Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
kasim
new user


Reg'd: Sat
Posts: 1
Desktop and taskbar disappearing
      Sat Mar 29 2008 10:06 AM
Reply to this post Reply   Reply to this post Quote  

Hi guys

when i start up windowsn, my desktop and taskbar menu are disappearing. i hav ran combofix, these were the results. i dont know if there are any more problems but can you please let me know if the problem has been rectified or if there are any more hidden files that are dangerous.

ComboFix 08-03-27.3 - Kasim 2008-03-29 9:39:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1049 [GMT 0:00]
Running from: E:\Songs\Downloaded Tracks\ComboFix.exe
* Created a new restore point
.
TimedOut: Windir.dat

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 09:39 --------- d---a-w C:\ProgramData\TEMP
2008-03-29 09:16 --------- d-----w C:\ProgramData\Symantec
2008-03-29 09:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-29 09:14 --------- d-----w C:\Program Files\Symantec
2008-03-29 08:48 --------- d-----w C:\ProgramData\avg8
2008-03-29 08:47 --------- d-----w C:\Program Files\AVG
2008-03-28 21:31 610 ----a-w C:\Users\Kasim\AppData\Roaming\wklnhst.dat
2008-03-26 21:48 --------- d-----w C:\Users\Kasim\AppData\Roaming\LimeWire
2008-03-24 18:53 --------- d-----w C:\Users\Kasim\AppData\Roaming\Apple Computer
2008-03-23 11:09 --------- d-----w C:\Program Files\Safari
2008-03-22 16:44 --------- d-----w C:\Users\Kasim\AppData\Roaming\Template
2008-03-21 23:12 --------- d-----w C:\Users\Kasim\AppData\Roaming\PeerNetworking
2008-03-21 00:50 --------- d--h--w C:\Program Files\Zero G Registry
2008-03-21 00:48 --------- d-----w C:\Program Files\Sports Interactive
2008-03-21 00:39 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-21 00:38 --------- d-----w C:\Users\Kasim\AppData\Roaming\DAEMON Tools
2008-03-21 00:37 --------- d-----w C:\Users\Kasim\AppData\Roaming\Sports Interactive
2008-03-21 00:34 --------- d-----w C:\Program Files\UltraISO
2008-03-21 00:34 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-03-18 10:37 --------- d-----w C:\Users\Kasim\AppData\Roaming\AdobeUM
2008-03-12 20:39 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 16:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-12 09:16 --------- d-----w C:\Users\Kasim\AppData\Roaming\DivX
2008-03-11 00:34 --------- d-----w C:\Program Files\DivX
2008-03-11 00:33 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-10 20:37 --------- d-----w C:\Program Files\OneStepSearch
2008-03-10 20:34 --------- d-----w C:\Program Files\themexp
2008-03-08 19:35 --------- d-----w C:\Program Files\TOSHIBA
2008-03-08 16:45 --------- d-----w C:\Program Files\Yahoo!
2008-03-07 09:57 --------- d-----w C:\Users\Kasim\AppData\Roaming\vlc
2008-03-07 08:41 --------- d-----w C:\Program Files\LimeWire
2008-03-07 08:40 --------- d-----w C:\Program Files\VideoLAN
2008-03-07 08:39 --------- d-----w C:\Program Files\BitLord
2008-03-05 21:35 8,464 ----a-w C:\Windows\System32\sporder.dll
2008-03-05 19:43 --------- d-----w C:\ProgramData\Apple Computer
2008-03-05 19:43 --------- d-----w C:\Program Files\iTunes
2008-03-05 19:43 --------- d-----w C:\Program Files\iPod
2008-03-05 19:23 --------- d-----w C:\Program Files\Aimersoft
2008-03-05 19:09 --------- d-----w C:\Program Files\Windows Live
2008-03-05 19:06 --------- d-----w C:\ProgramData\WLInstaller
2008-03-05 19:03 --------- d-----w C:\Program Files\QuickTime
2008-03-05 19:03 --------- d-----w C:\Program Files\Bonjour
2008-03-05 19:02 --------- d-----w C:\Program Files\Apple Software Update
2008-03-05 19:01 --------- d-----w C:\ProgramData\Apple
2008-03-05 19:01 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-05 18:49 174 --sha-w C:\Program Files\desktop.ini
2008-03-05 18:43 --------- d-----w C:\Program Files\Windows Calendar
2008-03-05 18:42 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-05 17:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 16:59 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-05 16:58 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-05 16:58 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-05 16:52 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-05 16:52 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-05 16:52 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-05 16:52 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-05 16:51 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-05 16:51 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-05 16:51 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-05 16:51 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-05 16:51 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-05 16:51 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-03-05 16:51 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-05 16:51 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-05 16:49 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-05 16:49 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-05 16:49 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-05 16:49 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-05 16:49 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-05 16:48 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-05 16:47 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-05 16:47 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-05 16:45 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-03-05 16:45 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-05 16:45 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-05 16:45 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-05 16:45 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-05 16:45 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-05 16:45 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-05 16:44 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-05 16:44 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-05 16:44 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-05 16:44 --------- d-----w C:\ProgramData\IsolatedStorage
2008-03-05 16:44 --------- d-----w C:\Program Files\Toshiba TEMPO
2008-03-05 16:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-05 16:43 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-05 16:43 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-05 16:43 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-05 16:43 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-05 16:42 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-05 16:39 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-03-05 16:39 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-03-05 16:39 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-03-05 16:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-05 16:39 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-05 16:38 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-05 16:32 --------- d-----w C:\Users\Kasim\AppData\Roaming\DesktopSMS
2008-03-05 16:26 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-05 16:26 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-05 16:26 53,080 ----a-w C:\Windows\System32\wuauclt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [ ]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="TOSCDSPD.EXE" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-10 13:58 1006264]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 16:14 34352]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272]
"HWSetup"="\HWSetup.exe" [ ]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 10:39 4702208 C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 09:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 15:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 15:52 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 15:32 538744]
"NDSTray.exe"="NDSTray.exe" []
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 09:51 1507328]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 08:24 581632]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-20 02:58 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-20 02:58 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-20 02:58 129560]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 14:21 180224]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 14:00 571024]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 12:37 174872]
"Toshiba TEMPO"="C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe" [2007-10-29 16:22 103824]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C7E26FB3-618D-4683-817B-E814924CCBE6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4623A832-5A7A-4CF1-9B39-5C975B728009}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{264F6443-35E5-4867-9B30-31CA5FE99F5F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2DCADAB6-82C5-4339-B42D-66BFD447EBD4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F2A5DF7A-3B3D-4438-9B14-D6688B416B00}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{0EED2953-EEC6-403C-AD93-28B7643BFEF1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{74F10A71-5A87-4002-B816-052D2774ECAE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C34693CD-9C88-4A0C-8865-4F5DEEC7823A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{912F92F9-DD64-459B-89B8-D33A9BB59BA7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DB5A723C-1C83-41DE-9E38-783562CEE71D}"= UDP:C:\Windows\Temp\~os3949.tmp\ossproxy.exe:ossproxy.exe
"{42C42774-0911-4AE6-810B-88035FDCE547}"= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
"{D85921CB-9EE5-4BB2-90DD-A5D0FC420CF7}"= TCP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe
"{0F276573-BFA6-4A0B-971A-2CD76E61E0E9}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{CD8BE977-F0F2-4748-9734-83896B55F469}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{3FAA8163-505C-4CF5-81AA-F7899A87F668}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{3DB5344F-12E6-4A27-B75E-D1944CEF5709}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{F267E17A-DB6C-4F1E-8438-DE4F08BE1545}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 15:25]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-07-26 16:18]
R2 RelevantKnowledge;RelevantKnowledge;C:\Windows\system32\rlservice.exe [2007-10-11 20:44]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;"C:\Program Files\Toshiba TEMPO\TempoSVC.exe" [2007-10-29 16:21]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-09-19 11:01]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 07:23]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 07:30]
S4 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14:01]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 14:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 14:47]
S4 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 15:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 22:04:34 C:\Windows\Tasks\User_Feed_Synchronization-{9AAC8AC2-C8C0-479E-AB24-DF2CA84120D4}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 09:49:39
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2008-03-29 9:50:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 09:50:30
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
.
2008-03-28 20:00:40 --- E O F ---


thaks guyz

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* Desktop and taskbar disappearing kasim Sat Mar 29 2008 10:06 AM
. * * Re: Desktop and taskbar disappearing ourwilly   Sat Mar 29 2008 07:07 PM

Extra information
1 registered and 24 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved