| beatrice |
| (new user) |
| Mon Mar 03 2008 04:37 PM |
my desktop icons and toolbar have disapeared....
|
my desktop icons and toolbar have disapeared,
i try many things,i scaned with "superantispyware",i tried with "SDFix.exe"too,i scaned with my antivirus "esset"(Nod 32)nothing works and i don't know what to do
Please help me
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:17 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\New Folder\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
D:\New Folder\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar Browser Helper Object - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\New Folder\SZSG.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\New Folder\SZIEBHO.dll
O2 - BHO: (no name) - {FFC5CF77-13E3-4127-A069-2DBDB9AD00A5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\New Folder\SZSG.dll
O4 - HKLM\..\Run: [SBCSTray] D:\New Folder\SBCSTray.exe
O4 - HKLM\..\Run: [BM3b39471e] Rundll32.exe "C:\WINDOWS\system32\yamygiau.dll",s
O4 - HKLM\..\Run: [MSN] C:\Windows
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "D:\New Folder\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\New Folder (2)\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000</a>
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - D:\New Folder\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - D:\New Folder\SBCSSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
--
End of file - 9368 bytes
THANK YOU
| bricat |
| (HijackThis Helper) |
| Mon Mar 03 2008 06:14 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
Welcome to the Webuser forum.
I don't see much in your HJT log, have you tried a system restore to a point before the problem occurred ?
How to Start and Use System Restore
To start System Restore, follow these steps:
1. Click Start, point to Programs, point to Accessories, point to System Tools, and then click System Restore.
The first time you use System Restore, there are two options on the Welcome page:
• Restore my computer to an earlier time
• Create a restore point
2. Click Restore my computer to an earlier time and click Next.
A calendar appears.
3. In the calendar, choose which Restore Point to roll your system back to.(before your problems started)
4. Click Next.
You are prompted to close all applications before completing the Restore process because the computer will restart.
5. Upon completion of the restart, a confirmation screen appears. Click OK to continue using your computer.
let us know how you get on.
| beatrice |
| (new user) |
| Mon Mar 03 2008 07:19 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
I tried with restore system ,but i don't have any date to restore before that incident and i don't have "start" too. If i want to gave restore single possibility to come in my computer it is only with "ctrl+alt+del"(task manager),new task,c:windows, system 32,restore.I was also in regedit to see if it is from shell"explorer.exe",but was correct so i don't know where is the problem.
Thank you
| beatrice |
| (new user) |
| Mon Mar 03 2008 07:40 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
I tried with restore system ,but i don't have any date to restore before that incident and i don't have "start" too. If i want to gave restore single possibility to come in my computer it is only with "ctrl+alt+del"(task manager),new task,c:windows, system 32,restore.I was also in regedit to see if it is from shell"explorer.exe",but was correct so i don't know where is the problem.
Thank you.I tried also to reinstall windows but was impossible when the setup start the blue screen "death screen" appear and i can't do nothing.
| bricat |
| (HijackThis Helper) |
| Mon Mar 03 2008 11:03 PM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
try this if you can get on the net :-
* Please visit this webpage for instructions for downloading and running ComboFix:
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
| beatrice |
| (new user) |
| Tue Mar 04 2008 02:28 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
I did what you said with "ComboFix.exe" but,situation is the same.
ComboFix 08-03-04.2 - 2008-03-04 15:55:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.544 [GMT -7:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM3b39471e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini2
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\system32\mycjamib.ini
C:\WINDOWS\system32\oxpnkhcs.ini
C:\WINDOWS\system32\qpqss.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.
2008-03-04 15:58 . 2008-03-04 15:58 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-03-04 15:58 . 2008-03-04 15:58 <DIR> d-------- C:\WINDOWS\srchasst
2008-03-04 15:58 . 2008-03-04 15:58 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-03-03 20:45 . 2008-03-03 20:45 <DIR> d-------- C:\Users\All Users\Application Data\Martau
2008-03-03 20:16 . 2008-03-03 20:16 <DIR> d-------- C:\Program Files\total
2008-03-03 17:37 . 2008-03-03 17:38 1,756 --a------ C:\WINDOWS\mozver.dat
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Users\All Users\Application Data\Apple Computer
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Users\All Users\Application Data\Apple
2008-03-03 16:15 . 2008-03-03 16:16 <DIR> d-------- C:\Program Files\QuickTime
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-01 19:33 . 2008-03-01 19:33 122 --a------ C:\WINDOWS\Winchat.ini
2008-03-01 15:43 . 2008-03-01 15:43 0 --a------ C:\~GLHTTP1.TMP
2008-03-01 15:04 . 2008-03-01 15:04 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-03-01 15:04 . 2008-03-01 15:04 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-03-01 15:03 . 2008-03-01 15:03 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-03-01 14:54 . 2008-03-01 14:54 <DIR> d-------- C:\Users\All Users\Application Data\Sunbelt Software
2008-03-01 14:54 . 2008-03-01 14:54 <DIR> d-------- C:\Users\Administrator\Application Data\Sunbelt Software
2008-03-01 14:42 . 2008-03-01 14:42 <DIR> d-------- C:\VundoFix Backups
2008-03-01 14:36 . 2008-03-01 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 12:02 . 2008-02-29 22:12 0 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-02-27 16:08 . 2008-02-27 16:08 <DIR> d-------- C:\Users\Administrator\Application Data\URSoft
2008-02-26 20:11 . 2008-02-26 20:11 <DIR> d-------- C:\Users\Administrator\Application Data\Uniblue
2008-02-26 19:12 . 2007-12-21 01:58 455,256 -ra------ C:\txtsetup.sif
2008-02-26 19:12 . 2007-12-21 01:57 259,776 -ra------ C:\$LDR$
2008-02-26 16:13 . 2008-02-26 16:14 <DIR> d-------- C:\Users\All Users\Application Data\SITEguard
2008-02-26 16:12 . 2008-03-04 15:58 <DIR> d-------- C:\Users\All Users\Application Data\STOPzilla!
2008-02-26 16:12 . 2008-02-26 16:12 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-02-25 22:04 . 2008-02-25 22:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-25 17:01 . 2008-02-25 17:01 <DIR> d-------- C:\Users\All Users\Application Data\Lavasoft
2008-02-24 21:35 . 2008-02-24 21:35 36,864 --a------ C:\WINDOWS\system32\urqoppm.dll
2008-02-24 21:35 . 2008-02-24 21:35 36,864 --a------ C:\WINDOWS\system32\fccabyy.dll
2008-02-17 16:28 . 2008-02-17 16:28 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-17 00:21 . 2008-02-17 14:26 0 --a------ C:\WINDOWS\ka.ini
2008-02-17 00:20 . 2008-02-17 14:26 <DIR> d-------- C:\Users\All Users\Application Data\Vivendi Universal Games
2008-02-17 00:20 . 2008-02-17 00:20 <DIR> d-------- C:\Program Files\Common Files\Vivendi Universal Games
2008-02-05 20:50 . 2008-02-05 20:50 <DIR> d-------- C:\Users\All Users\Application Data\PC Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 06:16 --------- d-----w C:\Users\Administrator\Application Data\uTorrent
2008-03-04 00:58 --------- d-----w C:\Program Files\Nirsoft
2008-03-02 05:05 --------- d-----w C:\Users\All Users\Application Data\Skype
2008-03-02 05:05 --------- d-----w C:\Program Files\Skype
2008-03-02 05:03 --------- d-----w C:\Program Files\Yahoo!
2008-03-02 04:47 --------- d-----w C:\Users\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-02 04:38 --------- d-----w C:\Users\Administrator\Application Data\skypePM
2008-03-01 05:49 --------- d---a-w C:\Users\All Users\Application Data\TEMP
2008-02-27 17:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 17:22 --------- d-----w C:\Users\All Users\Application Data\Ulead Systems
2008-02-27 17:21 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-02-27 17:16 --------- d-----w C:\Program Files\EA GAMES
2008-02-26 21:26 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-24 23:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 01:27 --------- d-----w C:\Users\Administrator\Application Data\LimeWire
2008-02-20 05:03 --------- d-----w C:\Users\Administrator\Application Data\Yahoo!
2008-02-17 21:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-17 21:33 --------- d-----w C:\Users\Administrator\Application Data\dvdcss
2008-02-09 00:23 --------- d-----w C:\Program Files\ESET
2008-02-03 06:13 --------- d-----w C:\Users\Administrator\Application Data\Ulead Systems
2008-02-03 05:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-03 04:29 --------- d-----w C:\Users\Administrator\Application Data\InstallShield
2008-02-03 04:27 --------- d-----w C:\Program Files\Windows Media Components
2008-02-03 04:27 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-01-31 19:16 34,944 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2008-01-31 01:57 --------- d-----w C:\Users\Administrator\Application Data\VeniceMysteryData
2008-01-30 03:31 --------- d-----w C:\Users\All Users\Application Data\Christmasville
2008-01-30 03:07 --------- d-----w C:\Users\Administrator\Application Data\Super-Cow
2008-01-30 01:29 --------- d-----w C:\Users\All Users\Application Data\SpinTop Games
2008-01-29 23:16 --------- d-----w C:\Users\All Users\Application Data\Trymedia
2008-01-29 20:26 --------- d-----w C:\Users\All Users\Application Data\Escape From Paradise
2008-01-19 06:18 --------- d-----w C:\Users\Administrator\Application Data\mIRC
2008-01-18 05:38 --------- d-----w C:\Users\Administrator\Application Data\Hamachi
2008-01-18 05:33 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-09 00:19 --------- d-----w C:\Program Files\uTorrent
2008-01-06 23:26 --------- d-----w C:\Program Files\AlfaClock 2
2007-12-17 02:50 32 ----a-w C:\Users\All Users\Application Data\ezsid.dat
2005-12-12 01:56 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2005-12-12 01:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2005-12-12 01:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012005121120051212\index.dat
2005-12-12 01:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
1a5fb58fc6e970a308719a4ea49eb8b5 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,704 2007-09-01 09:00:00 C:\WINDOWS\system32\drivers\tcpip.sys
69a39aaff83508304fc92b49a81915de C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,321,792 2007-09-01 09:00:00 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:21 1694208]
"Uniblue RegistryBooster 2"="D:\New Folder (2)\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-02-02 21:08 219952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-16 19:49 171448]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 07:16 171464]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-09-01 02:00 15360]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2007-03-11 12:00 448000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBCSTray"="D:\New Folder\SBCSTray.exe" [2007-12-21 15:30 698864]
"BM3b39471e"="C:\WINDOWS\system32\yamygiau.dll" [ ]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-09-01 02:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-12-11 19:09 921600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 00:06 40048]
"SunJavaUpdateSched"="" []
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 06:38 16384512 C:\WINDOWS\RTHDCPL.EXE]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2007-09-01 02:00 169984]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"a-squared"="D:\New Folder\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LXPNewUser"="C:\WINDOWS\System32\TrunksLXP-NUserFix.cmd" [2007-09-01 02:00 2303]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-09-01 02:00 44544]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-09-01 02:00 123904 C:\WINDOWS\system32\advpack.dll]
C:\Users\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwly32]
winwly32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-09-23 09:53]
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-03-01 15:03]
R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-01-31 12:16]
R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2006-10-19 00:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\monsetup.exe
*Newly Created Service* - ASPI32
*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 23:15:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-24 16:11:26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1197907725.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 16:04:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\New Folder\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
D:\New Folder\SBCSSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-03-04 16:05:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-04 23:05:21
thank you for helping me, i will try to "racovery"from CD.
| beatrice |
| (new user) |
| Tue Mar 04 2008 02:30 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:31 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\New Folder\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
D:\New Folder\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar Browser Helper Object - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\New Folder\SZSG.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\New Folder\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\New Folder\SZSG.dll
O4 - HKLM\..\Run: [SBCSTray] D:\New Folder\SBCSTray.exe
O4 - HKLM\..\Run: [BM3b39471e] Rundll32.exe "C:\WINDOWS\system32\yamygiau.dll",s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "D:\New Folder\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\New Folder (2)\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - D:\New Folder\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - D:\New Folder\SBCSSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
--
End of file - 9222 bytes
| bricat |
| (HijackThis Helper) |
| Tue Mar 04 2008 03:07 PM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
unfortunately you didn't install the recovery console
Quote:
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
can you go back to that link and install the recovery console, then run combofix again and post the new combofix log.
| beatrice |
| (new user) |
| Tue Mar 04 2008 03:24 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
I am sorry, i don't know how to install "recovery" because i don't have "start button and run "i can use only task manager like "new task ".
I tried from restart computer and when the setup windows show up to push "R",but i got also problem , "blue screen " where it was writhe this:
A problem has been detected and the windows has been shut down to prevent damage to your computer ...follow these steps,check for viruses on your computer .Remove any newly installed hard drive controllers, check your hard drive to make sure it is properly configurated and terminated .Run CHKDSK/F to check for hard drive corruption and then restart your computer.Tehnical information "STOP:0x0000007B(0xF7AFA524, 0x0000034, 0x000000000, 0x00000000)".And i can't run CHKDSK/F becose like i said before i don't have start button and run too.
Thank you for your time.
| bricat |
| (HijackThis Helper) |
| Tue Mar 04 2008 06:38 PM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
sorry i should have realized.
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
File::
C:\~GLHTTP1.TMP
C:\WINDOWS\system32\urqoppm.dll
C:\WINDOWS\system32\fccabyy.dll
C:\WINDOWS\iun6002.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\winwly32]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
Then :-
Rerun HJT,and put a checkmark beside these :-
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O4 - HKLM\..\Run: [BM3b39471e] Rundll32.exe "C:\WINDOWS\system32\yamygiau.dll",s
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
now close all windows and browsers and click FIX CHECKED
bring up taskmanager then click FILE >> new task run, type in MSConfig and click ok
When the System Configuration Utility opens,
click on the 'Startup Tab' and make sure there is a checkmark beside each entry.
Also check the 'General Tab' has the "normal startup" option checked. REBOOT when asked to by Windows to complete the change.
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
| beatrice |
| (new user) |
| Wed Mar 05 2008 11:35 AM |
|
Re: my desktop icons and toolbar have disapeared....
|
Hello again i did what you said with HiJack i fix that file what you saidand this is the new log
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\New Folder\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
D:\New Folder\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar Browser Helper Object - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\New Folder\SZSG.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\New Folder\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\New Folder\SZSG.dll
O4 - HKLM\..\Run: [SBCSTray] D:\New Folder\SBCSTray.exe
O4 - HKLM\..\Run: [BM3b39471e] Rundll32.exe "C:\WINDOWS\system32\yamygiau.dll",s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "D:\New Folder\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [combofix] \ /c C:\ComboFix(2)\Combobatch.bat
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\New Folder (2)\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [NoteZilla] D:\New Folder\NoteZilla\NoteZilla.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [LXPNewUser] %SystemRoot%\System32\TrunksLXP-NUserFix.cmd (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - D:\New Folder\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - D:\New Folder\SBCSSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
--
End of file - 9361 bytes
But with combofix i couldn't ,i'm really sorry
Can i ask you something?
I have a program "EVEREST Ultimate Edition" probable you know,or sure you know
but you think with this program, you can find more about, my computer problem (or have to be more private?)if i scan with??????? Thank you
| bricat |
| (HijackThis Helper) |
| Wed Mar 05 2008 02:31 PM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
Quote:
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply
did you follow my instructions for combofix ?
can you post the combofix text.
| beatrice |
| (new user) |
| Thu Mar 06 2008 10:37 AM |
|
Re: my desktop icons and toolbar have disapeared....
|
Hello, i did what you said to copy/paste that information on ComboFix
but it said" Where do you trying to run CFScript?The name, CFScript
appears to be incorrectly spelt"...this is the message witch appear
every time.
| bricat |
| (HijackThis Helper) |
| Thu Mar 06 2008 12:15 PM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
Quote:
Where do you trying to run CFScript
It has to be named CFScript.txt
any variation in the name won't work
| beatrice |
| (new user) |
| Thu Mar 06 2008 02:07 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
This is the new log from ComboFix and in the final scan i get a alert info like
:don't find "explorer.exe"
ComboFix 08-03-04.2 - 2008-03-06 16:00:49.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.552 [GMT -7:00]
Running from: C:\Users\Administrator\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\~GLHTTP1.TMP
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\fccabyy.dll
C:\WINDOWS\system32\urqoppm.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.
2008-03-06 12:18 . 2008-03-06 12:18 <DIR> d-------- C:\ComboFix(4)
2008-03-06 11:52 . 2008-03-06 11:52 <DIR> d-------- C:\Program Files\ACW
2008-03-05 12:58 . 2008-03-05 12:58 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-03-05 12:58 . 2008-03-05 12:58 <DIR> d-------- C:\WINDOWS\srchasst
2008-03-05 12:58 . 2008-03-05 12:58 <DIR> d-------- C:\Program Files\total
2008-03-05 12:58 . 2008-03-05 12:58 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-03-05 12:33 . 2008-03-05 12:33 <DIR> d-------- C:\Users\Administrator\Application Data\Conceptworld
2008-03-04 22:36 . 2008-03-04 22:36 <DIR> d-------- C:\New Folder
2008-03-03 17:37 . 2008-03-03 17:38 1,756 --a------ C:\WINDOWS\mozver.dat
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Users\All Users\Application Data\Apple
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-03 16:15 . 2008-03-03 16:15 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-01 19:33 . 2008-03-01 19:33 122 --a------ C:\WINDOWS\Winchat.ini
2008-03-01 15:04 . 2008-03-01 15:04 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-03-01 15:04 . 2008-03-01 15:04 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-03-01 14:54 . 2008-03-01 14:54 <DIR> d-------- C:\Users\Administrator\Application Data\Sunbelt Software
2008-03-01 14:42 . 2008-03-01 14:42 <DIR> d-------- C:\VundoFix Backups
2008-03-01 14:36 . 2008-03-01 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 12:02 . 2008-02-29 22:12 0 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-02-27 16:08 . 2008-02-27 16:08 <DIR> d-------- C:\Users\Administrator\Application Data\URSoft
2008-02-26 20:11 . 2008-02-26 20:11 <DIR> d-------- C:\Users\Administrator\Application Data\Uniblue
2008-02-26 19:12 . 2007-12-21 01:58 455,256 -ra------ C:\txtsetup.sif
2008-02-26 19:12 . 2007-12-21 01:57 259,776 -ra------ C:\$LDR$
2008-02-26 16:13 . 2008-02-26 16:14 <DIR> d-------- C:\Users\All Users\Application Data\SITEguard
2008-02-26 16:12 . 2008-03-06 15:59 <DIR> d-------- C:\Users\All Users\Application Data\STOPzilla!
2008-02-26 16:12 . 2008-02-26 16:12 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-02-25 22:04 . 2008-02-25 22:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-25 17:01 . 2008-02-25 17:01 <DIR> d-------- C:\Users\All Users\Application Data\Lavasoft
2008-02-17 16:28 . 2008-02-17 16:28 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-17 00:21 . 2008-02-17 14:26 0 --a------ C:\WINDOWS\ka.ini
2008-02-17 00:20 . 2008-02-17 14:26 <DIR> d-------- C:\Users\All Users\Application Data\Vivendi Universal Games
2008-02-17 00:20 . 2008-02-17 00:20 <DIR> d-------- C:\Program Files\Common Files\Vivendi Universal Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 03:48 --------- d-----w C:\Program Files\EA GAMES
2008-03-05 21:25 --------- d-----w C:\Users\All Users\Application Data\Yahoo!
2008-03-05 21:25 --------- d-----w C:\Users\Administrator\Application Data\Yahoo!
2008-03-05 21:19 --------- d-----w C:\Program Files\ESET
2008-03-05 20:10 244 ----a-w C:\Program Files\New Text Document.txt
2008-03-04 00:58 --------- d-----w C:\Program Files\Nirsoft
2008-03-02 05:05 --------- d-----w C:\Users\All Users\Application Data\Skype
2008-03-02 05:05 --------- d-----w C:\Program Files\Skype
2008-03-02 05:03 --------- d-----w C:\Program Files\Yahoo!
2008-03-02 04:47 --------- d-----w C:\Users\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-02 04:38 --------- d-----w C:\Users\Administrator\Application Data\skypePM
2008-03-01 05:49 --------- d---a-w C:\Users\All Users\Application Data\TEMP
2008-02-27 17:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 17:22 --------- d-----w C:\Users\All Users\Application Data\Ulead Systems
2008-02-27 17:21 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-02-26 21:26 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-24 23:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 01:27 --------- d-----w C:\Users\Administrator\Application Data\LimeWire
2008-02-17 21:33 --------- d-----w C:\Users\Administrator\Application Data\dvdcss
2008-02-06 03:50 --------- d-----w C:\Users\All Users\Application Data\PC Tools
2008-02-03 06:13 --------- d-----w C:\Users\Administrator\Application Data\Ulead Systems
2008-02-03 05:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-03 04:29 --------- d-----w C:\Users\Administrator\Application Data\InstallShield
2008-02-03 04:27 --------- d-----w C:\Program Files\Windows Media Components
2008-02-03 04:27 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-02-01 21:36 229,376 ----a-r C:\WINDOWS\system32\SZBase5.dll
2008-01-31 19:16 34,944 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2008-01-31 01:57 --------- d-----w C:\Users\Administrator\Application Data\VeniceMysteryData
2008-01-31 00:53 126,976 ----a-r C:\WINDOWS\system32\IS3HTUI5.dll
2008-01-31 00:52 61,440 ----a-r C:\WINDOWS\system32\IS3Hks5.dll
2008-01-31 00:52 372,736 ----a-r C:\WINDOWS\system32\IS3UI5.dll
2008-01-31 00:52 364,544 ----a-r C:\WINDOWS\system32\IS3DBA5.dll
2008-01-31 00:51 23,040 ----a-r C:\WINDOWS\system32\IS3XDat5.dll
2008-01-31 00:51 192,512 ----a-r C:\WINDOWS\system32\IS3Win325.dll
2008-01-31 00:50 94,208 ----a-r C:\WINDOWS\system32\IS3Inet5.dll
2008-01-31 00:50 90,112 ----a-r C:\WINDOWS\system32\IS3Svc5.dll
2008-01-31 00:47 704,512 ----a-r C:\WINDOWS\system32\IS3Base5.dll
2008-01-30 03:31 --------- d-----w C:\Users\All Users\Application Data\Christmasville
2008-01-30 03:07 --------- d-----w C:\Users\Administrator\Application Data\Super-Cow
2008-01-30 01:29 --------- d-----w C:\Users\All Users\Application Data\SpinTop Games
2008-01-29 23:16 --------- d-----w C:\Users\All Users\Application Data\Trymedia
2008-01-29 20:26 --------- d-----w C:\Users\All Users\Application Data\Escape From Paradise
2008-01-19 06:18 --------- d-----w C:\Users\Administrator\Application Data\mIRC
2008-01-18 05:38 --------- d-----w C:\Users\Administrator\Application Data\Hamachi
2008-01-18 05:33 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-06 23:26 --------- d-----w C:\Program Files\AlfaClock 2
2007-12-17 02:50 32 ----a-w C:\Users\All Users\Application Data\ezsid.dat
2007-12-14 04:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2005-12-12 01:56 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2005-12-12 01:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2005-12-12 01:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012005121120051212\index.dat
2005-12-12 01:56 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
1a5fb58fc6e970a308719a4ea49eb8b5 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,704 2007-09-01 09:00:00 C:\WINDOWS\system32\drivers\tcpip.sys
69a39aaff83508304fc92b49a81915de C:\WINDOWS\system32\ntoskrnl.exe
----a-w 2,321,792 2007-09-01 09:00:00 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:21 1694208]
"Uniblue RegistryBooster 2"="D:\New Folder (2)\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-16 19:49 171448]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 07:16 171464]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-09-01 02:00 15360]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2007-03-11 12:00 448000]
"NoteZilla"="D:\New Folder\NoteZilla\NoteZilla.exe" [2007-09-08 16:17 1790528]
"QNPlus"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-09-01 02:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-12-11 19:09 921600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 00:06 40048]
"SunJavaUpdateSched"="" []
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 06:38 16384512 C:\WINDOWS\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LXPNewUser"="C:\WINDOWS\System32\TrunksLXP-NUserFix.cmd" [2007-09-01 02:00 2303]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2007-09-01 02:00 44544]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-09-01 02:00 123904 C:\WINDOWS\system32\advpack.dll]
C:\Users\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-06 00:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-09-23 09:53]
R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-01-31 12:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\monsetup.exe
*Newly Created Service* - ASPI32
.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 23:15:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-24 16:11:26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1197907725.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 16:01:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-06 16:02:16
ComboFix-quarantined-files.txt 2008-03-06 23:02:08
ComboFix2.txt 2008-03-04 23:05:51
| beatrice |
| (new user) |
| Thu Mar 06 2008 02:31 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
this is the message which appear after scan end"windows cannot find explorer.exe.Make sure you typed the name correctly and then try again.To search for file click the start button and then click search and ok"
| bricat |
| (HijackThis Helper) |
| Thu Mar 06 2008 03:16 PM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
try running sfc \scannow
to see if any system files are missing.
put your XP disc in the drive.
click on START\RUN and type CMD into the address bar and click OK.
At the DOS PROMPT type SFC /SCANNOW. note the space between SFC and /SCANNOW. hit enter.
then let me know how it is running and if you are still getting the error.
| beatrice |
| (new user) |
| Fri Mar 07 2008 10:12 AM |
|
Re: my desktop icons and toolbar have disapeared....
|
The problem is i don't have the same windows CD, because when i bought this computer it was already with windows installed in, so... every time when i try to do that "SFC /SCANNOW" always, ask me for that version which is installed in.And i tried many times.
| beatrice |
| (new user) |
| Fri Mar 07 2008 10:34 AM |
|
Re: my desktop icons and toolbar have disapeared....
|
Hello, i thank you from all my hearth for helping me and plsss forgive me if i don't do nothing right,i am just a teacher(my job is to work with kids )so: if you get tired of all my messages plsss tell me. I start , to get tired too of this computer problems, i don't know, i'm not good for this, i don't know to do nothing right.
| bricat |
| (HijackThis Helper) |
| Fri Mar 07 2008 10:48 AM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
no problems, we all had to learn.
and still are learning.
can you borrow an Xp pro disc from someone ?
if not, try this :-
* Close all visible Windows Explorer windows. Other running applications can be left alone.
* Press Ctrl-Alt-Del, to bring up TaskManager.
* In the Windows Task Manager application that appears,click on FILE at the top.
select New Task (Run) from the File menu.
* Type Explorer and click Ok.
does your icons and taskbar appear.
| beatrice |
| (new user) |
| Fri Mar 07 2008 12:06 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
i run like u said in the task manager, new task and i typed "Explorer "and this message came after (Windows cannot find "Explorer", make sure you typed the name correctly and try again.To search for a file click the start button and then click search)this is the entire message which appear.
About windows CD i have but is not the same version with the windows installed on computer.
| bricat |
| (HijackThis Helper) |
| Fri Mar 07 2008 01:42 PM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
try this :-
Open a blank notepad.
Copy the BOLD text below to the blank NOTEPAD.
call it FIX.REG --- (where it says FILE NAME)
save it to your desktop.----(at the top where it says SAVE IN, click the drop down menu and select DESKTOP)
save as "all files" ---- (where it says SAVE AS TYPE click the drop down menu and choose ALL FILES)
on your desktop double click on FIX.REG and allow it to merge with the registry when it asks.
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ImageFileExecution Options\explorer.exe]
then reboot your computer.
| beatrice |
| (new user) |
| Fri Mar 07 2008 09:06 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
i did but doesn't ask me nothing and when i go in regedit till image file executive option didn't appear any explorer.exe. sorry maybe i mistake something.i writhe and that notepad with bold in desktop ang try to make both to merge but i didn't get anything.
| bricat |
| (HijackThis Helper) |
| Fri Mar 07 2008 11:25 PM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
did you save it as "all files" ---- (where it says SAVE AS TYPE click the drop down menu and choose ALL FILES) ?
try this :-
have a look for C:\i386 folder, it may be in C:\windows\i386
if you find it open it and look for EXPLORER.EXE
if you find it right click on it and copy it.
then go to C:\windows, right click and "paste" the explorer.exe file there.
then reboot.
| beatrice |
| (new user) |
| Sat Mar 08 2008 10:08 AM |
|
Re: my desktop icons and toolbar have disapeared....
|
"i386" i find only in this kind of way C:\WINDOWS\system32\krni386.exe and icouldn't open. Can i ask you???? what will happends if i gave a "backup"?
| bricat |
| (HijackThis Helper) |
| Sat Mar 08 2008 11:26 AM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
Quote:
Can i ask you???? what will happends if i gave a "backup"?
not sure i understand you.
we've already tried system restore.
try this scan :-
Using Internet Explorer, click here to use the Eset Online Scanner.
- Accept the terms of use and click the Start button.
- When prompted to install an ActiveX Control, click the yellow notification bar and select Install ActiveX Control..
- Click the Install button on the Security Warning window which appears.
- Once the ActiveX installs click the Start button to download the signature database when prompted.
- On the "Computer Scan" options window select Remove found threats ONLY, then click Scan.
- A log file of the results can be found at C:/Program Files/EsetOnlineScanner/log.txt
- Post the results in your next reply please.
| beatrice |
| (new user) |
| Sat Mar 08 2008 12:19 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
This is what i got: Your browser is not supported.
ESET Online Scanner is based on ActiveX technology and requires Microsoft Internet Explorer with enabled ActiveX controls. User has to agree to install ActiveX package signed by ESET.
For more details check System Requirements.
I don't have start button, i don't have nothing (no tolbar,no start no,no browser)sorry.If my computer it was working little bit, i could let you to come in with ip and the special program but doesn't work so i can't show you what it's here.
| beatrice |
| (new user) |
| Sat Mar 08 2008 12:44 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
when i open 1 program which i told you about "lavalyst...EVERESTUltimate Edition it show me Direct X (Files,Video, Sound,Music and Imput)all this direct X with X on like errors and OpenGL (properties and Features)with the same x on it.
| bricat |
| (HijackThis Helper) |
| Sat Mar 08 2008 10:00 PM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
i think you really need to get an XP disc , the same version that is installed on your computer and try the SFC /SCANNOW
it's obvious there are files missing on your system.
| beatrice |
| (new user) |
| Sun Mar 09 2008 11:11 AM |
|
Re: my desktop icons and toolbar have disapeared....
|
Hello again .Can i ask you ?
Is not possible to reinstall new windows without to appear the blue screen (death screen)?And to don't have the same version?
| bricat |
| (HijackThis Helper) |
| Sun Mar 09 2008 11:31 AM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
you can install windows again, but you will lose everything on your computer.
try a REPAIR INSTALL OF XP first.
you may lose some of your data using this.
| beatrice |
| (new user) |
| Sun Mar 09 2008 01:13 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
are not so important my documents,i want to install the new windows doesn't matter,but it is impossible, i installed "recovery console" and i gave restart to repair but i got again the blue screen, and if i want to reinstall the same (i know to install windows)blue screen really i can't do nothing.Bellive me the old computer which i had, i never got so many problems like this one.
| bricat |
| (HijackThis Helper) |
| Sun Mar 09 2008 01:41 PM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
don't use the recovery console.
put the XP disc and reboot the computer, if the disc starts it will find the windows that you have , tell it to reformat and reinstall windows.
| beatrice |
| (new user) |
| Sun Mar 09 2008 03:39 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
I tried to reinstall windows,so i tried 2 windows CD but>
The first CD, when the setup start and run till there where -to setup windows xp now press enter
-to repaire a windows xp instalation racovery console, press R
-and the 1 with quit setup............
so i press enter and where supost to be the disk space C,D it was uncknown disk and after i got error with the usual blue screen saing
"A PROBLEM HAS BEEN DETECTED AND WINDOWS HAS BEEN SHUT DOWN TO PREVENT DAMAGE TO YOUR COMPUTER.THE PROBLEM SEEMS TO BE CAUSED BY THE FOLLOWING FILE>SETUP.SYS PAGE_FAULT_IN_NONPAGED_AREA .and to disable Bios memory option such as caching or shadowing
Setupdd.sys-Address F7644FCBbase at F761A000,datestamp 3d6dd67f".
And to the second WINDOWS CD i got"WINDOWS COULDNOT START BECAUSE THE FOLLOWING FILE IS MISSING OR CORRUPTED <WINDOWS ROOT>SYSTEM32\HALL.DLL
| bricat |
| (HijackThis Helper) |
| Sun Mar 09 2008 11:30 PM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
I'm afraid this is something i'm not comfortable helping you with as it is getting past what i know about, i think you need to have a technician look at it.
there is obviously something seriously wrong with your system.
sorry i can't be of more help.
| beatrice |
| (new user) |
| Tue Mar 11 2008 12:17 PM |
|
Re: my desktop icons and toolbar have disapeared....
|
Thank you for your help, you was verry nice and patient with me.Yes i will go with my computer to a technician, thank you again Brian.
BYE
| beatrice |
| (new user) |
| Sun Mar 23 2008 01:17 PM |
Re: my desktop icons and toolbar have disapeared....
|
Hello again, i fixed my computer to a technician, now everything are great on.They installed new windows, i couldn't do that because it is SATA and he said, for this is necessary a windows XP modified. The normal windows XP it isn't recognize with this(it is made after 2005 )... he said, anyway i hope i will don't have problems again or.... not so soon.Thank you again, bye.
| bricat |
| (HijackThis Helper) |
| Sun Mar 23 2008 06:05 PM |
|
|
|
Re: my desktop icons and toolbar have disapeared....
|
glad to hear everything is ok now.