Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Your computer might be at risk" - help


  • This topic is locked This topic is locked
48 replies to this topic

#31 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 30 December 2008 - 09:39 PM

I have just realised that some of my shortcuts have the missing windows icons. Like when I go to start>all programs. Like for windows media player, notepad, outlook express, command promt... etc. As can be seen in this screenshot.

Posted Image

When I click on say like notepad nothing happens. But when I went to run and typed in '%SystemRoot%\system32\notepad.exe' notepad did open.

I tried to do what you said with remove.bat, but when I double click on it, I get the message "cannot find the log.tx file. Do you want to create a new one?"

So what do I do then?

And how can I solve the missing icon/shortcut problem?

Also here is my combofix log:

ComboFix 08-12-30.01 - Shari 2008-12-31 4:00:45.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2543 [GMT 0:00]
Running from: d:\documents and settings\Shari\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Shari\Local Settings\Temporary Internet Files\fbk.sts

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-30 05:44 . 2008-12-30 05:44 <DIR> d-------- d:\documents and settings\Khw Family.FAMILYCOMPUTER\Application Data\Teleca
2008-12-30 05:44 . 2008-12-30 05:44 <DIR> d-------- d:\documents and settings\Khw Family.FAMILYCOMPUTER\Application Data\Logitech
2008-12-30 05:43 . 2006-03-06 11:18 <DIR> d-------- d:\documents and settings\Khw Family.FAMILYCOMPUTER\Application Data\You've Got Pictures Screensaver
2008-12-30 05:43 . 2006-03-06 11:20 <DIR> d-------- d:\documents and settings\Khw Family.FAMILYCOMPUTER\Application Data\Symantec
2008-12-30 05:43 . 2008-12-30 05:43 <DIR> d-------- d:\documents and settings\Khw Family.FAMILYCOMPUTER
2008-12-29 16:59 . 2008-12-29 16:59 <DIR> d-------- d:\documents and settings\Shari\WINDOWS
2008-12-29 16:59 . 2008-12-29 16:59 <DIR> d--hs---- d:\documents and settings\Shari\UserData
2008-12-29 16:46 . 2008-12-29 16:46 <DIR> d-------- d:\documents and settings\Shari\Application Data\SopCast
2008-12-29 16:45 . 2008-12-29 16:45 <DIR> d-------- d:\documents and settings\Shari\Application Data\Sony Setup
2008-12-29 16:45 . 2008-12-29 16:45 <DIR> d-------- d:\documents and settings\Shari\Application Data\Sony
2008-12-29 16:45 . 2008-12-29 16:45 <DIR> d-------- d:\documents and settings\Shari\Application Data\Sonic
2008-12-29 16:43 . 2008-12-29 16:43 <DIR> dr-h----- d:\documents and settings\Shari\Application Data\SecuROM
2008-12-29 16:43 . 2008-12-29 16:43 <DIR> d-------- d:\documents and settings\Shari\Application Data\Secretmaker
2008-12-29 16:43 . 2008-12-29 16:43 <DIR> d-------- d:\documents and settings\Shari\Application Data\Publish Providers
2008-12-29 16:43 . 2008-12-29 16:43 <DIR> d-------- d:\documents and settings\Shari\Application Data\Pixela
2008-12-29 16:43 . 2008-12-29 16:43 <DIR> d-------- d:\documents and settings\Shari\Application Data\OD2
2008-12-29 16:43 . 2008-12-29 16:43 <DIR> d-------- d:\documents and settings\Shari\Application Data\nView_Wallpaper
2008-12-29 16:43 . 2008-12-29 16:43 <DIR> d-------- d:\documents and settings\Shari\Application Data\MySpace
2008-12-29 16:43 . 2008-12-29 16:43 <DIR> d-------- d:\documents and settings\Shari\Application Data\My Games
2008-12-29 16:42 . 2008-12-29 16:42 <DIR> d-------- d:\documents and settings\Shari\Application Data\Meetro
2008-12-29 16:42 . 2008-12-29 16:42 <DIR> d-------- d:\documents and settings\Shari\Application Data\Leadertech
2008-12-29 16:42 . 2008-12-29 16:42 <DIR> d-------- d:\documents and settings\Shari\Application Data\Lavasoft
2008-12-29 16:42 . 2008-12-29 16:42 <DIR> d-------- d:\documents and settings\Shari\Application Data\FlashFXP
2008-12-29 16:42 . 2008-12-29 16:42 <DIR> d-------- d:\documents and settings\Shari\Application Data\dvdcss
2008-12-29 16:42 . 2008-12-29 16:42 <DIR> d-------- d:\documents and settings\Shari\Application Data\DivX
2008-12-29 16:42 . 2008-12-29 16:42 <DIR> d-------- d:\documents and settings\Shari\Application Data\Disney Interactive
2008-12-29 16:42 . 2008-12-29 16:42 <DIR> d-------- d:\documents and settings\Shari\Application Data\CyberLink
2008-12-29 16:41 . 2008-12-29 16:42 <DIR> d-------- d:\documents and settings\Shari\Application Data\Azureus
2008-12-29 16:41 . 2008-12-29 16:41 <DIR> d-------- d:\documents and settings\Shari\Application Data\Apple Computer
2008-12-29 16:41 . 2008-12-29 16:41 <DIR> d-------- d:\documents and settings\Shari\Application Data\Ahead
2008-12-29 16:41 . 2008-12-29 16:41 <DIR> d-------- d:\documents and settings\Shari\Application Data\AdobeUM
2008-12-29 16:26 . 2008-12-29 16:26 <DIR> d--h----- d:\documents and settings\Shari\InstallAnywhere
2008-12-29 16:19 . 2008-12-29 16:19 <DIR> d-------- d:\documents and settings\Shari\Application Data\teamspeak2
2008-12-29 16:19 . 2008-12-29 16:19 <DIR> d-------- d:\documents and settings\Shari\Application Data\SUPERAntiSpyware.com
2008-12-29 16:19 . 2008-12-29 16:50 <DIR> d-------- d:\documents and settings\Shari\Application Data\Sports Interactive
2008-12-29 16:14 . 2008-12-29 16:14 <DIR> d-------- d:\documents and settings\Shari\Application Data\Ulead Systems
2008-12-29 16:14 . 2008-12-29 16:14 <DIR> d-------- d:\documents and settings\Shari\Application Data\Ubisoft
2008-12-29 16:13 . 2008-12-29 16:13 <DIR> d-------- d:\documents and settings\Shari\Application Data\XnView
2008-12-29 16:13 . 2008-12-29 16:13 <DIR> d-------- d:\documents and settings\Shari\Application Data\Xfire
2008-12-29 16:13 . 2008-12-29 16:13 <DIR> d-------- d:\documents and settings\Shari\Application Data\Webshots
2008-12-29 16:13 . 2008-12-29 16:13 <DIR> d-------- d:\documents and settings\Shari\Application Data\Vso
2008-12-29 16:13 . 2008-12-29 16:13 <DIR> d-------- d:\documents and settings\Shari\Application Data\vlc
2008-12-29 16:13 . 2008-12-29 16:13 <DIR> d-------- d:\documents and settings\Shari\Application Data\Viewpoint
2008-12-29 16:13 . 2008-12-29 16:13 <DIR> d-------- d:\documents and settings\Shari\Application Data\Ventrilo
2008-12-29 16:13 . 2008-12-31 02:46 <DIR> d-------- d:\documents and settings\Shari\Application Data\uTorrent
2008-12-29 16:13 . 2007-09-06 17:01 75,144 --a------ d:\documents and settings\Shari\Application Data\GDIPFONTCACHEV1.DAT
2008-12-29 16:13 . 2008-12-05 03:42 47,360 --a------ d:\documents and settings\Shari\Application Data\pcouffin.sys
2008-12-29 16:13 . 2008-10-29 19:03 22,328 --a------ d:\documents and settings\Shari\Application Data\PnkBstrK.sys
2008-12-29 16:13 . 2006-03-28 19:23 0 --a------ d:\documents and settings\Shari\Application Data\wklnhst.dat
2008-12-28 02:18 . 2006-03-06 11:18 <DIR> d-------- d:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-12-28 02:18 . 2006-03-06 11:20 <DIR> d-------- d:\documents and settings\Administrator\Application Data\Symantec
2008-12-28 02:18 . 2008-12-28 02:18 <DIR> d-------- d:\documents and settings\Administrator
2008-12-27 23:57 . 2008-12-27 23:57 <DIR> d-------- d:\documents and settings\Shari\Contacts
2008-12-27 16:15 . 2008-12-27 16:15 <DIR> d-------- d:\documents and settings\Shari\Application Data\Teleca
2008-12-27 16:06 . 2008-12-27 16:06 <DIR> d-------- d:\documents and settings\Shari\Application Data\Logitech
2008-12-27 16:05 . 2008-12-27 16:05 <DIR> d-------- d:\documents and settings\Shari\Application Data\Malwarebytes
2008-12-27 16:04 . 2006-03-06 11:18 <DIR> d-------- d:\documents and settings\Shari\Application Data\You've Got Pictures Screensaver
2008-12-27 16:04 . 2008-12-29 17:16 <DIR> d-------- d:\documents and settings\Shari
2008-12-27 04:02 . 2008-12-27 04:02 <DIR> d--hs---- d:\documents and settings\NetworkService.NT AUTHORITY.005
2008-12-27 04:02 . 2008-12-27 04:02 <DIR> d--hs---- d:\documents and settings\LocalService.NT AUTHORITY.005
2008-12-27 03:38 . 2008-12-27 04:01 <DIR> d--hs---- d:\documents and settings\NetworkService.NT AUTHORITY.004
2008-12-27 03:38 . 2008-12-27 04:01 <DIR> d--hs---- d:\documents and settings\LocalService.NT AUTHORITY.004
2008-12-27 03:23 . 2008-12-27 03:38 <DIR> d--hs---- d:\documents and settings\NetworkService.NT AUTHORITY.003
2008-12-27 03:23 . 2008-12-27 03:38 <DIR> d--hs---- d:\documents and settings\LocalService.NT AUTHORITY.003
2008-12-26 03:23 . 2008-12-26 03:23 <DIR> d-------- c:\program files\CCleaner
2008-12-25 18:23 . 2008-12-27 01:50 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-25 17:39 . 2008-12-25 17:39 <DIR> d-------- d:\documents and settings\All Users\Application Data\avg8
2008-12-25 17:39 . 2008-12-30 18:08 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-25 17:39 . 2008-12-25 17:39 <DIR> d-------- c:\program files\AVG
2008-12-25 17:39 . 2008-12-25 17:39 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-25 17:39 . 2008-12-25 17:39 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-25 16:52 . 2008-12-25 16:52 <DIR> d-------- d:\documents and settings\All Users\Application Data\NortonInstaller
2008-12-18 16:05 . 2008-12-18 16:05 <DIR> d-------- C:\rsit
2008-12-18 16:05 . 2008-12-31 02:49 <DIR> d-------- c:\program files\trend micro
2008-12-18 00:43 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 00:43 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-18 00:18 . 2008-12-18 01:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 00:03 . 2008-12-18 00:18 <DIR> d---s---- d:\documents and settings\NetworkService.NT AUTHORITY.002
2008-12-18 00:03 . 2008-12-18 00:18 <DIR> d---s---- d:\documents and settings\LocalService.NT AUTHORITY.002
2008-12-17 17:27 . 2008-12-18 00:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware(2)
2008-12-10 22:18 . 2008-12-10 22:18 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-09 19:06 . 2008-12-09 19:06 482 --a------ c:\windows\system32\edl.dat
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\windows\system32\scripting
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\windows\system32\en
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\windows\system32\bits
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\windows\l2schemas
2008-12-09 17:53 . 2008-12-09 17:53 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-09 17:49 . 2008-12-09 17:49 <DIR> d-------- c:\windows\EHome
2008-12-09 17:45 . 2008-12-09 17:45 <DIR> d-------- c:\windows\system32\up
2008-12-09 17:45 . 2008-12-09 17:45 <DIR> d-------- c:\windows\system32\ma1
