Help. My Taskbar (explorer) Keeps Disappearing

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Help. My Taskbar (explorer) Keeps Disappearing

Options

annon View Member Profile	Jul 23 2008, 06:45 AM Post #1
Member Group: Members Posts: 16 Joined: 27-May 08 Member No.: 211,744	my taskbar keeps disappearing. i opened task manager and run explorer to make it appear. but then it disappeared again.. i'm running windows vista home premium. i scanned my computer with ComboFix. please help asap. this is the log: ---------------- ComboFix 08-07-22.3 - Owner 2008-07-23 19:25:19.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1098 [GMT 8:00] Running from: C:\Users\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))) . 2008-07-22 13:54 . 2008-07-22 13:54 245,760 --a------ C:\Windows\System32\opnnnlkK.dll 2008-07-22 13:49 . 2008-07-22 13:49 <DIR> d-------- C:\Program Files\Photo To Color Sketch 2008-07-22 13:44 . 2008-07-22 13:44 <DIR> d-------- C:\Windows\Full Speed 2008-07-22 13:44 . 2008-07-22 13:47 <DIR> d-------- C:\Program Files\Full Speed 2008-07-17 20:55 . 2008-07-22 23:16 <DIR> d-------- C:\Program Files\Garena 2008-07-16 18:29 . 2008-07-16 18:29 <DIR> d-------- C:\Program Files\PBP Unpacker 2008-07-16 18:29 . 2005-05-24 21:24 169,534 --a------ C:\Windows\SFO.ICO 2008-07-14 22:42 . 2008-07-14 22:42 <DIR> d-------- C:\Program Files\Belarc 2008-07-14 15:40 . 2008-07-14 15:40 <DIR> d-------- C:\Windows\Java 2008-07-14 15:40 . 2008-07-14 15:40 <DIR> d-------- C:\Program Files\PC Wizard 2008 2008-07-14 15:40 . 2007-09-15 16:11 27,136 --a------ C:\Windows\System32\PCWizard.cpl 2008-07-14 15:11 . 2008-07-14 15:11 <DIR> d-------- C:\Program Files\HWiNFO32 2008-07-14 10:46 . 2008-07-14 10:46 <DIR> d-------- C:\Program Files\Xilisoft 2008-07-14 10:46 . 2008-07-14 10:46 <DIR> d-------- C:\Program Files\QuickTime 2008-07-12 22:55 . 2008-07-12 22:55 <DIR> d-------- C:\Program Files\DVD Decrypter 2008-07-12 22:54 . 2008-02-22 19:30 334,792 --a------ C:\Windows\System32\_AxShlEx.dll 2008-07-12 22:52 . 2008-07-12 22:52 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-07-11 10:46 . 2008-06-26 09:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll 2008-07-11 10:46 . 2008-06-26 09:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll 2008-07-11 10:46 . 2008-06-26 11:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll 2008-07-10 19:36 . 2008-07-10 22:12 <DIR> d-------- C:\Users\Owner\.SimpleCenter 2008-07-10 19:36 . 2008-07-10 19:36 <DIR> d-------- C:\Program Files\Common Files\MainConcept 2008-07-10 19:33 . 2008-07-10 19:33 <DIR> d-------- C:\Program Files\SimpleCenter 2008-07-10 19:33 . 2008-07-10 19:33 <DIR> d-------- C:\Program Files\Common Files\i4j_jres 2008-07-10 16:53 . 2008-07-10 16:53 <DIR> d-------- C:\Program Files\AC3Filter 2008-07-10 16:53 . 2008-07-09 16:05 421,888 --a------ C:\Windows\System32\ac3filter.acm 2008-07-10 16:48 . 2008-07-10 16:48 <DIR> d-------- C:\Program Files\Haali 2008-07-10 16:04 . 2008-07-10 16:04 <DIR> d-------- C:\Users\Owner\AppData\Roaming\AVSMedia 2008-07-10 16:04 . 2008-07-10 16:04 <DIR> d-------- C:\Users\All Users\AVS4YOU 2008-07-10 16:04 . 2008-07-10 16:04 <DIR> d-------- C:\ProgramData\AVS4YOU 2008-07-10 16:03 . 2008-07-10 16:03 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2008-07-10 16:02 . 2008-07-10 16:02 <DIR> d-------- C:\Program Files\AVSMedia 2008-07-10 13:03 . 2008-07-10 13:03 29,696 --a------ C:\mkccsybi.exe 2008-07-10 13:00 . 2008-07-10 13:00 <DIR> d-------- C:\Program Files\Witcobber 2008-07-10 13:00 . 2008-07-10 13:01 407,094 --a------ C:\setupupdate.exe 2008-07-10 09:30 . 2008-06-11 02:51 318,488 --a------ C:\Windows\System32\drivers\iaStor.sys 2008-07-10 03:04 . 2008-07-10 03:04 <DIR> d-------- C:\Windows\SQLTools9_KB948109_ENU 2008-07-10 03:01 . 2008-07-10 03:01 <DIR> d-------- C:\Windows\SQL9_KB948109_ENU 2008-07-08 22:26 . 2008-07-08 22:26 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-08 08:23 . 2008-07-23 19:16 55,117 --a------ C:\Users\All Users\nvModes.dat 2008-07-08 08:23 . 2008-07-23 19:16 55,117 --a------ C:\ProgramData\nvModes.dat 2008-07-08 08:12 . 2008-06-18 13:46 8,871,936 --a------ C:\Windows\System32\nvoglv32.dll 2008-07-07 22:53 . 2008-07-07 23:08 <DIR> d-------- C:\Program Files\AllToAVI 2008-07-07 21:43 . 2008-07-07 21:43 <DIR> d-------- C:\Program Files\OJOsoft 2008-07-07 21:41 . 2008-07-07 21:41 <DIR> d-------- C:\Program Files\XVideoConverter 2008-07-07 13:08 . 2008-07-10 16:08 <DIR> d-------- C:\Users\Owner\AppData\Roaming\DivXMuxGui 2008-07-06 18:39 . 2006-01-12 11:27 208,896 --a------ C:\bmptoxsub.exe 2008-07-06 18:38 . 2006-03-06 16:28 901,120 --a------ C:\DivXMux.exe 2008-07-06 18:31 . 2008-07-06 18:31 <DIR> d-------- C:\Program Files\DivX 2008-07-06 18:29 . 2008-07-06 18:29 <DIR> d-------- C:\Windows\System32\URTTEMP 2008-07-06 17:04 . 2007-11-29 12:52 60,273 --a------ C:\Windows\System32\pthreadGC2.dll 2008-07-06 17:04 . 2007-12-24 13:47 7,680 --a------ C:\Windows\System32\ff_vfw.dll 2008-07-06 17:04 . 2007-12-03 16:34 6,144 --a------ C:\Windows\System32\ff_acm.acm 2008-07-06 17:04 . 2007-11-29 12:52 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest 2008-07-06 16:56 . 2008-07-06 17:04 <DIR> d-------- C:\Program Files\TVersity Codec Pack 2008-07-06 16:54 . 2008-07-06 16:54 <DIR> d-------- C:\Program Files\TVersity 2008-07-06 16:35 . 2008-07-06 16:38 <DIR> d-------- C:\Program Files\Sub2Divx 2008-06-28 22:09 . 2008-06-28 22:09 0 --a------ C:\Windows\muma2004.INI 2008-06-26 22:10 . 2008-07-14 14:34 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-06-23 23:17 . 2008-06-23 23:17 <DIR> d-------- C:\Program Files\Common Files\INCA Shared 2008-06-23 23:02 . 2003-07-19 23:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd 2008-06-23 23:02 . 2005-01-03 14:43 4,682 --a------ C:\Windows\System32\npptNT2.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-23 11:27 239,533,088 --sha-w C:\Windows\system32\drivers\fidbox.dat 2008-07-23 11:14 3,207,512 --sha-w C:\Windows\system32\drivers\fidbox.idx 2008-07-23 11:13 --------- d-----w C:\Users\Owner\AppData\Roaming\uTorrent 2008-07-23 09:27 --------- d-----w C:\ProgramData\Kaspersky Lab 2008-07-22 16:44 --------- d-----w C:\Program Files\Warcraft III 2008-07-17 12:55 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-12 14:36 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-07-09 19:11 --------- d-----w C:\Program Files\Windows Mail 2008-07-09 19:04 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-07-08 16:15 --------- d-----w C:\Program Files\eMedia Intermediate Guitar Method 2008-07-08 00:24 --------- d-----w C:\ProgramData\NVIDIA 2008-07-07 13:44 --------- d---a-w C:\ProgramData\TEMP 2008-07-06 06:13 55,117 ----a-w C:\Users\Owner\AppData\Roaming\nvModes.dat 2008-06-23 08:21 --------- d-----w C:\Program Files\Launch Manager 2008-06-22 09:36 --------- d-----w C:\Users\Owner\AppData\Roaming\SecondLife 2008-06-22 09:08 --------- d-----w C:\Program Files\SecondLife 2008-06-22 08:03 --------- d-----w C:\Users\Owner\AppData\Roaming\Xfire 2008-06-22 08:03 --------- d-----w C:\ProgramData\Xfire 2008-06-22 08:03 --------- d-----w C:\Program Files\Xfire 2008-06-22 07:57 --------- d-----w C:\Program Files\AeriaGames 2008-06-22 02:39 --------- d-----w C:\Program Files\GameHouse Games Collection 2008-06-22 00:03 6,783 ----a-w C:\Program Files\install.log 2008-06-22 00:03 --------- d-----w C:\ProgramData\Gamespot 2008-06-22 00:03 --------- d-----w C:\Program Files\GameSpot 2008-06-20 14:36 80,936 ----a-w C:\Windows\system32\drivers\btwavdt.sys 2008-06-20 14:36 80,424 ----a-w C:\Windows\system32\drivers\btwaudio.sys 2008-06-20 14:36 233,472 ----a-w C:\Windows\System32\BtwRSupport.dll 2008-06-20 14:36 16,168 ----a-w C:\Windows\system32\drivers\btwrchid.sys 2008-06-16 08:34 446,464 ----a-w C:\Windows\System32\nvuninst.exe 