BleepingComputer.com: Help. My Taskbar (explorer) Keeps Disappearing

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Help. My Taskbar (explorer) Keeps Disappearing

#1 User is offline   annon 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 17
  • Joined: 27-May 08

Posted 23 July 2008 - 06:45 AM

my taskbar keeps disappearing. i opened task manager and run explorer to make it appear. but then it disappeared again..

i'm running windows vista home premium.

i scanned my computer with ComboFix. please help asap.

this is the log:
----------------

ComboFix 08-07-22.3 - Owner 2008-07-23 19:25:19.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1098 [GMT 8:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-22 13:54 . 2008-07-22 13:54 245,760 --a------ C:\Windows\System32\opnnnlkK.dll
2008-07-22 13:49 . 2008-07-22 13:49 <DIR> d-------- C:\Program Files\Photo To Color Sketch
2008-07-22 13:44 . 2008-07-22 13:44 <DIR> d-------- C:\Windows\Full Speed
2008-07-22 13:44 . 2008-07-22 13:47 <DIR> d-------- C:\Program Files\Full Speed
2008-07-17 20:55 . 2008-07-22 23:16 <DIR> d-------- C:\Program Files\Garena
2008-07-16 18:29 . 2008-07-16 18:29 <DIR> d-------- C:\Program Files\PBP Unpacker
2008-07-16 18:29 . 2005-05-24 21:24 169,534 --a------ C:\Windows\SFO.ICO
2008-07-14 22:42 . 2008-07-14 22:42 <DIR> d-------- C:\Program Files\Belarc
2008-07-14 15:40 . 2008-07-14 15:40 <DIR> d-------- C:\Windows\Java
2008-07-14 15:40 . 2008-07-14 15:40 <DIR> d-------- C:\Program Files\PC Wizard 2008
2008-07-14 15:40 . 2007-09-15 16:11 27,136 --a------ C:\Windows\System32\PCWizard.cpl
2008-07-14 15:11 . 2008-07-14 15:11 <DIR> d-------- C:\Program Files\HWiNFO32
2008-07-14 10:46 . 2008-07-14 10:46 <DIR> d-------- C:\Program Files\Xilisoft
2008-07-14 10:46 . 2008-07-14 10:46 <DIR> d-------- C:\Program Files\QuickTime
2008-07-12 22:55 . 2008-07-12 22:55 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-07-12 22:54 . 2008-02-22 19:30 334,792 --a------ C:\Windows\System32\_AxShlEx.dll
2008-07-12 22:52 . 2008-07-12 22:52 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-07-11 10:46 . 2008-06-26 09:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 10:46 . 2008-06-26 09:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 10:46 . 2008-06-26 11:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-10 19:36 . 2008-07-10 22:12 <DIR> d-------- C:\Users\Owner\.SimpleCenter
2008-07-10 19:36 . 2008-07-10 19:36 <DIR> d-------- C:\Program Files\Common Files\MainConcept
2008-07-10 19:33 . 2008-07-10 19:33 <DIR> d-------- C:\Program Files\SimpleCenter
2008-07-10 19:33 . 2008-07-10 19:33 <DIR> d-------- C:\Program Files\Common Files\i4j_jres
2008-07-10 16:53 . 2008-07-10 16:53 <DIR> d-------- C:\Program Files\AC3Filter
2008-07-10 16:53 . 2008-07-09 16:05 421,888 --a------ C:\Windows\System32\ac3filter.acm
2008-07-10 16:48 . 2008-07-10 16:48 <DIR> d-------- C:\Program Files\Haali
2008-07-10 16:04 . 2008-07-10 16:04 <DIR> d-------- C:\Users\Owner\AppData\Roaming\AVSMedia
2008-07-10 16:04 . 2008-07-10 16:04 <DIR> d-------- C:\Users\All Users\AVS4YOU
2008-07-10 16:04 . 2008-07-10 16:04 <DIR> d-------- C:\ProgramData\AVS4YOU
2008-07-10 16:03 . 2008-07-10 16:03 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-07-10 16:02 . 2008-07-10 16:02 <DIR> d-------- C:\Program Files\AVSMedia
2008-07-10 13:03 . 2008-07-10 13:03 29,696 --a------ C:\mkccsybi.exe
2008-07-10 13:00 . 2008-07-10 13:00 <DIR> d-------- C:\Program Files\Witcobber
2008-07-10 13:00 . 2008-07-10 13:01 407,094 --a------ C:\setupupdate.exe
2008-07-10 09:30 . 2008-06-11 02:51 318,488 --a------ C:\Windows\System32\drivers\iaStor.sys
2008-07-10 03:04 . 2008-07-10 03:04 <DIR> d-------- C:\Windows\SQLTools9_KB948109_ENU
2008-07-10 03:01 . 2008-07-10 03:01 <DIR> d-------- C:\Windows\SQL9_KB948109_ENU
2008-07-08 22:26 . 2008-07-08 22:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-08 08:23 . 2008-07-23 19:16 55,117 --a------ C:\Users\All Users\nvModes.dat
2008-07-08 08:23 . 2008-07-23 19:16 55,117 --a------ C:\ProgramData\nvModes.dat
2008-07-08 08:12 . 2008-06-18 13:46 8,871,936 --a------ C:\Windows\System32\nvoglv32.dll
2008-07-07 22:53 . 2008-07-07 23:08 <DIR> d-------- C:\Program Files\AllToAVI
2008-07-07 21:43 . 2008-07-07 21:43 <DIR> d-------- C:\Program Files\OJOsoft
2008-07-07 21:41 . 2008-07-07 21:41 <DIR> d-------- C:\Program Files\XVideoConverter
2008-07-07 13:08 . 2008-07-10 16:08 <DIR> d-------- C:\Users\Owner\AppData\Roaming\DivXMuxGui
2008-07-06 18:39 . 2006-01-12 11:27 208,896 --a------ C:\bmptoxsub.exe
2008-07-06 18:38 . 2006-03-06 16:28 901,120 --a------ C:\DivXMux.exe
2008-07-06 18:31 . 2008-07-06 18:31 <DIR> d-------- C:\Program Files\DivX
2008-07-06 18:29 . 2008-07-06 18:29 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-07-06 17:04 . 2007-11-29 12:52 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-07-06 17:04 . 2007-12-24 13:47 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-07-06 17:04 . 2007-12-03 16:34 6,144 --a------ C:\Windows\System32\ff_acm.acm
2008-07-06 17:04 . 2007-11-29 12:52 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-07-06 16:56 . 2008-07-06 17:04 <DIR> d-------- C:\Program Files\TVersity Codec Pack
