Author Topic: Icons and taskbar is missing (winXP) (Read 11184 times)

weelord123 · « **on:** December 27, 2010, 09:36:05 AM »

Okay. Everytime I turn my pc on, icons and taskbar is always missing, the beckground is still there though. I run task manager and look at the processes and explorer.exe is there. In order to be able to use the pc, I created another user, ran task manager, end the explorer.exe, restart, log in with the same user, log off, and log in to my original user. As you can see, it is a very hectic process, that is why I need this problem to be solved. Also, after several hours of using my pc, I receive a "generic host process for win32 services has encountered a problem and needs to close" error which causes my Volume adjust to say that it doesn't detect any audio device management software or sumtin like that.

harry 48 · « **Reply #1 on:** December 28, 2010, 08:35:24 AM »

go to below and complete and post 3 logs an expert will help you

http://www.computerhope.com/forum/index.php/topic,46313.0.html

weelord123 · « **Reply #2 on:** December 28, 2010, 04:27:24 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/27/2010 at 00:46 AM

Application Version : 4.47.1000

Core Rules Database Version : 6069
Trace Rules Database Version: 3881

Scan type : Complete Scan
Total Scan Time : 01:34:05

Memory items scanned : 554
Memory threats detected : 0
Registry items scanned : 8282
Registry threats detected : 1
File items scanned : 109081
File threats detected : 130

Adware.Tracking Cookie
   C:\Documents and Settings\xxx\Cookies\xxx@adinterax[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][3].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@advertise[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@invitemedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@invitemedia[3].txt
   C:\Documents and Settings\LocalService\Cookies\system@overture[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@specificclick[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][6].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@burstnet[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@clicksor[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
   C:\Documents and Settings\Test Account.XP-54E10D31A13C\Cookies\test_account@adinterax[1].txt
   C:\Documents and Settings\Test Account.XP-54E10D31A13C\Cookies\test_account@atdmt[1].txt
   C:\Documents and Settings\Test Account.XP-54E10D31A13C\Cookies\[email protected][1].txt
   C:\Documents and Settings\Test Account.XP-54E10D31A13C\Cookies\test_account@overture[2].txt
   C:\Documents and Settings\Test Account.XP-54E10D31A13C\Cookies\test_account@serving-sys[1].txt
   .doubleclick.net [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .mediadakine.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   d.mediadakine.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   d.mediadakine.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   d.mediadakine.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .msnbc.112.2o7.net [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .questionmarket.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ads.zeusclicks.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .advertise.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.mediafire.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   www.mediafire.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Temp\Cookies\[email protected][2].txt
   C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Temp\Cookies\test_account@atdmt[1].txt
   C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Temp\Cookies\test_account@fastclick[1].txt
   C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Temp\Cookies\test_account@interclick[1].txt
   C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Temp\Cookies\[email protected][1].txt
   C:\Documents and Settings\Test Account.XP-54E10D31A13C\Local Settings\Temp\Cookies\test_account@smileycentral[2].txt
   .statcounter.com [ C:\Documents and Settings\xxx\Application Data\MozillaControl\profiles\MozillaControl\zsfl16pj.slt\cookies.txt ]
   bridge2.admarketplace.net [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .admarketplace.net [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .theclickcheck.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .theclickcheck.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .theclickcheck.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\xxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Adware.MyWebSearch/FunWebProducts
   HKU\S-1-5-21-823518204-1592454029-839522115-1003\SOFTWARE\FunWebProducts

Trojan.Agent/Gen
   C:\DOCUMENTS AND SETTINGS\XXX\APPLICATION DATA\INSTALL

Trojan.Agent/Gen-OnlineGames[Wilao]
   C:\DOCUMENTS AND SETTINGS\XXX\MY DOCUMENTS\DOWNLOADS\PIVOT.EXE

weelord123 · « **Reply #3 on:** December 28, 2010, 04:27:57 PM »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/27/2010 10:28:33 AM
mbam-log-2010-12-27 (10-28-33).txt

Scan type: Quick scan
Objects scanned: 145706
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

weelord123 · « **Reply #4 on:** December 28, 2010, 04:30:12 PM »

I do not know why, but everytime I try to post the HijackThis log, google chrome says "Webpage is unavailable" or something like that.

harry 48 · « **Reply #5 on:** December 28, 2010, 05:30:16 PM »

all you have to do is copy and paste the logs

go back to the link and read how to do it

weelord123 · « **Reply #6 on:** December 28, 2010, 05:47:58 PM »

Quote from: harry 48 on December 28, 2010, 05:30:16 PM

all you have to do is copy and paste the logs

go back to the link and read how to do it

That's what I do. I copy paste the HJT log but the website won't let me.

