 Help. My Taskbar (explorer) Keeps Disappearing |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
 Jul 23 2008, 06:45 AM
Post
#1
|
|
|
Member  Group: Members Posts: 16 Joined: 27-May 08 Member No.: 211,744  |
my taskbar keeps disappearing. i opened task manager and run explorer to make it appear. but then it disappeared again..
i'm running windows vista home premium. i scanned my computer with ComboFix. please help asap. this is the log: ---------------- ComboFix 08-07-22.3 - Owner 2008-07-23 19:25:19.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1098 [GMT 8:00] Running from: C:\Users\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))) . 2008-07-22 13:54 . 2008-07-22 13:54 245,760 --a------ C:\Windows\System32\opnnnlkK.dll 2008-07-22 13:49 . 2008-07-22 13:49 <DIR> d-------- C:\Program Files\Photo To Color Sketch 2008-07-22 13:44 . 2008-07-22 13:44 <DIR> d-------- C:\Windows\Full Speed 2008-07-22 13:44 . 2008-07-22 13:47 <DIR> d-------- C:\Program Files\Full Speed 2008-07-17 20:55 . 2008-07-22 23:16 <DIR> d-------- C:\Program Files\Garena 2008-07-16 18:29 . 2008-07-16 18:29 <DIR> d-------- C:\Program Files\PBP Unpacker 2008-07-16 18:29 . 2005-05-24 21:24 169,534 --a------ C:\Windows\SFO.ICO 2008-07-14 22:42 . 2008-07-14 22:42 <DIR> d-------- C:\Program Files\Belarc 2008-07-14 15:40 . 2008-07-14 15:40 <DIR> d-------- C:\Windows\Java 2008-07-14 15:40 . 2008-07-14 15:40 <DIR> d-------- C:\Program Files\PC Wizard 2008 2008-07-14 15:40 . 2007-09-15 16:11 27,136 --a------ C:\Windows\System32\PCWizard.cpl 2008-07-14 15:11 . 2008-07-14 15:11 <DIR> d-------- C:\Program Files\HWiNFO32 2008-07-14 10:46 . 2008-07-14 10:46 <DIR> d-------- C:\Program Files\Xilisoft 2008-07-14 10:46 . 2008-07-14 10:46 <DIR> d-------- C:\Program Files\QuickTime 2008-07-12 22:55 . 2008-07-12 22:55 <DIR> d-------- C:\Program Files\DVD Decrypter 2008-07-12 22:54 . 2008-02-22 19:30 334,792 --a------ C:\Windows\System32\_AxShlEx.dll 2008-07-12 22:52 . 2008-07-12 22:52 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-07-11 10:46 . 2008-06-26 09:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll 2008-07-11 10:46 . 2008-06-26 09:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll 2008-07-11 10:46 . 2008-06-26 11:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll 2008-07-10 19:36 . 2008-07-10 22:12 <DIR> d-------- C:\Users\Owner\.SimpleCenter 2008-07-10 19:36 . 2008-07-10 19:36 <DIR> d-------- C:\Program Files\Common Files\MainConcept 2008-07-10 19:33 . 2008-07-10 19:33 <DIR> d-------- C:\Program Files\SimpleCenter 2008-07-10 19:33 . 2008-07-10 19:33 <DIR> d-------- C:\Program Files\Common Files\i4j_jres 2008-07-10 16:53 . 2008-07-10 16:53 <DIR> d-------- C:\Program Files\AC3Filter 2008-07-10 16:53 . 2008-07-09 16:05 421,888 --a------ C:\Windows\System32\ac3filter.acm 2008-07-10 16:48 . 2008-07-10 16:48 <DIR> d-------- C:\Program Files\Haali 2008-07-10 16:04 . 2008-07-10 16:04 <DIR> d-------- C:\Users\Owner\AppData\Roaming\AVSMedia 2008-07-10 16:04 . 2008-07-10 16:04 <DIR> d-------- C:\Users\All Users\AVS4YOU 2008-07-10 16:04 . 2008-07-10 16:04 <DIR> d-------- C:\ProgramData\AVS4YOU 2008-07-10 16:03 . 2008-07-10 16:03 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2008-07-10 16:02 . 2008-07-10 16:02 <DIR> d-------- C:\Program Files\AVSMedia 2008-07-10 13:03 . 2008-07-10 13:03 29,696 --a------ C:\mkccsybi.exe 2008-07-10 13:00 . 2008-07-10 13:00 <DIR> d-------- C:\Program Files\Witcobber 2008-07-10 13:00 . 2008-07-10 13:01 407,094 --a------ C:\setupupdate.exe 2008-07-10 09:30 . 2008-06-11 02:51 318,488 --a------ C:\Windows\System32\drivers\iaStor.sys 2008-07-10 03:04 . 2008-07-10 03:04 <DIR> d-------- C:\Windows\SQLTools9_KB948109_ENU 2008-07-10 03:01 . 2008-07-10 03:01 <DIR> d-------- C:\Windows\SQL9_KB948109_ENU 2008-07-08 22:26 . 2008-07-08 22:26 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-08 08:23 . 2008-07-23 19:16 55,117 --a------ C:\Users\All Users\nvModes.dat 2008-07-08 08:23 . 2008-07-23 19:16 55,117 --a------ C:\ProgramData\nvModes.dat 2008-07-08 08:12 . 2008-06-18 13:46 8,871,936 --a------ C:\Windows\System32\nvoglv32.dll 2008-07-07 22:53 . 2008-07-07 23:08 <DIR> d-------- C:\Program Files\AllToAVI 2008-07-07 21:43 . 2008-07-07 21:43 <DIR> d-------- C:\Program Files\OJOsoft 2008-07-07 21:41 . 2008-07-07 21:41 <DIR> d-------- C:\Program Files\XVideoConverter 2008-07-07 13:08 . 2008-07-10 16:08 <DIR> d-------- C:\Users\Owner\AppData\Roaming\DivXMuxGui 2008-07-06 18:39 . 2006-01-12 11:27 208,896 --a------ C:\bmptoxsub.exe 2008-07-06 18:38 . 2006-03-06 16:28 901,120 --a------ C:\DivXMux.exe 2008-07-06 18:31 . 2008-07-06 18:31 <DIR> d-------- C:\Program Files\DivX 2008-07-06 18:29 . 2008-07-06 18:29 <DIR> d-------- C:\Windows\System32\URTTEMP 2008-07-06 17:04 . 2007-11-29 12:52 60,273 --a------ C:\Windows\System32\pthreadGC2.dll 2008-07-06 17:04 . 2007-12-24 13:47 7,680 --a------ C:\Windows\System32\ff_vfw.dll 2008-07-06 17:04 . 2007-12-03 16:34 6,144 --a------ C:\Windows\System32\ff_acm.acm 2008-07-06 17:04 . 2007-11-29 12:52 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest 2008-07-06 16:56 . 2008-07-06 17:04 <DIR> d-------- C:\Program Files\TVersity Codec Pack 2008-07-06 16:54 . 2008-07-06 16:54 <DIR> d-------- C:\Program Files\TVersity 2008-07-06 16:35 . 2008-07-06 16:38 <DIR> d-------- C:\Program Files\Sub2Divx 2008-06-28 22:09 . 2008-06-28 22:09 0 --a------ C:\Windows\muma2004.INI 2008-06-26 22:10 . 2008-07-14 14:34 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-06-23 23:17 . 2008-06-23 23:17 <DIR> d-------- C:\Program Files\Common Files\INCA Shared 2008-06-23 23:02 . 2003-07-19 23:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd 2008-06-23 23:02 . 2005-01-03 14:43 4,682 --a------ C:\Windows\System32\npptNT2.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-23 11:27 239,533,088 --sha-w C:\Windows\system32\drivers\fidbox.dat 2008-07-23 11:14 3,207,512 --sha-w C:\Windows\system32\drivers\fidbox.idx 2008-07-23 11:13 --------- d-----w C:\Users\Owner\AppData\Roaming\uTorrent 2008-07-23 09:27 --------- d-----w C:\ProgramData\Kaspersky Lab 2008-07-22 16:44 --------- d-----w C:\Program Files\Warcraft III 2008-07-17 12:55 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-12 14:36 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-07-09 19:11 --------- d-----w C:\Program Files\Windows Mail 2008-07-09 19:04 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-07-08 16:15 --------- d-----w C:\Program Files\eMedia Intermediate Guitar Method 2008-07-08 00:24 --------- d-----w C:\ProgramData\NVIDIA 2008-07-07 13:44 --------- d---a-w C:\ProgramData\TEMP 2008-07-06 06:13 55,117 ----a-w C:\Users\Owner\AppData\Roaming\nvModes.dat 2008-06-23 08:21 --------- d-----w C:\Program Files\Launch Manager 2008-06-22 09:36 --------- d-----w C:\Users\Owner\AppData\Roaming\SecondLife 2008-06-22 09:08 --------- d-----w C:\Program Files\SecondLife 2008-06-22 08:03 --------- d-----w C:\Users\Owner\AppData\Roaming\Xfire 2008-06-22 08:03 --------- d-----w C:\ProgramData\Xfire 2008-06-22 08:03 --------- d-----w C:\Program Files\Xfire 2008-06-22 07:57 --------- d-----w C:\Program Files\AeriaGames 2008-06-22 02:39 --------- d-----w C:\Program Files\GameHouse Games Collection 2008-06-22 00:03 6,783 ----a-w C:\Program Files\install.log 2008-06-22 00:03 --------- d-----w C:\ProgramData\Gamespot 2008-06-22 00:03 --------- d-----w C:\Program Files\GameSpot 2008-06-20 14:36 80,936 ----a-w C:\Windows\system32\drivers\btwavdt.sys 2008-06-20 14:36 80,424 ----a-w C:\Windows\system32\drivers\btwaudio.sys 2008-06-20 14:36 233,472 ----a-w C:\Windows\System32\BtwRSupport.dll 2008-06-20 14:36 16,168 ----a-w C:\Windows\system32\drivers\btwrchid.sys 2008-06-16 08:34 446,464 ----a-w C:\Windows\System32\nvuninst.exe 2008-06-16 03:09 1,034,776 ----a-w C:\Windows\System32\imsmudlg.exe 2008-06-11 13:30 --------- d-----w C:\Program Files\Portable Brain Challenge 1.2.5.0 2008-06-11 13:30 --------- d-----w C:\Program Files\Kaspersky Lab 2008-06-11 10:16 96,966 ----a-w C:\Windows\system32\drivers\klin.dat 2008-06-11 10:16 88,774 ----a-w C:\Windows\system32\drivers\klick.dat 2008-06-11 10:16 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys 2008-06-11 10:06 157,184 ----a-w C:\Windows\System32\kcxtdmjb.dll 2008-06-11 04:57 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files 2008-06-08 13:37 19,943,936 ----a-w C:\Windows\System32\imageres.dll 2008-06-08 13:26 --------- d-----w C:\ProgramData\Stardock 2008-06-08 13:26 --------- d-----w C:\Program Files\Stardock 2008-05-31 10:35 342,092,401 ----a-w C:\Windows\DUMP5050.tmp 2008-05-28 10:26 --------- d-----w C:\Users\Owner\AppData\Roaming\OnReally 2008-05-28 10:26 --------- d-----w C:\Program Files\OnReally 2008-05-25 11:54 --------- d-----w C:\Program Files\The Amazing Brain Train 2008-05-25 09:41 --------- d-----w C:\ProgramData\WindowsSearch 2008-05-23 02:04 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll 2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll 2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll 2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll 2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll 2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe 2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe 2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe 2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 10:00 719,872 ----a-w C:\Windows\System32\devil.dll 2008-04-25 10:00 349,184 ----a-w C:\Windows\System32\avisynth.dll 2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-04-24 02:46 2,829 ----a-w C:\Windows\War3Unin.pif 2008-04-24 02:46 139,264 ----a-w C:\Windows\War3Unin.exe 2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll 2008-03-26 15:03 174 --sha-w C:\Program Files\desktop.ini 2008-02-22 23:21 22,328 ----a-w C:\Users\Owner\AppData\Roaming\PnkBstrK.sys 2008-02-22 15:08 0 ----a-w C:\Users\Owner\SCHDLR.DAT 2007-09-11 07:26 61,647,736 ----a-w C:\Users\Public\directx_aug2007_redist.exe 2007-08-06 05:31 6,211,190 ----a-w C:\Users\Public\Combined-Community-Codec-Pack-2007-07-22.exe 2006-10-23 20:13 23,510,720 ----a-w C:\Users\Public\dotnetfx.exe 2004-12-04 17:47 1,164,112 ----a-w C:\Users\Public\wrar341.exe 2008-04-17 04:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-04-17 04:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-04-17 04:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-07-23_17.21.05.04 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-23 09:12:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-07-23 11:15:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-07-23 09:13:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-07-23 11:15:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat - 2008-07-23 09:15:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-07-23 11:27:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-07-23 11:27:11 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-07-23 09:12:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-07-23 11:15:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-07-23 09:12:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-07-23 11:15:41 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-07-23 09:12:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-07-23 11:15:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-07-23 09:00:46 123,862 ----a-w C:\Windows\System32\perfc009.dat + 2008-07-23 11:22:13 123,862 ----a-w C:\Windows\System32\perfc009.dat - 2008-07-23 09:00:46 654,064 ----a-w C:\Windows\System32\perfh009.dat + 2008-07-23 11:22:13 654,064 ----a-w C:\Windows\System32\perfh009.dat - 2008-07-23 09:14:37 14,190 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-682308223-3612340363-349816915-1000_UserData.bin + 2008-07-23 11:17:31 14,364 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-682308223-3612340363-349816915-1000_UserData.bin - 2008-07-23 09:14:37 92,438 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-07-23 11:17:31 92,562 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9669B04A-756E-4B65-9000-31223B579D2C}] 2008-07-22 13:54 245760 --a------ C:\Windows\system32\opnnnlkK.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 15:33 125952] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-07-12 22:54 4608] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 15:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 13:09 865840] "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-26 05:47 45056] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 02:51 178712] "SetSpeaker"="C:\Windows\SetSpkDefault.exe" [2007-11-27 18:23 86016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-12 05:54 1286144] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-06-18 13:46 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-06-18 13:46 92704] "sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2008-07-10 19:33 94208] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 18:39 4702208 C:\Windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "VIDC.XFR1"= xfcodec.dll "msacm.avis"= ff_acm.acm "msacm.ac3filter"= ac3filter.acm [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe] path=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe backup=C:\Windows\pss\PowerReg SchedulerV2.exe.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher] --a------ 2007-02-03 02:05 1261568 C:\Program Files\Acer Assist\launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration] --a------ 2007-02-03 03:24 3383296 C:\Program Files\Acer Registration\ACE1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] --a------ 2007-08-02 09:30 151552 C:\Acer\AcerTour\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-09-18 22:16 171464 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] --a------ 2007-04-26 07:33 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-01-09 23:46 52256 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2007-07-31 09:36 707080 C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp] --a------ 2007-03-14 15:42 321088 C:\Program Files\Pure Networks\Network Magic\nmapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2006-11-08 13:27 222208 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] --------- 2007-05-25 05:38 206952 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-01-09 23:46 68640 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{B6C4D3B6-D866-4F8A-BD95-3F68EA80CD56}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{8451B11E-A98D-4AA1-93C4-2A77CA5275F7}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{4327829C-53E2-4708-B1F6-50A583BF5E6F}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{CB57721A-FAFE-4224-8FE6-1202ADE9551F}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{63FAD5EE-40F9-4F37-8364-B638686E2FB0}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{33AC3061-41F2-43BB-A95E-7B4FD5638DF6}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{774D634A-FC17-4EF3-BEFD-07FBA9A4626F}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{54AC1D94-320B-4738-8979-0D86836D9214}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "TCP Query User{C29BE396-8F41-4393-A034-9F438083F123}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "UDP Query User{49BF3277-D332-4AE7-8D5A-A67829342B86}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "{65C41BB9-F8A3-40A0-A9BE-817EB9E41B11}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{2C70CD87-0A90-4581-AC69-E316F12CB6F3}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{1B105881-ADA9-46C9-A5BA-831F0AEBB26D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{02148CE1-2929-442C-8980-FCB72504DEC5}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{32A14FF2-933E-40DB-A50A-9436CC0B7962}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™ "{13D71ABE-34DF-4FDB-AC2B-342A167C8E53}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™ "TCP Query User{8667703F-CBD1-48C1-B588-8C320C2BDBB7}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "UDP Query User{39E914C1-7FCB-4C1B-8BB8-5C6D5F9C42C4}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "TCP Query User{703C9E2A-4884-46C2-A82F-6F7DC6DE3D19}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{98B2BC5F-712B-424B-876B-396A828EB853}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{EE0DA6F4-8FAF-4AEE-B505-5C1EA61EE757}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{FB8F0DC3-DCA1-404B-9A4B-8B31E9CCFB21}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{ACA20643-8DA7-49F6-A4F1-871A8FB16A1F}C:\\program files\\doom 3\\doom3ded.exe"= UDP:C:\program files\doom 3\doom3ded.exe:DOOM 3 "UDP Query User{3BD4F661-7D4E-4FF3-84CE-2A1F69DEA37C}C:\\program files\\doom 3\\doom3ded.exe"= TCP:C:\program files\doom 3\doom3ded.exe:DOOM 3 "TCP Query User{BAB46CF5-751F-4849-8094-4EB317D16064}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= UDP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program "UDP Query User{516FB40D-B11C-46A1-91E6-884BC4806375}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= TCP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program "{51906B22-0BEE-43DE-A539-EB3081A4D807}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F69C8203-92BA-49D9-8BC1-3A64A2B2AAD5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{B7143FCC-0C93-4914-8C3D-E7FF2C51A164}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{DB9416FC-2588-44D9-A3E6-1726B0D7208D}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{B6B88143-CD15-4C97-B056-66EFAB2EF767}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{41629C54-0578-4C50-AEC0-E9F6DD33C74F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{A9856CAA-C516-4AA2-9099-481AAA287038}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{8ED54CC1-3F0B-4B56-AAD2-1E5ED9437A58}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{F86CA28D-43C7-4213-A17D-60A674320CD8}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{4010C0F8-4EEF-4409-8C41-ADA796A738AD}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{8F66D760-D971-422F-B674-049AD21A5B6E}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne "{908F764F-0C7E-47DB-B5CE-89BA8F1F3A50}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne "TCP Query User{A9CF2C5E-DA65-4731-9F13-32E325541472}C:\\program files\\valve\\condition zero\\hl.exe"= UDP:C:\program files\valve\condition zero\hl.exe:Half-Life Launcher "UDP Query User{03E983E0-6050-4C3C-93F1-607F1411BB68}C:\\program files\\valve\\condition zero\\hl.exe"= TCP:C:\program files\valve\condition zero\hl.exe:Half-Life Launcher "TCP Query User{E3AC06D4-BA89-48E7-B655-DC13FD01556B}C:\\valve\\condition zero\\hl.exe"= UDP:C:\valve\condition zero\hl.exe:Half-Life Launcher "UDP Query User{C3B98723-11BF-4562-9213-6DD20D23231E}C:\\valve\\condition zero\\hl.exe"= TCP:C:\valve\condition zero\hl.exe:Half-Life Launcher "{E45B55EF-162D-4587-A885-F32DD51D911C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{28A250F8-0A98-4172-BA31-6CC6A9E3A6E1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{2CA34C90-DD5B-4EA1-9940-0F88BD0C81B0}"= TCP:67:DHCP Discovery Service "{EB8D2610-B5A3-4A5C-8519-648EB89CAE5D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{26C051ED-DEAE-471F-82DA-32137AE25F1F}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{5B321763-B180-4E91-8CBC-39AC63D6DCF9}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{7BBBB66B-9444-4A78-BD62-3516A1073685}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "{027C62EB-F615-4738-86E8-4942215E1DF3}"= TCP:67:DHCP Discovery Service "TCP Query User{79930AE0-D7DC-428F-863C-F212654D1F84}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{933A6C1A-3DED-42D5-AEC9-07965CEF46D5}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{D72E124F-0489-4936-B416-11017B143CC5}C:\\q3ademo\\quake3.exe"= UDP:C:\q3ademo\quake3.exe:quake3 "UDP Query User{13A1D4BC-1E8D-48B8-88D7-5B9EF762F422}C:\\q3ademo\\quake3.exe"= TCP:C:\q3ademo\quake3.exe:quake3 "TCP Query User{1ECD0BED-AB97-4A8A-A0DA-5911DDD0C7F2}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3 "UDP Query User{89EC90D4-65F2-498B-AA4C-AE352D083A11}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3 "TCP Query User{59AD8AC6-C176-4384-8312-2FCA2CEFE8E1}C:\\program files\\kav\\kav7.0\\english\\setup.exe"= UDP:C:\program files\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup "UDP Query User{3B32FED3-8070-43CD-B42E-21B33D221DA7}C:\\program files\\kav\\kav7.0\\english\\setup.exe"= TCP:C:\program files\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup "{01F2847F-FA97-4470-8348-B9F4759BB1A5}"= UDP:C:\Program Files\AeriaGames\Shaiya\Updater.exe:Shaiya "{24BABF81-83F0-43A8-A2FC-9839A2741CC6}"= TCP:C:\Program Files\AeriaGames\Shaiya\Updater.exe:Shaiya "{8F1BC92F-EB04-4D00-8943-9D8036239257}"= UDP:C:\Program Files\TVersity\Media Server\MediaServer.exe:TVersity Media Server "{274C58DC-792C-48A4-B128-E2D02934222B}"= TCP:C:\Program Files\TVersity\Media Server\MediaServer.exe:TVersity Media Server "TCP Query User{3196DB32-4752-4830-8342-D65AE81F4207}C:\\program files\\simplecenter\\simplecenter.exe"= UDP:C:\program files\simplecenter\simplecenter.exe:SimpleCenter Media Manager and Server "UDP Query User{6DF7F041-EE82-4A32-9F61-61E45D544672}C:\\program files\\simplecenter\\simplecenter.exe"= TCP:C:\program files\simplecenter\simplecenter.exe:SimpleCenter Media Manager and Server "{5CD9A52A-7D5C-4ECF-9982-F583A269200D}"= UDP:1900:SimpleCenter1900 "{826AB838-F9E2-4F08-A894-CE27CFB154CD}"= UDP:49156:SimpleCenter49156 "{2B4C443C-B3A4-4707-AB7F-1F519472F0A0}"= UDP:49157:SimpleCenter49157 "TCP Query User{B82E6229-4DE8-432E-BD05-C2609DBEF7A6}C:\\program files\\garena\\garena.exe"= UDP:C:\program files\garena\garena.exe:Garena "UDP Query User{3669C362-CFF2-44FB-A406-42FCD17E1ACD}C:\\program files\\garena\\garena.exe"= TCP:C:\program files\garena\garena.exe:Garena R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-03 08:51] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51] R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-27 05:24] R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files\HWiNFO32\HWiNFO32.SYS [2008-06-03 15:36] R2 ithsgt;ithsgt;C:\Windows\system32\DRIVERS\ithsgt.sys [2008-03-18 22:12] R2 lilsgt;lilsgt;C:\Windows\system32\DRIVERS\lilsgt.sys [2008-03-18 22:12] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\Windows\system32\drivers\libusb0.sys [2005-03-09 20:50] R3 Tetris;Tetris driver;C:\Windows\system32\Drivers\Tetris.sys [2008-03-20 19:35] R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 15:09] S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 19:53] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 15:03] S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2008-06-20 22:36] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2008-06-20 22:36] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2008-06-20 22:36] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\Windows\system32\NSNDIS5.SYS [2004-03-24 10:12] S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 18:39] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ed470c2-f650-11dc-a7f2-d6d303039dab}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . Contents of the 'Scheduled Tasks' folder "2008-07-23 00:30:05 C:\Windows\Tasks\User_Feed_Synchronization-{CC37677D-DB97-4C60-A857-052C8F5211D0}.job" - C:\Windows\system32\msfeedssync.exe . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 R0 -: HKLM-Main,Start Page = hxxp://en.us.acer.yahoo.com R1 -: HKCU-Internet Settings,ProxyServer = msp01:8080 R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 -: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 -: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O17 -: HKLM\CCS\Interface\{322E9C82-0288-4BCC-BC91-D8636096D3C9}: NameServer = 202.160.9.9,202.160.8.2 O17 -: HKLM\CCS\Interface\{34D86CA1-5EEA-41B4-8783-C12141923980}: NameServer = 202.160.8.2,202.160.8.20 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-23 19:27:30 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-07-23 19:30:00 ComboFix-quarantined-files.txt 2008-07-23 11:28:53 ComboFix2.txt 2008-07-23 11:24:06 ComboFix3.txt 2008-07-23 09:22:46 ComboFix4.txt 2008-05-27 10:09:04 Pre-Run: 39,071,993,856 bytes free Post-Run: 39,020,613,632 bytes free 367 --- E O F --- 2008-07-11 17:39:25 |
 |
 
|
Posts in this topic
annon Help. My Taskbar (explorer) Keeps Disappearing Jul 23 2008, 06:45 AM
annon my pc is fine now.. i used Malwarebytes' Anti-... Jul 24 2008, 01:36 AM Carolyn Hello and Welcome to the forums!
My name ... Aug 7 2008, 04:16 PM
Carolyn Due to the lack of feedback, this Topic is closed.... Aug 15 2008, 12:05 PM  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 08:34 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.