Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: Icons and taskbar is missing (winXP)  (Read 10680 times)

0 Members and 1 Guest are viewing this topic.

weelord123

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Unknown
    Re: Icons and taskbar is missing (winXP)
    « Reply #15 on: December 30, 2010, 06:35:24 PM »
    ComboFix 10-12-30.01 - xxx 12/31/2010   9:12.1.2 - x86
    Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2039.1447 [GMT -8:00]
    Running from: c:\documents and settings\xxx\desktop\commy.exe
    Command switches used :: /stepdel
    AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .

    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\CFLog
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\All Users\Application Data\Toolbar4
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong
    c:\documents and settings\xxx\Application Data\Microsoft\Windows Firewall
    c:\documents and settings\xxx\Application Data\PriceGong
    c:\program files\Level Up Games\Crazy Kart\data\config\AnimLayer\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\config\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\gamblinghelp\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\login\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\spark\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\2dAnim\treasure\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\557_500_2\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\abkeypad\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\ezpodbanner1\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\anm\helper\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\FRIENDLIST\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\LISTCTRL\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\LoadingTips\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\IMAGE\ONLINEPLAYERS\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\mov\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\GUI\update\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\Model\animation\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\Model\car\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\Model\car\MODEL\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\Model\Character\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\Model\Character\model\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\Model\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\Model\ItemEffect\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\Model\ItemEffect\Speaker\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\Model\ItemEffect\textures\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\Model\textures\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\sound\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_0\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_1\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_2\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_3\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_4\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\1_5\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_0\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_1\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_2\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_3\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_4\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\2_5\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_0\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_1\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_2\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_3\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\3_4\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\4_0\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\4_1\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\4_2\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\5_1\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_0\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_1\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_3\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_4\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_5\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_6\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_7\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_8\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\6_9\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\7_0\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\advertisement\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\Common\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\Common\textures\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style1\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style2\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style3\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style4\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style5\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\data\StageExt\Textures\Style6\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\SD_Log\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\sound\Desktop_.ini
    c:\program files\Level Up Games\Crazy Kart\sys\Desktop_.ini
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Test Account.XP-54E10D31A13C\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\xxx\Application Data\PriceGong\Data\z.xml
    C:\HCTE6.tmp
    C:\HCTE7.tmp
    C:\HCTE8.tmp
    C:\HCTE9.tmp
    C:\HCTEA.tmp
    C:\HCTEB.tmp
    C:\HCTEC.tmp
    C:\HCTED.tmp
    C:\Install.exe
    c:\windows\system32\arp.exe
    c:\windows\system32\SCardSvr.exe
    c:\windows\system32\winlogon.bak
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job

    ----- BITS: Possible infected sites -----

    hxxp://globebroadbandclickfix.com.ph
    Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
    Restored copy from - c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\qoobox\Quarantine\C\WINDOWS\system32\winlogon.bak.vir

    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ILVMONEYDRIVER53
    -------\Service_IlvMoneyDRIVER53


    (((((((((((((((((((((((((   Files Created from 2010-11-28 to 2010-12-31  )))))))))))))))))))))))))))))))
    .

    2010-12-30 06:03 . 2010-12-30 06:03   --------   d-----w-   c:\documents and settings\xxx\Local Settings\Application Data\Conduit
    2010-12-30 05:38 . 2010-12-30 05:38   --------   d-----w-   C:\Level Up Games
    2010-12-28 23:12 . 2010-12-28 23:12   --------   d-----w-   c:\documents and settings\xxx\Maps
    2010-12-27 18:31 . 2010-12-27 18:31   388096   ----a-r-   c:\documents and settings\xxx\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-27 18:31 . 2010-12-27 18:31   --------   d-----w-   c:\program files\Trend Micro
    2010-12-27 05:13 . 2010-12-27 05:13   --------   d-----w-   c:\documents and settings\xxx\Application Data\SUPERAntiSpyware.com
    2010-12-27 05:13 . 2010-12-27 05:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-12-27 05:12 . 2010-12-27 05:13   --------   d-----w-   c:\program files\SUPERAntiSpyware
    2010-12-26 18:55 . 2010-12-26 18:55   --------   d-----w-   c:\program files\CCleaner
    2010-12-24 07:52 . 2010-12-24 07:53   --------   d-----w-   c:\documents and settings\xxx\.64pixels
    2010-12-23 21:39 . 2010-12-30 06:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-12-23 21:39 . 2010-12-23 21:39   --------   d-----w-   c:\program files\Common Files\DirectX
    2010-12-23 21:38 . 2010-12-23 21:38   --------   d-----w-   c:\program files\SmileyCentral_1vEI
    2010-12-18 02:43 . 2010-12-18 02:43   --------   d-----w-   c:\program files\SmileyCentralIE_1w
    2010-12-18 02:33 . 2010-12-18 02:33   0   ----a-w-   c:\windows\system32\ConduitEngine.tmp
    2010-12-18 02:18 . 2010-12-23 21:38   --------   d-----w-   c:\documents and settings\Test Account
    2010-12-17 23:22 . 2010-12-23 21:38   --------   d-----w-   c:\program files\VirtualDJ
    2010-12-16 21:13 . 2010-12-18 02:15   --------   d-----w-   c:\documents and settings\Administrator
    2010-12-09 15:07 . 2010-12-09 15:07   --------   d-----w-   c:\windows\system32\wbem\Repository
    2010-12-09 04:50 . 2010-12-09 04:50   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
    2010-12-09 01:58 . 2010-12-09 01:58   --------   d-----w-   c:\program files\X-Play
    2010-12-08 21:02 . 2010-12-09 15:06   --------   d-----w-   c:\program files\uTorrent Turbo Booster

    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-13 02:53 . 2010-04-18 00:07   472808   ----a-w-   c:\windows\system32\deployJava1.dll
    2010-11-13 00:34 . 2010-04-18 00:07   73728   ----a-w-   c:\windows\system32\javacpl.cpl
    .

    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
    2010-10-18 10:26   3908192   ----a-w-   c:\program files\Softonic-Eng7\tbSof0.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2008-07-10 16:23   97064   ----a-w-   c:\program files\Nero\Nero8\InCD\NBHShx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-11-05 6174008]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-07-10 2049320]
    "RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-07-10 1083176]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "globe"="c:\program files\Globe Telecom\Click Fix\bin\sprtcmd.exe" [2009-06-11 204440]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Level Up Games\\Grand Chase\\main.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Level Up Games\\FreeStyle\\FreeStyle.exe"=
    "c:\\Program Files\\Level Up Games\\Rohan Online CBT\\Client\\rohanclient.exe"=
    "c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\FarmHelper\\FVBot.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\Gang Garrison 2\\Gang Garrison 2.exe"=
    "c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"=
    "c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\VinServer34\\VinServer34.exe"=
    "c:\\Documents and Settings\\xxx\\My Documents\\Downloaded by flashget\\GGC Beta 2\\GGC.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\MM8BDM-SGC8\\rcon_utility.exe"=
    "c:\\Documents and Settings\\xxx\\My Documents\\Downloads\\MM8BDM-SGC8\\skulltag.exe"=
    "c:\\Program Files\\GameClub\\Philippines\\SpecialForce\\specialforce.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58426:TCP"= 58426:TCP:Pando Media Booster
    "58426:UDP"= 58426:UDP:Pando Media Booster
    "57230:TCP"= 57230:TCP:Pando Media Booster
    "57230:UDP"= 57230:UDP:Pando Media Booster
    "56684:TCP"= 56684:TCP:Pando Media Booster
    "56684:UDP"= 56684:UDP:Pando Media Booster
    "1035:TCP"= 1035:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 4:00 AM 14336]
    R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032]
    R2 sprtsvc_globe;SupportSoft Sprocket Service (globe);c:\program files\Globe Telecom\Click Fix\bin\sprtsvc.exe [7/17/2009 1:13 PM 206120]
    R2 tgsrvc_globe;SupportSoft Repair Service (globe);c:\program files\Globe Telecom\Click Fix\bin\tgsrvc.exe [8/6/2009 3:16 PM 151192]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2010 11:02 AM 136176]
    S3 7ByteIo;7ByteIo;\??\c:\program files\Hot CPU Tester Pro 4 LE\SysInfo.sys --> c:\program files\Hot CPU Tester Pro 4 LE\SysInfo.sys [?]
    S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\level up games\grand chase\GameGuard\dump_wmimmc.sys --> c:\program files\level up games\grand chase\GameGuard\dump_wmimmc.sys [?]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp --> c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
    S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
    S3 XDva312;XDva312;\??\c:\windows\system32\XDva312.sys --> c:\windows\system32\XDva312.sys [?]
    S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?]
    S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?]
    S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]
    S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
    S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]
    S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai   REG_MULTI_SZ      Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-XP-54E10D31A13C-xxx.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-16 10:44]

    2010-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 19:01]

    2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 19:01]

    2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1003Core.job
    - c:\documents and settings\xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:12]

    2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1003UA.job
    - c:\documents and settings\xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:12]

    2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1007Core.job
    - c:\documents and settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 01:07]

    2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1592454029-839522115-1007UA.job
    - c:\documents and settings\Test Account.XP-54E10D31A13C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-18 01:07]

    2010-12-31 c:\windows\Tasks\User_Feed_Synchronization-{382D449B-C195-41E6-9C0F-C2CCC0C7D31D}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.ph/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Download All By FlashGet3 - c:\documents and settings\xxx\Application Data\FlashGetBHO\GetAllUrl.htm
    IE: Download By FlashGet3 - c:\documents and settings\xxx\Application Data\FlashGetBHO\GetUrl.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: kuaiche.com\software
    FF - ProfilePath - c:\documents and settings\xxx\Application Data\Mozilla\Firefox\Profiles\mtid3796.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6b3303&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ph&lng=en-US&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: FiddlerHook: [email protected] - c:\program files\Fiddler2\FiddlerHook
    FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    FF - Ext: Orange Fox: {5b35cb30-16b4-11de-8c30-0800200c9a66} - %profile%\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: Battlefield Heroes Updater: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Firebug: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
    URLSearchHooks-{346de098-61f9-4b42-89da-6dfba7091bb6} - (no file)
    BHO-{5ed22e89-62fa-47ec-bd8d-374d849d436c} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-31 09:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ... 

    scanning hidden autostart entries ...

    scanning hidden files ... 

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
    "ImagePath"="\??\c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(788)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(3452)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Nero\Nero8\InCD\NBHShx.dll
    c:\program files\Nero\Nero8\InCD\NBHStr.dll
    c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Nero\Nero8\InCD\InCDsrv.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-31  09:28:26 - machine was rebooted
    ComboFix-quarantined-files.txt  2010-12-31 17:28

    Pre-Run: 71,741,403,136 bytes free
    Post-Run: 71,748,911,104 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 00FB71455A5BAD310D970830700C0DF4
    Logged

    SuperDave

    • Malware Removal Specialist


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Icons and taskbar is missing (winXP)
    « Reply #16 on: December 31, 2010, 05:34:42 PM »
    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs.
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.
    **************************************************
    P2P - I see you have P2P software installed on your machine (uTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
    **********************************************
    GameGuard Service doesn't have a very good reputation in the malware world. I would suggest that you uninstall it.

    Re-running ComboFix to remove infections:

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the quotebox below into it:
      Quote
      KillAll::

      File::
      c:\program files\Google\Update\GoogleUpdate.exe
      c:\docume~1\xxx\LOCALS~1\Temp\LNK2C.tmp
      c:\program files\level up games\grand chase\GameGuard\dump_wmimmc.sys
      c:\windows\system32\XDva285.sys
      c:\windows\system32\XDva312.sys
      c:\windows\system32\XDva361.sys
      c:\windows\system32\XDva367.sys
      c:\windows\system32\XDva368.sys
      c:\windows\system32\XDva370.sys
      c:\windows\system32\XDva372.sys
      c:\windows\system32\XDva377.sys

      DDS::
      Trusted Zone: kuaiche.com\software

      Driver::
      gupdate
      GarenaPEngine
      dump_wmimmc
      XDva285
      XDva312
      XDva361
      XDva367
      XDva368
      XDva370
      XDva372
      XDva377

    • Save this as CFScript.txt, in the same location as ComboFix.exe



    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
    ******************************************************

    Please download TDSSKiller from here and save it to your Desktop.
    • Doubleclick TDSSKiller.exe to run the tool
    • Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)

    • After the scan has finished, click the Close button
    • Click the Report button and copy/paste the contents of it into your next reply
    • Note:It will also create a log in the C:\ directory.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's
    Pages: 1 [2]  All   Go Up
    « previous next »