 18 Posts: 5,001	You're HJT log doesn't show any spyware. let's look deeper: Download and Run ComboFix If you already have Combofix, please delete this copy and download it again as it's being updated regularly. Download this file from one of the three below listed places : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Then double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Combofix should never take more that 20 minutes including the reboot if malware is detected. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end. __________________ Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be guess that's hard for others to see

05-19-2008, 11:01 PM	#7 (permalink)
cohen Diamond Member Join Date: Jan 2008 Location: Melbourne, Australia Age: 14 Posts: 8,179	Do a scan on the admin account __________________ My Website Desktop / Laptop Motherboard: Asus M2N X SE / Unknown CPU: AMD 4000+ 2.1GHZ x 2 / Intel Pentium M 1.60GHZ Ram: 2GB Transcend / 512MB Hard Drive: 320GB / 60GB Video Card: Both Intergrated Monitor: 19" Benq / 15.4" OS: Windows Vista Home Premium Service Pack 1 / Windows XP Professional Service Pack 3

05-19-2008, 01:32 PM	#3 (permalink)
fmonte Silver Member Join Date: Nov 2007 Posts: 132	Thank you. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:28:02 AM, on 5/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\BrmfBAgS.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\imapi.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe O4 - HKLM\..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe O4 - HKLM\..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe -1 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O20 - AppInit_DLLs: O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panasonic Local Printer Service - Panasonic Communications Co., Ltd. - C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe O23 - Service: Panasonic Trap Monitor Service - Panasonic - C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe -- End of file - 7767 bytes

05-19-2008, 08:35 PM	#6 (permalink)
fmonte Silver Member Join Date: Nov 2007 Posts: 132	Here is the log that you asked for. The whole process only took about 10 minutes. By the way, I was not online during this process. I downloaded the file from my other computer. I was told to stay offline on the infected computer. Please let me know if I need to rerun combo fix again while being online. Thank you. ComboFix 08-05-15.3 - Frank 2008-05-19 14:25:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1342 [GMT -4:00] Running from: J:\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Frank\g2mdlhlpx.exe C:\WINDOWS\system32\JjlSBJlm.ini C:\WINDOWS\system32\JjlSBJlm.ini2 . ((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))) . 2008-05-19 14:24 . 2008-05-19 14:25 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.da t.LOG 2008-05-19 07:26 . 2008-05-19 07:26 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-19 07:11 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2008-05-18 21:47 . 2008-05-18 21:47 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Panasonic 2008-05-18 21:47 . 2008-05-18 21:47 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7 2008-05-18 21:42 . 2008-05-18 21:42 <DIR> d-------- C:\Documents and Settings\Problem correction\Application Data\Panasonic 2008-05-18 21:42 . 2008-05-18 21:42 <DIR> d-------- C:\Documents and Settings\Problem correction\Application Data\AVG7 2008-05-18 18:47 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-18 18:47 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-18 18:47 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-18 18:47 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-18 18:47 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-18 18:47 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-18 18:47 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-18 18:47 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-18 15:24 . 2008-05-18 15:24 1,390,340 --a------ C:\SmitfraudFix.exe 2008-05-18 13:40 . 2008-05-18 18:48 3,050 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-18 13:28 . 2008-05-18 13:28 <DIR> d-------- C:\Documents and Settings\Guest 2008-05-18 13:28 . 2008-05-19 14:28 1,024 --ah----- C:\Documents and Settings\Guest\ntuser.dat.LOG 2008-05-18 13:20 . 2006-02-28 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-18 13:19 . 2008-05-18 13:19 <DIR> d-------- C:\Documents and Settings\Problem correction 2008-05-18 13:19 . 2008-05-19 14:28 1,024 --ah----- C:\Documents and Settings\Problem correction\ntuser.dat.LOG 2008-05-18 10:53 . 2008-05-18 10:53 319,872 --a------ C:\WINDOWS\system32\mlJBSljJ.dll 2008-05-18 10:48 . 2008-05-18 10:48 <DIR> dr-h----- C:\$VAULT$.AVG 2008-05-18 10:48 . 2008-05-17 17:14 286,720 --a------ C:\WINDOWS\pxgdslro.dll 2008-05-18 10:48 . 2008-05-17 17:15 245,760 --a------ C:\WINDOWS\nldfmtappek.dll 2008-05-18 10:48 . 2008-05-18 10:48 28,800 --a------ C:\WINDOWS\system32\cbXQkhFu.dll 2008-05-07 17:43 . 2008-05-08 13:51 <DIR> d-------- C:\Program Files\Avalon Health Care 2008-05-03 11:53 . 2008-05-03 11:53 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-05-03 11:52 . 2008-05-03 11:53 <DIR> d-------- C:\Program Files\Common Files\Real 2008-05-03 11:50 . 2008-05-03 11:50 <DIR> d-------- C:\Program Files\Real 2008-04-28 11:21 . 2008-04-28 11:21 <DIR> d-------- C:\Program Files\SiteChallenge 2008-04-28 11:21 . 2007-05-03 10:15 68,496 --a------ C:\WINDOWS\system32\MLSecurityCOM.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-05-19 04:13 --------- d-----w C:\Program Files\LogMeIn 2008-05-18 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-05-17 13:12 --------- d-----w C:\Program Files\COMODO 2008-05-17 13:12 --------- d-----w C:\Documents and Settings\Frank\Application Data\Comodo 2008-05-12 15:34 --------- d-----w C:\Documents and Settings\Frank\Application Data\AdobeUM 2008-04-15 12:09 1,880 ----a-w C:\WINDOWS\AUTOLNCH.REG 2008-04-02 15:27 --------- d-----w C:\Program Files\Microsoft Works 2008-03-30 14:44 --------- d-----w C:\Program Files\2nd Story Software . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47551F98-CC7F-4701-A650-D7231EEA60BD}] 2008-05-18 10:48 28800 --a------ C:\WINDOWS\system32\cbXQkhFu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{966CE0C2-7AD7-40CE-ABB9-87D9E632FD50}] 2008-05-18 10:53 319872 --a------ C:\WINDOWS\system32\mlJBSljJ.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 08:15 579584] "HP Lamp"="C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" [2001-04-27 12:00 53248] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 05:46 196608] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 19:26 217088] "nwiz"="nwiz.exe" [2007-06-28 12:43 1626112 C:\WINDOWS\system32\nwiz.exe] "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2003-09-06 01:16 57393] "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2003-09-06 01:35 40960] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 12:43 8466432] "Panasonic Device Monitor Wakeup"="C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe" [2006-11-02 15:54 303104] "Panasonic Device Manager for Multi-Function Station software"="C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe" [2007-05-21 13:46 126976] "Panasonic PCFAX for Multi-Function Station software"="C:\Program Files\Panasonic\MFStation\KmPcFax.exe" [2007-05-29 11:31 757760] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-03 11:52 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-02 11:19 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-12-16 02:47:49 114688] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 05:54 38400] "{47551F98-CC7F-4701-A650-D7231EEA60BD}"= C:\WINDOWS\system32\cbXQkhFu.dll [2008-05-18 10:48 28800] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXQkhFu] cbXQkhFu.dll 2008-05-18 10:48 28800 C:\WINDOWS\system32\cbXQkhFu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0] --------- 2005-01-07 18:30 864256 C:\Program Files\Brother\ControlCenter2\brctrcen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2006-02-28 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] --a------ 2007-08-03 16:09 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-06-28 12:43 8466432 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm] --a------ 2007-12-05 11:47 160592 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] --a------ 2003-07-18 18:23 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility] --a------ 2003-05-01 19:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2006-06-01 09:48 16208384 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] --------- 2004-11-11 18:14 49152 C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] --a------ 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-09-28 14:16 185896 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter] --a------ 2000-02-14 18:36 43008 C:\WINDOWS\system32\WFXSNT40.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "BITS"=2 (0x2) "WZCSVC"=2 (0x2) "W32Time"=2 (0x2) "CiSvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "C:\\Program Files\\Panasonic\\TrapMonitor\\Trapmnnt.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 16:09] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sy s [2007-08-03 16:09] R2 Panasonic Local Printer Service;Panasonic Local Printer Service;C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe [2004-08-03 05:33] S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 14:12] S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 14:12] S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 14:12] S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2004-11-23 18:39] S4 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-02-14 18:36] . ************************************************ ******************** disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... disk not found C:\ disk not found C:\ disk not found C:\ disk not found C:\ disk not found C:\ disk not found C:\ disk not found C:\ disk not found C:\ disk not found C:\ disk not found C:\ disk not found C:\ disk not found C:\ disk not found C:\ disk not found C:\ disk not found C:\ scan completed successfully hidden files: ********************************************** ******************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\cbXQkhFu.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\BRSS01A.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\BrmfBAgS.exe C:\Program Files\LogMeIn\x86\ramaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\MsPMSPSv.exe . ********************************************** ********************** . Completion time: 2008-05-19 14:30:33 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-19 18:30:29 Pre-Run: 279,903,870,976 bytes free Post-Run: 280,056,901,632 bytes free 234 --- E O F --- 2008-05-18 19:42:34

05-20-2008, 12:23 AM	#8 (permalink)
fmonte Silver Member Join Date: Nov 2007 Posts: 132	Thank you Cohen but what do you mean "do a scan". Please advise in detail because I know very little about all of this.

05-20-2008, 01:23 AM	#10 (permalink)
fmonte Silver Member Join Date: Nov 2007 Posts: 132	I'm confused. Before this problem I had two account show up. One is called Frank(computer admisistrator) and the other is called Guest(guest account is on). Yesterday when I asked for help, someone suggested I make a new account and see if that we make the computer work properly but it made no difference. So now I have a third account called Problem Correction(computer admisistrator). So, in other words, I think I have already provided what you have asked for above. By the way, should I just delete that new account since it did not do any good. Thanks again.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Annoying problem with desktop Icon's...	palefountain	General Computer Chat	1	01-10-2008 09:11 PM
changing the size of desktop icons only	karjaneth	General Software	3	05-31-2006 09:05 PM
Desktop Icons	jquinlan	Operating Systems	4	09-23-2005 01:38 AM
Spinning icons on desktop??????	R_ACE1	General Software	5	06-15-2005 06:24 AM
Custom desktop icons...	saiya00	Desktop Computers	2	02-16-2005 07:48 AM