Allan · « **Reply #7 on:** December 29, 2010, 05:45:46 AM »

Try a different browser.

weelord123 · « **Reply #8 on:** December 29, 2010, 07:03:48 AM »

Tried firefox, GC and IE but still won't let me

Allan · « **Reply #9 on:** December 29, 2010, 07:10:16 AM »

Okay. Just wait for one of the malware specialists and let's see what happens.

SuperDave · « **Reply #10 on:** December 29, 2010, 01:24:36 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

If you can't copy and paste the logs, please attach them.

***************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

weelord123 · « **Reply #11 on:** December 29, 2010, 09:21:24 PM »

I have the problem with combofix. There's always an error that says you appear to have a corrupt download.

SuperDave · « **Reply #12 on:** December 30, 2010, 12:58:21 PM »

Quote

There's always an error that says you appear to have a corrupt download

What program is giving you that error? What browser are you using?

weelord123 · « **Reply #13 on:** December 30, 2010, 05:32:53 PM »

Quote from: SuperDave on December 30, 2010, 12:58:21 PM

What program is giving you that error? What browser are you using?

Combofix. Google Chrome.

weelord123 · « **Reply #14 on:** December 30, 2010, 06:34:31 PM »

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player 10.1.102.64
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

weelord123 · « **Reply #15 on:** December 30, 2010, 06:35:24 PM »

ComboFix 10-12-30.01 - xxx 12/31/2010 9:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1447 [GMT -8:00]
Running from: c:\documents and settings\xxx\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CFLog
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong
c:\documents and settings\xxx\Application Data\Microsoft\Windows Firewall
c:\documents and settings\xxx\Application Data\PriceGong
c:\program files\Level Up Games\Crazy Kart\data\config\AnimLayer\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\config\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\gamblinghelp\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\login\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\spark\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\treasure\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\557_500_2\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\abkeypad\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\ezpodbanner1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\helper\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\FRIENDLIST\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\LISTCTRL\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\LoadingTips\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\ONLINEPLAYERS\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\mov\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\GUI\update\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\animation\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\car\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\car\MODEL\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\Character\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\Character\model\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\ItemEffect\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\ItemEffect\Speaker\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\ItemEffect\textures\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\Model\textures\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\sound\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_0\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_2\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_3\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_4\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_5\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_0\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_2\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_3\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_4\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_5\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_0\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_2\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_3\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_4\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\4_0\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\4_1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\4_2\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\5_1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_0\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_3\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_4\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_5\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_6\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_7\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_8\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_9\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\7_0\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\advertisement\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Common\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Common\textures\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style1\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style2\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style3\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style4\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style5\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style6\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\SD_Log\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\sound\Desktop_.ini
c:\program files\Level Up Games\Crazy Kart\sys\Desktop_.ini
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\z.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\1.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\a.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\b.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\c.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\d.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\e.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\f.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\g.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\h.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\i.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\J.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\k.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\l.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\m.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\n.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\o.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\p.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\q.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\r.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\s.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\t.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\u.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\v.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\w.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\x.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\y.xml
c:\documents and settings\xxx\Application Data\PriceGong\Data\z.xml
C:\HCTE6.tmp
C:\HCTE7.tmp
C:\HCTE8.tmp
C:\HCTE9.tmp
C:\HCTEA.tmp
C:\HCTEB.tmp
C:\HCTEC.tmp
C:\HCTED.tmp
C:\Install.exe
c:\windows\system32\arp.exe
c:\windows\system32\SCardSvr.exe
c:\windows\system32\winlogon.bak
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

----- BITS: Possible infected sites -----

hxxp://globebroadbandclickfix.com.ph
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\qoobox\Quarantine\C\WINDOWS\system32\winlogon.bak.vir

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
.

2010-12-30 06:03 . 2010-12-30 06:03   --------   d-----w-   c:\documents and settings\xxx\Local Settings\Application Data\Conduit
2010-12-30 05:38 . 2010-12-30 05:38   --------   d-----w-   C:\Level Up Games
2010-12-28 23:12 . 2010-12-28 23:12   --------   d-----w-   c:\documents and settings\xxx\Maps
2010-12-27 18:31 . 2010-12-27 18:31   388096   ----a-r-   c:\documents and settings\xxx\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-27 18:31 . 2010-12-27 18:31   --------   d-----w-   c:\program files\Trend Micro
2010-12-27 05:13 . 2010-12-27 05:13   --------   d-----w-   c:\documents and settings\xxx\Application Data\SUPERAntiSpyware.com
2010-12-27 05:13 . 2010-12-27 05:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-27 05:12 . 2010-12-27 05:13   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-12-26 18:55 . 2010-12-26 18:55   --------   d-----w-   c:\program files\CCleaner
2010-12-24 07:52 . 2010-12-24 07:53   --------   d-----w-   c:\documents and settings\xxx\.64pixels
2010-12-23 21:39 . 2010-12-30 06:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-12-23 21:39 . 2010-12-23 21:39   --------   d-----w-   c:\program files\Common Files\DirectX
2010-12-23 21:38 . 2010-12-23 21:38   --------   d-----w-   c:\program files\SmileyCentral_1vEI
2010-12-18 02:43 . 2010-12-18 02:43   --------   d-----w-   c:\program files\SmileyCentralIE_1w
2010-12-18 02:33 . 2010-12-18 02:33   0   ----a-w-   c:\windows\system32\ConduitEngine.tmp
2010-12-18 02:18 . 2010-12-23 21:38   --------   d-----w-   c:\documents and settings\Test Account
2010-12-17 23:22 . 2010-12-23 21:38   --------   d-----w-   c:\program files\VirtualDJ
2010-12-16 21:13 . 2010-12-18 02:15   --------   d-----w-   c:\documents and settings\Administrator
2010-12-09 15:07 . 2010-12-09 15:07   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-12-09 04:50 . 2010-12-09 04:50   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
2010-12-09 01:58 . 2010-12-09 01:58   --------   d-----w-   c:\program files\X-Play
2010-12-08 21:02 . 2010-12-09 15:06   --------   d-----w-   c:\program files\uTorrent Turbo Booster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 02:53 . 2010-04-18 00:07   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-11-13 00:34 . 2010-04-18 00:07   73728   ----a-w-   c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-10-18 10:26   3908192   ----a-w-   c:\program files\Softonic-Eng7\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-07-10 16:23   97064   ----a-w-   c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-11-05 6174008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-07-10 2049320]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-07-10 1083176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"globe"="c:\program files\Globe Telecom\Click Fix\bin\sprtcmd.exe" [2009-06-11 204440]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Level Up Games\\Grand Chase\\main.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Level Up Games\\FreeStyle\\FreeStyle.exe"=
"c:\\Program Files\\Level Up Games\\Rohan Online CBT\\Client\\rohanclient.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\FarmHelper\\FVBot.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\Gang Garrison 2\\Gang Garrison 2.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"=
"c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\VinServer34\\VinServer34.exe"=
"c:\\Documents and Settings\\xxx\\My Documents\\Downloaded by flashget\\GGC Beta 2\\GGC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\MM8BDM-SGC8\\rcon_utility.exe"=
"c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\MM8BDM-SGC8\\skulltag.exe"=
"c:\\Program Files\\GameClub\\Philippines\\SpecialForce\\specialforce.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58426:TCP"= 58426:TCP:Pando Media Booster
"58426:UDP"= 58426:UDP:Pando Media Booster
"57230:TCP"= 57230:TCP:Pando Media Booster
"57230:UDP"= 57230:UDP:Pando Media Booster
"56684:TCP"= 56684:TCP:Pando Media Booster
"56684:UDP"= 56684:UDP:Pando Media Booster
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 4:00 AM 14336]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032]
R2 sprtsvc_globe;SupportSoft Sprocket Service (globe);c:\program files\Globe Telecom\Click Fix\bin\sprtsvc.exe [7/17/2009 1:13 PM 206120]
R2 tgsrvc_globe;SupportSoft Repair Service (globe);c:\program files\Globe Telecom\Click Fix\bin\tgsrvc.exe [8/6/2009 3:16 PM 151192]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2010 11:02 AM 136176]
S3 7ByteIo;7ByteIo;\??\c:\program files\Hot CPU Tester Pro 4 LE\SysInfo.sys --> c:\program files\Hot CPU Tester Pro 4 LE\SysInfo.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\level up games\grand chase\GameGuard\dump_wmimmc.sys --> c:\program files\level up games\grand chase\GameGuard\dump_wmimmc.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp --> c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
S3 XDva312;XDva312;\??\c:\windows\system32\XDva312.sys --> c:\windows\system32\XDva312.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?]
S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ     Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-XP-54E10D31A13C-xxx.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-16 10:44]

2010-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 19:01]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 19:01]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1003Core.job
- c:\documents and settings\xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:12]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1003UA.job
- c:\documents and settings\xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:12]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1007Core.job
- c:\documents and settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 01:07]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1007UA.job
- c:\documents and settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 01:07]

2010-12-31 c:\windows\Tasks\User_Feed_Synchronization-{382D449B-C195-41E6-9C0F-C2CCC0C7D31D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ph/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download All By FlashGet3 - c:\documents and settings\xxx\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\xxx\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\xxx\Application Data\Mozilla\Firefox\Profiles\mtid3796.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6b3303&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ph&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: FiddlerHook: [email protected] - c:\program files\Fiddler2\FiddlerHook
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Orange Fox: {5b35cb30-16b4-11de-8c30-0800200c9a66} - %profile%\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Battlefield Heroes Updater: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
URLSearchHooks-{346de098-61f9-4b42-89da-6dfba7091bb6} - (no file)
BHO-{5ed22e89-62fa-47ec-bd8d-374d849d436c} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-31 09:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3452)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nero\Nero8\InCD\NBHShx.dll
c:\program files\Nero\Nero8\InCD\NBHStr.dll
c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-12-31 09:28:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-31 17:28

Pre-Run: 71,741,403,136 bytes free
Post-Run: 71,748,911,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 00FB71455A5BAD310D970830700C0DF4

SuperDave · « **Reply #16 on:** December 31, 2010, 05:34:42 PM »

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
**************************************************
P2P - I see you have P2P software installed on your machine (uTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**********************************************
GameGuard Service doesn't have a very good reputation in the malware world. I would suggest that you uninstall it.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\program files\Google\Update\GoogleUpdate.exe
c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp
c:\program files\level up games\grand chase\GameGuard\dump_wmimmc.sys
c:\windows\system32\XDva285.sys
c:\windows\system32\XDva312.sys
c:\windows\system32\XDva361.sys
c:\windows\system32\XDva367.sys
c:\windows\system32\XDva368.sys
c:\windows\system32\XDva370.sys
c:\windows\system32\XDva372.sys
c:\windows\system32\XDva377.sys

DDS::
Trusted Zone: kuaiche.com\software

Driver::
gupdate
GarenaPEngine
dump_wmimmc
XDva285
XDva312
XDva361
XDva367
XDva368
XDva370
XDva372
XDva377
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

******************************************************

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

Computer Hope Forum

News:

Author Topic: Icons and taskbar is missing (winXP) (Read 11184 times)

weelord123

Icons and taskbar is missing (winXP)

harry 48

Re: Icons and taskbar is missing (winXP)

weelord123

Re: Icons and taskbar is missing (winXP)

weelord123

Re: Icons and taskbar is missing (winXP)

weelord123

Re: Icons and taskbar is missing (winXP)

harry 48

Re: Icons and taskbar is missing (winXP)

weelord123

Re: Icons and taskbar is missing (winXP)

Allan

Re: Icons and taskbar is missing (winXP)

weelord123

Re: Icons and taskbar is missing (winXP)

Allan

Re: Icons and taskbar is missing (winXP)

SuperDave

Re: Icons and taskbar is missing (winXP)

weelord123

Re: Icons and taskbar is missing (winXP)

SuperDave

Re: Icons and taskbar is missing (winXP)

weelord123

Re: Icons and taskbar is missing (winXP)

weelord123

Re: Icons and taskbar is missing (winXP)

weelord123

Re: Icons and taskbar is missing (winXP)

SuperDave

Re: Icons and taskbar is missing (winXP)