2008-07-06 16:54 . 2008-07-06 16:54 <DIR> d-------- C:\Program Files\TVersity
2008-07-06 16:35 . 2008-07-06 16:38 <DIR> d-------- C:\Program Files\Sub2Divx
2008-06-28 22:09 . 2008-06-28 22:09 0 --a------ C:\Windows\muma2004.INI
2008-06-26 22:10 . 2008-07-14 14:34 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-06-23 23:17 . 2008-06-23 23:17 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-06-23 23:02 . 2003-07-19 23:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-06-23 23:02 . 2005-01-03 14:43 4,682 --a------ C:\Windows\System32\npptNT2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 11:27 239,533,088 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-07-23 11:14 3,207,512 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-07-23 11:13 --------- d-----w C:\Users\Owner\AppData\Roaming\uTorrent
2008-07-23 09:27 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-22 16:44 --------- d-----w C:\Program Files\Warcraft III
2008-07-17 12:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 14:36 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-07-09 19:11 --------- d-----w C:\Program Files\Windows Mail
2008-07-09 19:04 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-07-08 16:15 --------- d-----w C:\Program Files\eMedia Intermediate Guitar Method
2008-07-08 00:24 --------- d-----w C:\ProgramData\NVIDIA
2008-07-07 13:44 --------- d---a-w C:\ProgramData\TEMP
2008-07-06 06:13 55,117 ----a-w C:\Users\Owner\AppData\Roaming\nvModes.dat
2008-06-23 08:21 --------- d-----w C:\Program Files\Launch Manager
2008-06-22 09:36 --------- d-----w C:\Users\Owner\AppData\Roaming\SecondLife
2008-06-22 09:08 --------- d-----w C:\Program Files\SecondLife
2008-06-22 08:03 --------- d-----w C:\Users\Owner\AppData\Roaming\Xfire
2008-06-22 08:03 --------- d-----w C:\ProgramData\Xfire
2008-06-22 08:03 --------- d-----w C:\Program Files\Xfire
2008-06-22 07:57 --------- d-----w C:\Program Files\AeriaGames
2008-06-22 02:39 --------- d-----w C:\Program Files\GameHouse Games Collection
2008-06-22 00:03 6,783 ----a-w C:\Program Files\install.log
2008-06-22 00:03 --------- d-----w C:\ProgramData\Gamespot
2008-06-22 00:03 --------- d-----w C:\Program Files\GameSpot
2008-06-20 14:36 80,936 ----a-w C:\Windows\system32\drivers\btwavdt.sys
2008-06-20 14:36 80,424 ----a-w C:\Windows\system32\drivers\btwaudio.sys
2008-06-20 14:36 233,472 ----a-w C:\Windows\System32\BtwRSupport.dll
2008-06-20 14:36 16,168 ----a-w C:\Windows\system32\drivers\btwrchid.sys
2008-06-16 08:34 446,464 ----a-w C:\Windows\System32\nvuninst.exe
2008-06-16 03:09 1,034,776 ----a-w C:\Windows\System32\imsmudlg.exe
2008-06-11 13:30 --------- d-----w C:\Program Files\Portable Brain Challenge 1.2.5.0
2008-06-11 13:30 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-11 10:16 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-06-11 10:16 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-06-11 10:16 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-06-11 10:06 157,184 ----a-w C:\Windows\System32\kcxtdmjb.dll
2008-06-11 04:57 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-06-08 13:37 19,943,936 ----a-w C:\Windows\System32\imageres.dll
2008-06-08 13:26 --------- d-----w C:\ProgramData\Stardock
2008-06-08 13:26 --------- d-----w C:\Program Files\Stardock
2008-05-31 10:35 342,092,401 ----a-w C:\Windows\DUMP5050.tmp
2008-05-28 10:26 --------- d-----w C:\Users\Owner\AppData\Roaming\OnReally
2008-05-28 10:26 --------- d-----w C:\Program Files\OnReally
2008-05-25 11:54 --------- d-----w C:\Program Files\The Amazing Brain Train
2008-05-25 09:41 --------- d-----w C:\ProgramData\WindowsSearch
2008-05-23 02:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 10:00 719,872 ----a-w C:\Windows\System32\devil.dll
2008-04-25 10:00 349,184 ----a-w C:\Windows\System32\avisynth.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-24 02:46 2,829 ----a-w C:\Windows\War3Unin.pif
2008-04-24 02:46 139,264 ----a-w C:\Windows\War3Unin.exe
2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-03-26 15:03 174 --sha-w C:\Program Files\desktop.ini
2008-02-22 23:21 22,328 ----a-w C:\Users\Owner\AppData\Roaming\PnkBstrK.sys
2008-02-22 15:08 0 ----a-w C:\Users\Owner\SCHDLR.DAT
2007-09-11 07:26 61,647,736 ----a-w C:\Users\Public\directx_aug2007_redist.exe
2007-08-06 05:31 6,211,190 ----a-w C:\Users\Public\Combined-Community-Codec-Pack-2007-07-22.exe
2006-10-23 20:13 23,510,720 ----a-w C:\Users\Public\dotnetfx.exe
2004-12-04 17:47 1,164,112 ----a-w C:\Users\Public\wrar341.exe
2008-04-17 04:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-17 04:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-17 04:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-07-23_17.21.05.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-23 09:12:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-23 11:15:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-23 09:13:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-07-23 11:15:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-07-23 09:15:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-23 11:27:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-07-23 11:27:11 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-23 09:12:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-23 11:15:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-23 09:12:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-23 11:15:41 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-23 09:12:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-23 11:15:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-23 09:00:46 123,862 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-23 11:22:13 123,862 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-23 09:00:46 654,064 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-23 11:22:13 654,064 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-23 09:14:37 14,190 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-682308223-3612340363-349816915-1000_UserData.bin
+ 2008-07-23 11:17:31 14,364 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-682308223-3612340363-349816915-1000_UserData.bin
- 2008-07-23 09:14:37 92,438 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-23 11:17:31 92,562 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9669B04A-756E-4B65-9000-31223B579D2C}]
2008-07-22 13:54 245760 --a------ C:\Windows\system32\opnnnlkK.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 15:33 125952]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-07-12 22:54 4608]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 15:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 13:09 865840]
"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-26 05:47 45056]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 02:51 178712]
"SetSpeaker"="C:\Windows\SetSpkDefault.exe" [2007-11-27 18:23 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-12 05:54 1286144]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-06-18 13:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-06-18 13:46 92704]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2008-07-10 19:33 94208]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 18:39 4702208 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.avis"= ff_acm.acm
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
path=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
backup=C:\Windows\pss\PowerReg SchedulerV2.exe.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
--a------ 2007-02-03 02:05 1261568 C:\Program Files\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
--a------ 2007-02-03 03:24 3383296 C:\Program Files\Acer Registration\ACE1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-08-02 09:30 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 22:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2007-04-26 07:33 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-01-09 23:46 52256 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2007-07-31 09:36 707080 C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
--a------ 2007-03-14 15:42 321088 C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-11-08 13:27 222208 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
--------- 2007-05-25 05:38 206952 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-01-09 23:46 68640 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B6C4D3B6-D866-4F8A-BD95-3F68EA80CD56}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{8451B11E-A98D-4AA1-93C4-2A77CA5275F7}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4327829C-53E2-4708-B1F6-50A583BF5E6F}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB57721A-FAFE-4224-8FE6-1202ADE9551F}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{63FAD5EE-40F9-4F37-8364-B638686E2FB0}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{33AC3061-41F2-43BB-A95E-7B4FD5638DF6}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{774D634A-FC17-4EF3-BEFD-07FBA9A4626F}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{54AC1D94-320B-4738-8979-0D86836D9214}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM
"TCP Query User{C29BE396-8F41-4393-A034-9F438083F123}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{49BF3277-D332-4AE7-8D5A-A67829342B86}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"{65C41BB9-F8A3-40A0-A9BE-817EB9E41B11}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2C70CD87-0A90-4581-AC69-E316F12CB6F3}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{1B105881-ADA9-46C9-A5BA-831F0AEBB26D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{02148CE1-2929-442C-8980-FCB72504DEC5}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{32A14FF2-933E-40DB-A50A-9436CC0B7962}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{13D71ABE-34DF-4FDB-AC2B-342A167C8E53}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"TCP Query User{8667703F-CBD1-48C1-B588-8C320C2BDBB7}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{39E914C1-7FCB-4C1B-8BB8-5C6D5F9C42C4}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{703C9E2A-4884-46C2-A82F-6F7DC6DE3D19}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{98B2BC5F-712B-424B-876B-396A828EB853}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{EE0DA6F4-8FAF-4AEE-B505-5C1EA61EE757}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{FB8F0DC3-DCA1-404B-9A4B-8B31E9CCFB21}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{ACA20643-8DA7-49F6-A4F1-871A8FB16A1F}C:\\program files\\doom 3\\doom3ded.exe"= UDP:C:\program files\doom 3\doom3ded.exe:DOOM 3
"UDP Query User{3BD4F661-7D4E-4FF3-84CE-2A1F69DEA37C}C:\\program files\\doom 3\\doom3ded.exe"= TCP:C:\program files\doom 3\doom3ded.exe:DOOM 3
"TCP Query User{BAB46CF5-751F-4849-8094-4EB317D16064}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= UDP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program
"UDP Query User{516FB40D-B11C-46A1-91E6-884BC4806375}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= TCP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program
"{51906B22-0BEE-43DE-A539-EB3081A4D807}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F69C8203-92BA-49D9-8BC1-3A64A2B2AAD5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B7143FCC-0C93-4914-8C3D-E7FF2C51A164}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{DB9416FC-2588-44D9-A3E6-1726B0D7208D}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{B6B88143-CD15-4C97-B056-66EFAB2EF767}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{41629C54-0578-4C50-AEC0-E9F6DD33C74F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{A9856CAA-C516-4AA2-9099-481AAA287038}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8ED54CC1-3F0B-4B56-AAD2-1E5ED9437A58}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F86CA28D-43C7-4213-A17D-60A674320CD8}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{4010C0F8-4EEF-4409-8C41-ADA796A738AD}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{8F66D760-D971-422F-B674-049AD21A5B6E}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{908F764F-0C7E-47DB-B5CE-89BA8F1F3A50}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"TCP Query User{A9CF2C5E-DA65-4731-9F13-32E325541472}C:\\program files\\valve\\condition zero\\hl.exe"= UDP:C:\program files\valve\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{03E983E0-6050-4C3C-93F1-607F1411BB68}C:\\program files\\valve\\condition zero\\hl.exe"= TCP:C:\program files\valve\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{E3AC06D4-BA89-48E7-B655-DC13FD01556B}C:\\valve\\condition zero\\hl.exe"= UDP:C:\valve\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{C3B98723-11BF-4562-9213-6DD20D23231E}C:\\valve\\condition zero\\hl.exe"= TCP:C:\valve\condition zero\hl.exe:Half-Life Launcher
"{E45B55EF-162D-4587-A885-F32DD51D911C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{28A250F8-0A98-4172-BA31-6CC6A9E3A6E1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2CA34C90-DD5B-4EA1-9940-0F88BD0C81B0}"= TCP:67:DHCP Discovery Service
"{EB8D2610-B5A3-4A5C-8519-648EB89CAE5D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{26C051ED-DEAE-471F-82DA-32137AE25F1F}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{5B321763-B180-4E91-8CBC-39AC63D6DCF9}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{7BBBB66B-9444-4A78-BD62-3516A1073685}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"{027C62EB-F615-4738-86E8-4942215E1DF3}"= TCP:67:DHCP Discovery Service
"TCP Query User{79930AE0-D7DC-428F-863C-F212654D1F84}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{933A6C1A-3DED-42D5-AEC9-07965CEF46D5}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{D72E124F-0489-4936-B416-11017B143CC5}C:\\q3ademo\\quake3.exe"= UDP:C:\q3ademo\quake3.exe:quake3
"UDP Query User{13A1D4BC-1E8D-48B8-88D7-5B9EF762F422}C:\\q3ademo\\quake3.exe"= TCP:C:\q3ademo\quake3.exe:quake3
"TCP Query User{1ECD0BED-AB97-4A8A-A0DA-5911DDD0C7F2}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{89EC90D4-65F2-498B-AA4C-AE352D083A11}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"TCP Query User{59AD8AC6-C176-4384-8312-2FCA2CEFE8E1}C:\\program files\\kav\\kav7.0\\english\\setup.exe"= UDP:C:\program files\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{3B32FED3-8070-43CD-B42E-21B33D221DA7}C:\\program files\\kav\\kav7.0\\english\\setup.exe"= TCP:C:\program files\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{01F2847F-FA97-4470-8348-B9F4759BB1A5}"= UDP:C:\Program Files\AeriaGames\Shaiya\Updater.exe:Shaiya
"{24BABF81-83F0-43A8-A2FC-9839A2741CC6}"= TCP:C:\Program Files\AeriaGames\Shaiya\Updater.exe:Shaiya
"{8F1BC92F-EB04-4D00-8943-9D8036239257}"= UDP:C:\Program Files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{274C58DC-792C-48A4-B128-E2D02934222B}"= TCP:C:\Program Files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"TCP Query User{3196DB32-4752-4830-8342-D65AE81F4207}C:\\program files\\simplecenter\\simplecenter.exe"= UDP:C:\program files\simplecenter\simplecenter.exe:SimpleCenter Media Manager and Server
"UDP Query User{6DF7F041-EE82-4A32-9F61-61E45D544672}C:\\program files\\simplecenter\\simplecenter.exe"= TCP:C:\program files\simplecenter\simplecenter.exe:SimpleCenter Media Manager and Server
"{5CD9A52A-7D5C-4ECF-9982-F583A269200D}"= UDP:1900:SimpleCenter1900
"{826AB838-F9E2-4F08-A894-CE27CFB154CD}"= UDP:49156:SimpleCenter49156
"{2B4C443C-B3A4-4707-AB7F-1F519472F0A0}"= UDP:49157:SimpleCenter49157
"TCP Query User{B82E6229-4DE8-432E-BD05-C2609DBEF7A6}C:\\program files\\garena\\garena.exe"= UDP:C:\program files\garena\garena.exe:Garena
"UDP Query User{3669C362-CFF2-44FB-A406-42FCD17E1ACD}C:\\program files\\garena\\garena.exe"= TCP:C:\program files\garena\garena.exe:Garena

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-03 08:51]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-27 05:24]
R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files\HWiNFO32\HWiNFO32.SYS [2008-06-03 15:36]
R2 ithsgt;ithsgt;C:\Windows\system32\DRIVERS\ithsgt.sys [2008-03-18 22:12]
R2 lilsgt;lilsgt;C:\Windows\system32\DRIVERS\lilsgt.sys [2008-03-18 22:12]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\Windows\system32\drivers\libusb0.sys [2005-03-09 20:50]
R3 Tetris;Tetris driver;C:\Windows\system32\Drivers\Tetris.sys [2008-03-20 19:35]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 15:09]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 19:53]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 15:03]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2008-06-20 22:36]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2008-06-20 22:36]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2008-06-20 22:36]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\Windows\system32\NSNDIS5.SYS [2004-03-24 10:12]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 18:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ed470c2-f650-11dc-a7f2-d6d303039dab}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
Contents of the 'Scheduled Tasks' folder
"2008-07-23 00:30:05 C:\Windows\Tasks\User_Feed_Synchronization-{CC37677D-DB97-4C60-A857-052C8F5211D0}.job"
- C:\Windows\system32\msfeedssync.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://en.us.acer.yahoo.com
R1 -: HKCU-Internet Settings,ProxyServer = msp01:8080
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 -: HKLM\CCS\Interface\{322E9C82-0288-4BCC-BC91-D8636096D3C9}: NameServer = 202.160.9.9,202.160.8.2
O17 -: HKLM\CCS\Interface\{34D86CA1-5EEA-41B4-8783-C12141923980}: NameServer = 202.160.8.2,202.160.8.20


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 19:27:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-07-23 19:30:00
ComboFix-quarantined-files.txt 2008-07-23 11:28:53
ComboFix2.txt 2008-07-23 11:24:06
ComboFix3.txt 2008-07-23 09:22:46
ComboFix4.txt 2008-05-27 10:09:04

Pre-Run: 39,071,993,856 bytes free
Post-Run: 39,020,613,632 bytes free

367 --- E O F --- 2008-07-11 17:39:25

#2 User is offline   annon 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 17
  • Joined: 27-May 08

Posted 24 July 2008 - 01:36 AM

my pc is fine now.. i used Malwarebytes' Anti-Malware..

but sometimes it slows down and task manager shows the physical memory usage is more than 50% while cpu usage is around 50%..

here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:12 PM, on 7/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Acer Assist\AcerAssist.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = msp01:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SetSpeaker] C:\Windows\SetSpkDefault.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: PowerReg SchedulerV2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{322E9C82-0288-4BCC-BC91-D8636096D3C9}: NameServer = 202.160.9.9,202.160.8.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{34D86CA1-5EEA-41B4-8783-C12141923980}: NameServer = 202.160.8.2,202.160.8.20
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Users\Owner\AppData\Local\Temp\RarSFX1\ShaiyaUpdater\FileZilla Server\FileZilla server.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12527 bytes

#3 User is offline   Carolyn 

  • Bleepin' kitten
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,131
  • Joined: 12-July 07

Posted 07 August 2008 - 04:16 PM

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am sorry that we were unable to reply to your post sooner. The forums have been very busy.

If you are still in need of assistance, please scan again with HijackThis and post a fresh log.

Also, please make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

Post the fresh HijackThis log and the uninstall list in the body of your next reply.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#4 User is offline   Carolyn 

  • Bleepin' kitten
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,131
  • Joined: 12-July 07

Posted 15 August 2008 - 12:05 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users