2008-12-09 16:54 . 2008-12-09 17:15 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2008-12-09 16:31 . 2008-12-09 16:31 <DIR> d-------- c:\program files\Rockstar Games
2008-12-05 18:41 . 2008-12-05 18:41 <DIR> d-------- d:\documents and settings\All Users\Application Data\vsosdk
2008-12-05 03:42 . 2008-12-05 03:42 <DIR> d-------- c:\program files\VSO
2008-12-05 03:42 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-12-05 03:42 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-12-05 03:42 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-12-05 03:42 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-12-05 03:42 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-12-05 03:42 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-12-05 03:42 . 2008-12-05 03:42 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-29 23:04 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-29 23:04 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-29 23:03 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-29 23:03 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-29 23:03 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-29 23:03 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-29 23:03 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-27 03:11 . 2008-11-27 03:11 <DIR> d-------- c:\windows\system32\AGEIA
2008-11-27 03:11 . 2008-11-27 03:11 <DIR> d-------- c:\program files\AGEIA Technologies
2008-11-27 03:10 . 2008-12-10 22:18 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-27 03:10 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-27 03:10 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-27 03:10 . 2008-12-31 03:49 201,151 --a------ c:\windows\system32\nvapps.xml
2008-11-27 03:10 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-11-24 21:46 . 2008-11-24 21:46 <DIR> d-------- c:\program files\YouTube Downloader
2008-11-20 20:44 . 2008-11-20 20:44 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-11-16 00:33 . 2008-11-16 00:33 <DIR> d-------- d:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-12 18:35 . 2008-10-24 11:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 16:47 . 2008-11-10 16:47 <DIR> d-------- d:\documents and settings\Family Account\Application Data\SUPERAntiSpyware.com
2008-11-10 16:41 . 2008-11-10 16:41 <DIR> d-------- d:\documents and settings\Family Account\Application Data\Malwarebytes
2008-11-09 03:14 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-06 00:53 . 2008-11-06 00:53 <DIR> d-------- c:\windows\system32\xlive
2008-11-04 01:07 . 2008-11-04 01:07 <DIR> d-------- c:\windows\Logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 03:49 --------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2008-12-23 03:04 3,532 ----a-w C:\drmHeader.bin
2008-12-13 10:34 91,440 ----a-w d:\documents and settings\Family Account\Application Data\GDIPFONTCACHEV1.DAT
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-09 16:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 04:02 --------- d-----w c:\program files\Adobe Photoshop CS3 (Light Version)
2008-12-02 21:58 --------- d-----w c:\program files\Java
2008-11-29 23:25 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-28 11:53 201,816 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-28 11:53 137,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-27 03:45 --------- d-----w c:\program files\Xfire
2008-11-16 00:36 --------- d-----w c:\program files\Sports Interactive
2008-11-12 02:49 --------- d-----w c:\program files\DivX
2008-10-29 19:03 682,280 ----a-w c:\windows\system32\pbsvc.exe
2008-10-29 19:03 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 729,088 ----a-w c:\windows\system32\nsf1E.tmp
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-28 17:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\nsq1D.tmp
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\nsb1C.tmp
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-09-04 09:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-08-26 08:19 23 ----a-w d:\documents and settings\Family Account\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-25 1261336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-21 185896]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"Nero DriveSpeed"="c:\progra~1\Ahead\NEROTO~1\DRIVES~1.EXE" [2005-10-31 602112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 c:\windows\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
ImageMixer for HDD Camcorder.lnk - c:\program files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe [2007-01-22 1871872]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-05-03 528384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
--------- 2005-11-17 09:51 975360 c:\apps\SMP\SMPSYS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"d:\\Documents and Settings\\Khw Family\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"d:\\Documents and Settings\\Khw Family\\My Documents\\utorrent.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Documents and Settings\\Khw Family\\My Documents\\AutoPlay\\programas\\dcc26\\DCC.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Documents and Settings\\Shari\\My Documents\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6887:TCP"= 6887:TCP:msnmsgr

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-25 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-25 231704]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-12-30 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 10:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/

c:\windows\Downloaded Program Files\KooPlayer.ocx - O16 -: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79}
hxxp://www.vivitv.com/KooPlayer.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 04:04:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-12-31 4:05:17
ComboFix-quarantined-files.txt 2008-12-31 04:05:09
ComboFix2.txt 2008-12-25 17:23:42

Pre-Run: 3,916,038,144 bytes free
Post-Run: 3,895,619,584 bytes free

341 --- E O F --- 2008-12-27 00:41:57


Edited by basima, 30 December 2008 - 11:12 PM.


BC AdBot (Login to Remove)

 


#32 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:20 AM

Posted 31 December 2008 - 01:16 AM

The log looks good.


We uninstall Combofix after you do all the required changes.

I tried to do what you said with remove.bat, but when I double click on it, I get the message "cannot find the log.tx file. Do you want to create a new one?"

So what do I do then?


No need to do anything. The file is removed.

When I click on say like notepad nothing happens. But when I went to run and typed in '%SystemRoot%\system32\notepad.exe' notepad did open.


And how can I solve the missing icon/shortcut problem?


Good job making the screenshot. I see on the screen that the following shortcuts are empty. You see that they all have a particular shape. They are not connected to the actual file because the path is changed.

Address Book
Command Prompt
Notepad
Program Cmpatibility Wizard
synchronize
Tour Windows XP
Windows Explorer


You can do many things, the easiest way: We use notepad as example, you can use all the others (Address Book, Command Prompt, etc.)
  • Set Windows to show file extensions:
    • Click Start, open My Computer, select the Tools menu and
    • click Folder Options.
    • Select the View Tab.
    • Uncheck: Hide file extensions for known file types
    • Click Yes to confirm.
    Note: When you finished the step set the folder view options to its default again.

  • Use the windows search advanced options:
    • Go to start -> Search -> click All files and folders.
    • Click More advanced options.
    • Put a check mark in the box nest to search system folders, search hidden files and folders and search sub-folders.
    • Make sure Case Sensitive box in not checked.
    • Type notepad in the upper box and click on search.

    It will give all the notepad shortcuts. Select one of them (it should not be an empty one like you have)
    Right-click and select Pin to Start menu
    Do the same for others too.

    In case you can't find a good shortcut, you can do it in this way (in case of Windows Explorer as an example):
    Go to C:\Windows\explorer.exe
    Right-click explorer.exe and select Pin to Start menu.

    Then remove all the old/empty shortcuts from the start menu by right-clicking and selecting Remove from This list.


#33 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 31 December 2008 - 08:36 AM

Ok, i have restored all my short cuts now. And my pc seems to be running fine now. :thumbsup:

Anything else I need to do?

Do I have to get rid of combofix now?

And what about my old user account?

#34 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:20 AM

Posted 31 December 2008 - 08:51 AM

Good news. :thumbsup:

Go to start > run and copy and paste or type next command in the field then hit enter:

ComboFix /u

Note: There's a space between Combofix and /

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

I wanted to remind you that installing programs on another partition than the default (C drive) might causes problems.

About your old account, when you have made sure you have copied all the files to your new account, go to start -> Run -> Control Panel -> User Account -> Change an account -> select the old account and delete it. When asked if you want to delete the related files also say Yes.

Please tell me if you have any question.

#35 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 31 December 2008 - 09:06 AM

ok, I have deleted the old user.

But when I go to my computer it didn't seem to free any space up on my hardrive. I had easily over 30gb of stuff in my documents in the old user...

any ideas?

#36 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:20 AM

Posted 31 December 2008 - 09:14 AM

Run CCleaner and see if it can make a difference.

#37 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 31 December 2008 - 09:20 AM

Run CCleaner and see if it can make a difference.


didn't free up the space.

#38 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:20 AM

Posted 31 December 2008 - 09:27 AM

I'm going now to do some shopping, post back later on or tomorrow.

#39 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 31 December 2008 - 09:58 AM

I'm going now to do some shopping, post back later on or tomorrow.


ok cool.

#40 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:20 AM

Posted 31 December 2008 - 10:50 AM

I try to do some maths.

How much free space do you have now on your hard drive?
You said you copied all except your music files. You had also videos where did you copied them to?

#41 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 31 December 2008 - 01:49 PM

I try to do some maths.

How much free space do you have now on your hard drive?
You said you copied all except your music files. You had also videos where did you copied them to?


I had about 40gb of free space before I created a new user. I then copied about 30gb from old user to new user, so about 10gb was left.

I checked it before I deleted the old user and confirmed it was 10gb. Then after deleting the old user, I went to my computer to check and it was still 10gb.


Edit: My live windows messenger 8.1 seems to be also playing up now. Cant login and get an error code:80048883.

Any ideas?

Edited by basima, 31 December 2008 - 06:39 PM.


#42 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:20 AM

Posted 01 January 2009 - 07:38 AM

I checked it before I deleted the old user and confirmed it was 10gb. Then after deleting the old user, I went to my computer to check and it was still 10gb

.

I don't know. It just doesn't fit my maths.:thumbsup:


My live windows messenger 8.1 seems to be also playing up now. Cant login and get an error code:80048883.


Uninstall and reinstall it again and see if it helps. Google gave me this also: http://msn-errors.blogspot.com/2006/11/how...048883-msn.html

Any other question?

#43 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:20 AM

Posted 01 January 2009 - 11:13 AM

Please don't miss my last post.

About the free space, I'm not sure, perhaps Windows has made a restore point when you removed the corrupted account. So try this and tell me if it made a difference:

First set a restore point. To set a new restore point:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then remove the old restore points. To remove the old restore points:
  • Go to Start > Run then type: Cleanmgr in the box and click "OK".
  • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
  • Click OK and Yes.


#44 basima

basima
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 01 January 2009 - 03:03 PM

Before I tried your restore point method I thought I would investigate something.

I went into safe mode and logged in as administrator. I went to my computer and checked Documents and Settings. The Khw Family folder was still there! Along with all the files and folders contained inside it.

I then tried to delete it, but there were a few files I couldn't delete. So I went inside the folder and deleted the files I could one by one.

I thought the folder was meant to be deleted along with the user? Anyway, I have now made free over 30gb of space. :thumbsup:

I'll show you the files I couldn't delete and maybe you could help me with them. And I will try the msn fix now and let you know.

#45 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:20 AM

Posted 01 January 2009 - 06:27 PM

I thought the folder was meant to be deleted along with the user? Anyway, I have now made free over 30gb of space. smile.gif


I thought so. Now I thing I know what is happened. When you couldn't open Khw Family folder we changed the ownership and permissions in order to be able to open it. But when you removed Khw Family account the foleder wasn't deleted by Windows because it didn't belonged to Khuw Family any more.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users