2008-06-16 03:09 1,034,776 ----a-w C:\Windows\System32\imsmudlg.exe 2008-06-11 13:30 --------- d-----w C:\Program Files\Portable Brain Challenge 1.2.5.0 2008-06-11 13:30 --------- d-----w C:\Program Files\Kaspersky Lab 2008-06-11 10:16 96,966 ----a-w C:\Windows\system32\drivers\klin.dat 2008-06-11 10:16 88,774 ----a-w C:\Windows\system32\drivers\klick.dat 2008-06-11 10:16 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys 2008-06-11 10:06 157,184 ----a-w C:\Windows\System32\kcxtdmjb.dll 2008-06-11 04:57 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files 2008-06-08 13:37 19,943,936 ----a-w C:\Windows\System32\imageres.dll 2008-06-08 13:26 --------- d-----w C:\ProgramData\Stardock 2008-06-08 13:26 --------- d-----w C:\Program Files\Stardock 2008-05-31 10:35 342,092,401 ----a-w C:\Windows\DUMP5050.tmp 2008-05-28 10:26 --------- d-----w C:\Users\Owner\AppData\Roaming\OnReally 2008-05-28 10:26 --------- d-----w C:\Program Files\OnReally 2008-05-25 11:54 --------- d-----w C:\Program Files\The Amazing Brain Train 2008-05-25 09:41 --------- d-----w C:\ProgramData\WindowsSearch 2008-05-23 02:04 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll 2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll 2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll 2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll 2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll 2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe 2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe 2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe 2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 10:00 719,872 ----a-w C:\Windows\System32\devil.dll 2008-04-25 10:00 349,184 ----a-w C:\Windows\System32\avisynth.dll 2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-04-24 02:46 2,829 ----a-w C:\Windows\War3Unin.pif 2008-04-24 02:46 139,264 ----a-w C:\Windows\War3Unin.exe 2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll 2008-03-26 15:03 174 --sha-w C:\Program Files\desktop.ini 2008-02-22 23:21 22,328 ----a-w C:\Users\Owner\AppData\Roaming\PnkBstrK.sys 2008-02-22 15:08 0 ----a-w C:\Users\Owner\SCHDLR.DAT 2007-09-11 07:26 61,647,736 ----a-w C:\Users\Public\directx_aug2007_redist.exe 2007-08-06 05:31 6,211,190 ----a-w C:\Users\Public\Combined-Community-Codec-Pack-2007-07-22.exe 2006-10-23 20:13 23,510,720 ----a-w C:\Users\Public\dotnetfx.exe 2004-12-04 17:47 1,164,112 ----a-w C:\Users\Public\wrar341.exe 2008-04-17 04:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-04-17 04:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-04-17 04:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-07-23_17.21.05.04 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-23 09:12:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-07-23 11:15:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-07-23 09:13:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-07-23 11:15:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat - 2008-07-23 09:15:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-07-23 11:27:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-07-23 11:27:11 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-07-23 09:12:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-07-23 11:15:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-07-23 09:12:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-07-23 11:15:41 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-07-23 09:12:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-07-23 11:15:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-07-23 09:00:46 123,862 ----a-w C:\Windows\System32\perfc009.dat + 2008-07-23 11:22:13 123,862 ----a-w C:\Windows\System32\perfc009.dat - 2008-07-23 09:00:46 654,064 ----a-w C:\Windows\System32\perfh009.dat + 2008-07-23 11:22:13 654,064 ----a-w C:\Windows\System32\perfh009.dat - 2008-07-23 09:14:37 14,190 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-682308223-3612340363-349816915-1000_UserData.bin + 2008-07-23 11:17:31 14,364 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-682308223-3612340363-349816915-1000_UserData.bin - 2008-07-23 09:14:37 92,438 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-07-23 11:17:31 92,562 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9669B04A-756E-4B65-9000-31223B579D2C}] 2008-07-22 13:54 245760 --a------ C:\Windows\system32\opnnnlkK.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 15:33 125952] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-07-12 22:54 4608] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 15:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 13:09 865840] "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-26 05:47 45056] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 02:51 178712] "SetSpeaker"="C:\Windows\SetSpkDefault.exe" [2007-11-27 18:23 86016] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-12 05:54 1286144] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-06-18 13:46 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-06-18 13:46 92704] "sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2008-07-10 19:33 94208] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 18:39 4702208 C:\Windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "VIDC.XFR1"= xfcodec.dll "msacm.avis"= ff_acm.acm "msacm.ac3filter"= ac3filter.acm [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe] path=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe backup=C:\Windows\pss\PowerReg SchedulerV2.exe.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher] --a------ 2007-02-03 02:05 1261568 C:\Program Files\Acer Assist\launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration] --a------ 2007-02-03 03:24 3383296 C:\Program Files\Acer Registration\ACE1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] --a------ 2007-08-02 09:30 151552 C:\Acer\AcerTour\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-09-18 22:16 171464 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] --a------ 2007-04-26 07:33 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-01-09 23:46 52256 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2007-07-31 09:36 707080 C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp] --a------ 2007-03-14 15:42 321088 C:\Program Files\Pure Networks\Network Magic\nmapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2006-11-08 13:27 222208 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] --------- 2007-05-25 05:38 206952 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-01-09 23:46 68640 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{B6C4D3B6-D866-4F8A-BD95-3F68EA80CD56}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{8451B11E-A98D-4AA1-93C4-2A77CA5275F7}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{4327829C-53E2-4708-B1F6-50A583BF5E6F}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{CB57721A-FAFE-4224-8FE6-1202ADE9551F}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{63FAD5EE-40F9-4F37-8364-B638686E2FB0}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{33AC3061-41F2-43BB-A95E-7B4FD5638DF6}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{774D634A-FC17-4EF3-BEFD-07FBA9A4626F}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{54AC1D94-320B-4738-8979-0D86836D9214}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "TCP Query User{C29BE396-8F41-4393-A034-9F438083F123}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "UDP Query User{49BF3277-D332-4AE7-8D5A-A67829342B86}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "{65C41BB9-F8A3-40A0-A9BE-817EB9E41B11}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{2C70CD87-0A90-4581-AC69-E316F12CB6F3}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{1B105881-ADA9-46C9-A5BA-831F0AEBB26D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{02148CE1-2929-442C-8980-FCB72504DEC5}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{32A14FF2-933E-40DB-A50A-9436CC0B7962}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™ "{13D71ABE-34DF-4FDB-AC2B-342A167C8E53}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™ "TCP Query User{8667703F-CBD1-48C1-B588-8C320C2BDBB7}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "UDP Query User{39E914C1-7FCB-4C1B-8BB8-5C6D5F9C42C4}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "TCP Query User{703C9E2A-4884-46C2-A82F-6F7DC6DE3D19}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{98B2BC5F-712B-424B-876B-396A828EB853}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{EE0DA6F4-8FAF-4AEE-B505-5C1EA61EE757}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{FB8F0DC3-DCA1-404B-9A4B-8B31E9CCFB21}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{ACA20643-8DA7-49F6-A4F1-871A8FB16A1F}C:\\program files\\doom 3\\doom3ded.exe"= UDP:C:\program files\doom 3\doom3ded.exe:DOOM 3 "UDP Query User{3BD4F661-7D4E-4FF3-84CE-2A1F69DEA37C}C:\\program files\\doom 3\\doom3ded.exe"= TCP:C:\program files\doom 3\doom3ded.exe:DOOM 3 "TCP Query User{BAB46CF5-751F-4849-8094-4EB317D16064}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= UDP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program "UDP Query User{516FB40D-B11C-46A1-91E6-884BC4806375}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= TCP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program "{51906B22-0BEE-43DE-A539-EB3081A4D807}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F69C8203-92BA-49D9-8BC1-3A64A2B2AAD5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{B7143FCC-0C93-4914-8C3D-E7FF2C51A164}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{DB9416FC-2588-44D9-A3E6-1726B0D7208D}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{B6B88143-CD15-4C97-B056-66EFAB2EF767}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{41629C54-0578-4C50-AEC0-E9F6DD33C74F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{A9856CAA-C516-4AA2-9099-481AAA287038}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{8ED54CC1-3F0B-4B56-AAD2-1E5ED9437A58}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{F86CA28D-43C7-4213-A17D-60A674320CD8}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{4010C0F8-4EEF-4409-8C41-ADA796A738AD}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{8F66D760-D971-422F-B674-049AD21A5B6E}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne "{908F764F-0C7E-47DB-B5CE-89BA8F1F3A50}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne "TCP Query User{A9CF2C5E-DA65-4731-9F13-32E325541472}C:\\program files\\valve\\condition zero\\hl.exe"= UDP:C:\program files\valve\condition zero\hl.exe:Half-Life Launcher "UDP Query User{03E983E0-6050-4C3C-93F1-607F1411BB68}C:\\program files\\valve\\condition zero\\hl.exe"= TCP:C:\program files\valve\condition zero\hl.exe:Half-Life Launcher "TCP Query User{E3AC06D4-BA89-48E7-B655-DC13FD01556B}C:\\valve\\condition zero\\hl.exe"= UDP:C:\valve\condition zero\hl.exe:Half-Life Launcher "UDP Query User{C3B98723-11BF-4562-9213-6DD20D23231E}C:\\valve\\condition zero\\hl.exe"= TCP:C:\valve\condition zero\hl.exe:Half-Life Launcher "{E45B55EF-162D-4587-A885-F32DD51D911C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{28A250F8-0A98-4172-BA31-6CC6A9E3A6E1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{2CA34C90-DD5B-4EA1-9940-0F88BD0C81B0}"= TCP:67:DHCP Discovery Service "{EB8D2610-B5A3-4A5C-8519-648EB89CAE5D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{26C051ED-DEAE-471F-82DA-32137AE25F1F}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{5B321763-B180-4E91-8CBC-39AC63D6DCF9}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{7BBBB66B-9444-4A78-BD62-3516A1073685}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "{027C62EB-F615-4738-86E8-4942215E1DF3}"= TCP:67:DHCP Discovery Service "TCP Query User{79930AE0-D7DC-428F-863C-F212654D1F84}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{933A6C1A-3DED-42D5-AEC9-07965CEF46D5}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{D72E124F-0489-4936-B416-11017B143CC5}C:\\q3ademo\\quake3.exe"= UDP:C:\q3ademo\quake3.exe:quake3 "UDP Query User{13A1D4BC-1E8D-48B8-88D7-5B9EF762F422}C:\\q3ademo\\quake3.exe"= TCP:C:\q3ademo\quake3.exe:quake3 "TCP Query User{1ECD0BED-AB97-4A8A-A0DA-5911DDD0C7F2}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3 "UDP Query User{89EC90D4-65F2-498B-AA4C-AE352D083A11}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3 "TCP Query User{59AD8AC6-C176-4384-8312-2FCA2CEFE8E1}C:\\program files\\kav\\kav7.0\\english\\setup.exe"= UDP:C:\program files\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup "UDP Query User{3B32FED3-8070-43CD-B42E-21B33D221DA7}C:\\program files\\kav\\kav7.0\\english\\setup.exe"= TCP:C:\program files\kav\kav7.0\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup "{01F2847F-FA97-4470-8348-B9F4759BB1A5}"= UDP:C:\Program Files\AeriaGames\Shaiya\Updater.exe:Shaiya "{24BABF81-83F0-43A8-A2FC-9839A2741CC6}"= TCP:C:\Program Files\AeriaGames\Shaiya\Updater.exe:Shaiya "{8F1BC92F-EB04-4D00-8943-9D8036239257}"= UDP:C:\Program Files\TVersity\Media Server\MediaServer.exe:TVersity Media Server "{274C58DC-792C-48A4-B128-E2D02934222B}"= TCP:C:\Program Files\TVersity\Media Server\MediaServer.exe:TVersity Media Server "TCP Query User{3196DB32-4752-4830-8342-D65AE81F4207}C:\\program files\\simplecenter\\simplecenter.exe"= UDP:C:\program files\simplecenter\simplecenter.exe:SimpleCenter Media Manager and Server "UDP Query User{6DF7F041-EE82-4A32-9F61-61E45D544672}C:\\program files\\simplecenter\\simplecenter.exe"= TCP:C:\program files\simplecenter\simplecenter.exe:SimpleCenter Media Manager and Server "{5CD9A52A-7D5C-4ECF-9982-F583A269200D}"= UDP:1900:SimpleCenter1900 "{826AB838-F9E2-4F08-A894-CE27CFB154CD}"= UDP:49156:SimpleCenter49156 "{2B4C443C-B3A4-4707-AB7F-1F519472F0A0}"= UDP:49157:SimpleCenter49157 "TCP Query User{B82E6229-4DE8-432E-BD05-C2609DBEF7A6}C:\\program files\\garena\\garena.exe"= UDP:C:\program files\garena\garena.exe:Garena "UDP Query User{3669C362-CFF2-44FB-A406-42FCD17E1ACD}C:\\program files\\garena\\garena.exe"= TCP:C:\program files\garena\garena.exe:Garena R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-03 08:51] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51] R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-27 05:24] R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files\HWiNFO32\HWiNFO32.SYS [2008-06-03 15:36] R2 ithsgt;ithsgt;C:\Windows\system32\DRIVERS\ithsgt.sys [2008-03-18 22:12] R2 lilsgt;lilsgt;C:\Windows\system32\DRIVERS\lilsgt.sys [2008-03-18 22:12] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\Windows\system32\drivers\libusb0.sys [2005-03-09 20:50] R3 Tetris;Tetris driver;C:\Windows\system32\Drivers\Tetris.sys [2008-03-20 19:35] R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 15:09] S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 19:53] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 15:03] S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2008-06-20 22:36] S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2008-06-20 22:36] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2008-06-20 22:36] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\Windows\system32\NSNDIS5.SYS [2004-03-24 10:12] S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 18:39] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ed470c2-f650-11dc-a7f2-d6d303039dab}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . Contents of the 'Scheduled Tasks' folder "2008-07-23 00:30:05 C:\Windows\Tasks\User_Feed_Synchronization-{CC37677D-DB97-4C60-A857-052C8F5211D0}.job" - C:\Windows\system32\msfeedssync.exe . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 R0 -: HKLM-Main,Start Page = hxxp://en.us.acer.yahoo.com R1 -: HKCU-Internet Settings,ProxyServer = msp01:8080 R1 -: HKCU-Internet Settings,ProxyOverride = .local R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/http://www.yahoo.com O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 -: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 -: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O17 -: HKLM\CCS\Interface\{322E9C82-0288-4BCC-BC91-D8636096D3C9}: NameServer = 202.160.9.9,202.160.8.2 O17 -: HKLM\CCS\Interface\{34D86CA1-5EEA-41B4-8783-C12141923980}: NameServer = 202.160.8.2,202.160.8.20 ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-23 19:27:30 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2008-07-23 19:30:00 ComboFix-quarantined-files.txt 2008-07-23 11:28:53 ComboFix2.txt 2008-07-23 11:24:06 ComboFix3.txt 2008-07-23 09:22:46 ComboFix4.txt 2008-05-27 10:09:04 Pre-Run: 39,071,993,856 bytes free Post-Run: 39,020,613,632 bytes free 367 --- E O F --- 2008-07-11 17:39:25

annon View Member Profile	Jul 24 2008, 01:36 AM Post #2
Member Group: Members Posts: 16 Joined: 27-May 08 Member No.: 211,744	my pc is fine now.. i used Malwarebytes' Anti-Malware.. but sometimes it slows down and task manager shows the physical memory usage is more than 50% while cpu usage is around 50%.. here's the hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:33:12 PM, on 7/24/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Windows\System32\rundll32.exe C:\Program Files\SimpleCenter\bin\win\sclauncher.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Acer Assist\AcerAssist.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = msp01:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [SetSpeaker] C:\Windows\SetSpkDefault.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - Startup: PowerReg SchedulerV2.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{322E9C82-0288-4BCC-BC91-D8636096D3C9}: NameServer = 202.160.9.9,202.160.8.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{34D86CA1-5EEA-41B4-8783-C12141923980}: NameServer = 202.160.8.2,202.160.8.20 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll, O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Users\Owner\AppData\Local\Temp\RarSFX1\ShaiyaUpdater\FileZilla Server\FileZilla server.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12527 bytes

Carolyn View Member Profile	Aug 7 2008, 04:16 PM Post #3
Bleepin' kitten Group: HJT Team Coach Posts: 2,001 Joined: 12-July 07 Member No.: 143,177	Hello and Welcome to the forums! My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Please do not run any other tool untill instructed to do so! Please reply to this thread, do not start another! Please tell me about any problems that have occurred during the fix. Please tell me of any other symptoms you may be having as these can help also. Please try as much as possible not to run anything while executing a fix. If you follow these instructions, everything should go smoothly. I am sorry that we were unable to reply to your post sooner. The forums have been very busy. If you are still in need of assistance, please scan again with HijackThis and post a fresh log. Also, please make an uninstall list using HijackThis To access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply. Post the fresh HijackThis log and the uninstall list in the body of your next reply. -------------------- Member of ASAP (Alliance of Security Analysis Professionals)

Carolyn View Member Profile	Aug 15 2008, 12:05 PM Post #4
Bleepin' kitten Group: HJT Team Coach Posts: 2,001 Joined: 12-July 07 Member No.: 143,177	Due to the lack of feedback, this Topic is closed. If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Member of ASAP (Alliance of Security Analysis Professionals)

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th November 2009 - 04:28 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides