Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows boots to NO taskbar or desktop Icons


  • This topic is locked This topic is locked
2 replies to this topic

#1 AForal

AForal

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Menomonee Falls, Wisconsin
  • Local time:02:03 AM

Posted 17 October 2010 - 07:08 PM

Hello.

My windows xp sp3 is now booting without a taskbar and desktop icons I have run Avast5 and malwarebytes and nothing was found. So I ran combofix before I saw all the warnings, the log is attached...see anything?
Any help would be greatly appreciated.


ComboFix 10-10-16.04 - Alan Foral 10/17/2010 16:38:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3052.2145 [GMT -5:00]
Running from: c:\documents and settings\Alan Foral\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alan Foral\g2mdlhlpx.exe
c:\program files\filesubmit
c:\program files\filesubmit\Tng_Theme\Tng_Theme.zip
c:\windows\system32\6177588.dat
c:\windows\system32\azip32.dll
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dzgtactx.dll
c:\windows\system32\Packet.dll
c:\windows\system32\system
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_SSHNAS
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.

2010-10-17 01:55 . 2008-04-15 20:36 69632 ----a-w- c:\windows\Alcmtr.exe
2010-10-10 03:31 . 2010-10-10 03:31 -------- d-----w- c:\documents and settings\Alan Foral\.gem
2010-10-10 03:26 . 2010-10-10 03:30 -------- d-----w- C:\Ruby
2010-10-10 03:23 . 2010-10-10 03:23 -------- d-----w- c:\windows\hsperfdata_Alan Foral
2010-10-10 03:19 . 2010-10-10 03:19 -------- d-----w- c:\program files\Aptana
2010-10-10 02:15 . 2010-10-10 02:15 -------- d-----w- c:\documents and settings\Alan Foral\.editrocket
2010-10-10 02:15 . 2010-10-10 02:15 -------- d-----w- c:\documents and settings\Alan Foral\.rs
2010-10-10 02:14 . 2010-10-10 02:14 -------- d-----w- c:\program files\EditRocket
2010-10-09 16:37 . 2010-10-09 16:37 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2010-10-09 16:37 . 2010-10-09 16:37 140864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-10-09 16:37 . 2010-10-09 16:37 98304 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-10-09 16:37 . 2010-10-09 16:37 -------- d-----w- c:\program files\Common Files\xing shared
2010-10-09 16:37 . 2010-10-09 16:36 569397 ----a-w- c:\program files\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll
2010-10-09 16:36 . 2010-10-09 16:37 -------- d-----w- c:\program files\real
2010-10-08 18:58 . 2010-10-08 18:58 -------- d-----w- c:\program files\Vectorian Inc
2010-10-07 23:09 . 2010-10-07 23:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\smscut
2010-10-07 22:29 . 2010-10-07 22:29 -------- d-----w- c:\program files\EmailLock
2010-10-07 22:21 . 2010-10-07 22:23 -------- d-----w- C:\tmp
2010-10-07 21:49 . 2010-10-09 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeHideIP
2010-10-07 21:49 . 2010-10-09 03:02 -------- d-----w- c:\documents and settings\Alan Foral\Application Data\FreeHideIP
2010-10-04 19:30 . 2010-10-04 19:30 -------- d-----w- c:\program files\WinSCP
2010-10-04 04:45 . 2010-10-04 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\VanDyke
2010-10-03 01:36 . 2010-10-03 06:20 -------- d-----w- c:\program files\Offline Explorer 2.9
2010-10-03 01:11 . 2010-10-03 02:51 -------- d-----w- c:\documents and settings\Alan Foral\Application Data\Offline Explorer
2010-10-03 01:02 . 2010-10-03 02:38 -------- d-----w- c:\program files\Offline Explorer Pro
2010-10-02 05:18 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-02 05:18 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-02 05:18 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-02 05:18 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-02 05:18 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-02 05:18 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-02 05:18 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-02 05:18 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-02 05:18 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-02 05:17 . 2010-10-02 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-01 14:27 . 2010-10-01 14:27 -------- d-----w- c:\program files\TuneUpMedia
2010-10-01 14:27 . 2010-10-04 02:23 -------- d-----w- c:\documents and settings\Alan Foral\Application Data\TuneUpMedia
2010-10-01 14:27 . 2010-10-01 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-09-30 23:18 . 2010-09-30 23:18 -------- d-----w- c:\program files\iPod
2010-09-30 23:18 . 2010-10-01 14:27 -------- d-----w- c:\program files\iTunes
2010-09-29 22:33 . 2010-09-29 22:33 -------- d-----w- c:\documents and settings\Alan Foral\Local Settings\Application Data\MozSwing
2010-09-29 22:30 . 2010-09-29 22:31 -------- d-----w- c:\program files\SEO PowerSuite
2010-09-28 23:03 . 2010-09-28 23:03 -------- d-----w- c:\documents and settings\Alan Foral\Local Settings\Application Data\TechSmith
2010-09-28 23:00 . 2008-01-18 08:36 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-09-28 23:00 . 2010-09-28 23:00 -------- d-----w- c:\windows\system32\QuickTime
2010-09-28 23:00 . 2010-09-28 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-09-28 23:00 . 2010-09-28 23:00 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-09-28 22:59 . 2010-09-28 22:59 -------- d-----w- c:\program files\TechSmith
2010-09-25 22:33 . 2010-09-25 22:39 -------- d-----w- c:\documents and settings\Alan Foral\Application Data\acccore
2010-09-25 22:33 . 2010-09-26 02:08 -------- d-----w- c:\documents and settings\Alan Foral\Local Settings\Application Data\AIM
2010-09-25 22:33 . 2010-09-25 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-09-25 22:33 . 2010-09-25 22:33 -------- d-----w- c:\program files\AIM
2010-09-25 22:33 . 2010-09-25 22:33 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-09-25 16:02 . 2010-09-25 16:02 -------- d-----w- c:\documents and settings\Alan Foral\Local Settings\Application Data\AOL
2010-09-25 16:01 . 2010-09-25 22:33 -------- d-----w- c:\program files\Common Files\AOL
2010-09-23 23:27 . 2010-09-24 03:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-09-23 23:27 . 2010-09-24 03:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-09-23 23:27 . 2010-09-24 03:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-09-23 23:27 . 2010-09-24 03:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-09-23 23:27 . 2010-09-24 03:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-09-23 23:27 . 2010-09-24 03:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-09-23 23:27 . 2010-09-24 03:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-09-23 23:26 . 2010-09-23 23:27 -------- d-----w- c:\program files\QuickTime
2010-09-22 23:47 . 2010-09-22 23:49 -------- d-----w- c:\program files\Common Files\Articulate
2010-09-22 23:47 . 2004-02-01 14:39 417792 ----a-w- c:\windows\system32\vbalCmdBar6.ocx
2010-09-22 23:47 . 2003-04-01 02:06 94208 ----a-w- c:\windows\system32\vbalIml6.ocx
2010-09-22 23:47 . 2003-01-26 08:11 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-09-22 23:47 . 2003-01-26 10:18 147456 ----a-w- c:\windows\system32\vbzip11.dll
2010-09-22 23:40 . 2010-09-22 23:40 -------- d-----w- c:\program files\Common Files\InstallShield Shared
2010-09-22 23:40 . 2010-09-22 23:48 -------- d-----w- c:\program files\Articulate
2010-09-22 00:14 . 2008-04-14 11:42 93184 ----a-w- c:\program files\Internet Explorer\iexplore2.exe
2010-09-21 22:24 . 2010-09-26 23:23 -------- d-----w- c:\program files\Rolodex Poster
2010-09-21 17:24 . 2010-09-21 17:24 -------- d-----w- c:\program files\Sophos
2010-09-21 17:14 . 2010-09-21 17:14 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-09-21 14:53 . 2010-09-21 14:56 -------- d-----w- c:\program files\Mediachance Dynamic Auto Painter 2.0.7 Portable
2010-09-21 14:51 . 2010-09-21 14:51 -------- d-----w- c:\program files\Domain Samurai
2010-09-21 14:47 . 2010-09-21 14:47 -------- d-----w- c:\program files\Market Samurai
2010-09-21 14:09 . 2010-09-21 14:09 -------- d-----w- c:\program files\CherryPicker
2010-09-21 13:47 . 2010-09-21 13:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-06 297808]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-06 03:17 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5258c432-c281-42f7-8fa4-41fd1e6747b8}]
2010-09-22 13:04 2735200 ----a-w- c:\program files\freeonlinetvbar\tbfre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5258c432-c281-42f7-8fa4-41fd1e6747b8}"= "c:\program files\freeonlinetvbar\tbfre1.dll" [2010-09-22 2735200]

[HKEY_CLASSES_ROOT\clsid\{5258c432-c281-42f7-8fa4-41fd1e6747b8}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5258C432-C281-42F7-8FA4-41FD1E6747B8}"= "c:\program files\freeonlinetvbar\tbfre1.dll" [2010-09-22 2735200]

[HKEY_CLASSES_ROOT\clsid\{5258c432-c281-42f7-8fa4-41fd1e6747b8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-07 39408]
"pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2010-01-04 2775424]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2010-09-15 4973056]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"StatBar"="c:\program files\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IRW"="c:\windows\system32\IRW.exe" [2008-04-15 147456]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2008-04-15 423216]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-15 8527872]
"nwiz"="nwiz.exe" [2008-04-15 1626112]
"PerfectDiskRx"="c:\program files\Raxco\PerfectDiskRx\PerfectDiskRx.exe" [2007-06-18 6030864]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-21 30192]
"SanaSafeConnect"="c:\program files\TrustedID\Identity Theft Protection\agent\bin\SanaSafeConnect.exe" [2008-03-21 1378840]
"MacDrive application"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2009-06-15 201304]
"Getting started with MacDrive"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2008-09-02 141312]
"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2007-03-27 1218048]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"PDFHook"="c:\program files\Nuance\PDF Create 5\pdfcreate5hook.exe" [2009-04-10 1277952]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Create 5\RegistryController.exe" [2008-12-13 58656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-05-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-05-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-05-27 209216]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2006-11-27 255528]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"ProcessTamer"="c:\program files\ProcessTamer\ProcessTamerTray.exe" [2009-03-28 163840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-09 202256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-15 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-15 16855552]

c:\documents and settings\Alan Foral\Start Menu\Programs\Startup\
Anapod Manager.lnk - c:\program files\Red Chair Software\Anapod Explorer\anamgr.exe [2008-6-7 1076276]
Dragon NaturallySpeaking.lnk - c:\program files\Nuance\NaturallySpeaking9\Program\natspeak.exe [2007-2-12 2516584]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-1-8 157088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-1-11 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]
ProcessTamerTray.lnk - c:\program files\ProcessTamer\ProcessTamerTray.exe [2010-5-29 163840]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2010-1-10 77824]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-23 415072]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe"=
"c:\\Program Files\\Cleaner 5\\Cleaner 5.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP DeskJet 1220C Toolbox\\HPW8TBX.exe"=
"c:\\Program Files\\Free Online TV Player\\WTV.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bit Lord 1.1\\BitLord.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AirPort\\APUtil.exe"=
"c:\\Program Files\\IBP 9\\IBP.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Offline Explorer 2.9\\OE.exe"=
"c:\\Program Files\\SecureFX\\SecureFX.exe"=
"c:\\Program Files\\Aptana\\Aptana RadRails\\AptanaRadRails.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:UDP"= 5353:UDP:Bonjour
"57865:TCP"= 57865:TCP:Vuze
"55535:TCP"= 55535:TCP:vuze
"55535:UDP"= 55535:UDP:55535

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [4/30/2009 6:18 PM 284416]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [5/19/2009 2:19 PM 20992]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/2/2010 12:18 AM 165584]
R2 AmigoSvr;AmigoSvr;c:\program files\360Amigo\360Amigo.exe [7/9/2010 7:35 PM 3028992]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [4/15/2008 5:44 PM 132400]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [4/15/2008 5:44 PM 99632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/2/2010 12:18 AM 17744]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [4/15/2008 5:44 PM 5504]
R2 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [11/26/2008 11:23 AM 150528]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [4/15/2008 5:44 PM 6528]
R2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\TrustedID\Identity Theft Protection\agent\Bin\SanaAgent.exe [3/21/2008 3:42 PM 4937240]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\TrustedID\Identity Theft Protection\agent\Bin\SanaSafeConnectWatcher.exe [3/21/2008 3:42 PM 539160]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\drivers\applemtm.sys [1/6/2010 5:50 PM 10496]
R3 applemtp;Apple Multitouch;c:\windows\system32\drivers\applemtp.sys [1/6/2010 5:50 PM 15616]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [1/6/2010 5:18 AM 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [1/6/2010 5:49 PM 19968]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectDriver.sys [3/21/2008 3:43 PM 161304]
R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectFilter.sys [3/21/2008 3:43 PM 29720]
R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\TrustedID\Identity Theft Protection\agent\driver\platform_XP\SafeConnectShim.sys [3/21/2008 3:43 PM 27376]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 9:35 PM 133104]
S2 PD9Engine;PD9Engine;c:\program files\Raxco\PerfectDiskRx\PD9Engine.exe [6/18/2007 3:11 PM 689680]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/6/2010 9:33 PM 30192]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-10-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-09 15:01]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 02:35]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 02:35]

2010-10-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-10-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1844823847-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-10-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-10-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1844823847-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1940427
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer 2.9\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer 2.9\Add_AllO.htm
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Create PDF file - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Save &frame with MetaProducts Inquiry - c:\program files\MetaProducts Inquiry\inquiry.dll/saveframe.htm
IE: Save &image with MetaProducts Inquiry - c:\program files\MetaProducts Inquiry\inquiry.dll/saveimg.htm
IE: Save &page with MetaProducts Inquiry - c:\program files\MetaProducts Inquiry\inquiry.dll/savepage.htm
IE: Save &selection with MetaProducts Inquiry - c:\program files\MetaProducts Inquiry\inquiry.dll/savesel.htm
IE: {{670F87A1-88B0-11d4-9030-000021D9C559} - c:\program files\KMT Software\High Impact eMail 2.0\HIemail.exe
IE: {{C4A67F75-88B2-11d4-9030-000021D9C559} - c:\program files\KMT Software\High Impact eMail 2.0\HIemail.exe
IE: {{55AD98FF-3CB9-4718-B28B-E18F932D7FAB} - {6766A865-215F-465A-B266-9CB9C7BA71FA} - c:\program files\MetaProducts Inquiry\inquiry.dll
IE: {{7FDB9AEE-D04A-440C-8D1D-52B807115C59} - {D1917456-D76D-48DF-9981-B3978EACCD8F} - c:\program files\MetaProducts Inquiry\inquiry.dll
IE: {{8F36E80B-AD7C-434E-AB92-DA3938EA01E5} - {3680299D-8B37-4F8A-9975-EDD867F10E94} - c:\program files\MetaProducts Inquiry\inquiry.dll
IE: {{B98EEB00-A0F2-11D7-9FD9-0080481ADA61} - {F1F3B320-A0F9-11D7-9FD9-0080481ADA61} - c:\program files\MetaProducts Inquiry\inquiry.dll
DPF: {C22877C3-4214-11D0-B0DA-080009C351D7} - hxxps://smartdrive.twcbiz.com/dragndrop.cab
FF - ProfilePath - c:\documents and settings\Alan Foral\Application Data\Mozilla\Firefox\Profiles\2ypldckf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.anomalist.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
ActiveSetup-Nitro PDF Professional - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1343024091-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A38C7D1D-7290-2051-E136-01629F887E07}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nagcdklhpameipgbififcmjkkbog"=hex:6a,61,63,64,70,67,6c,6c,6d,6f,6e,62,63,64,
6c,65,6c,65,6a,62,00,00
"maaphmdambopoehpciccfodghi"=hex:6a,61,63,64,70,67,6c,6c,6d,6f,6e,62,63,64,6c,
65,6c,65,6a,62,00,00
"dbcbfibnalllfkpnoeljahdlppookbknffgkocej"=hex:61,62,69,63,6a,6a,69,66,69,6c,
64,62,63,70,70,70,65,64,66,6f,6b,69,6f,6a,6b,70,68,6a,6d,6b,61,6a,66,6c,00,\
"cbcbfibnalllfkpnoeljahdlppjanbnbgjipjb"=hex:68,61,66,64,68,6b,6b,6b,6f,68,66,
6a,6e,66,67,6c,00,64
"cbcbfibnalllfkpnoeljahdlppepiegkcbpddi"=hex:67,61,70,63,68,68,6d,68,70,6f,61,
64,69,6b,00,6c

[HKEY_USERS\S-1-5-21-1343024091-1844823847-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED530153-288F-99E0-FF0E-7E7E6FC1D8F4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hajohnemejgadkic"=hex:66,61,67,63,61,6d,6f,70,6e,6b,62,69,00,00
"iaijcaofhpkeffpnpp"=hex:6a,61,6d,63,63,6f,61,6d,6f,6d,65,6f,6d,6e,66,61,6f,64,
66,66,00,00
"haojibjpmpcpplne"=hex:6a,61,6d,63,63,6f,61,6d,6f,6d,65,6f,6d,6e,66,61,6f,64,
66,66,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A38C7D1D-7290-2051-E136-01629F887E07}\InProcServer32*]
"ebecmekfdgbpmaallclgjokmhifhmofaedfoiilgjn"=hex:61,62,69,63,6a,6a,69,66,69,6c,
64,62,63,70,70,70,65,64,66,6f,6b,69,6f,6a,6b,70,68,6a,6d,6b,61,6a,66,6c,00,\
"dbecmekfdgbpmaallclgjokmhifhplialnnbdane"=hex:68,61,66,64,68,6b,6b,6b,6f,68,
66,6a,6e,66,67,6c,00,64
"dbecmekfdgbpmaallclgjokmhifhgohpiegfbfde"=hex:67,61,70,63,68,68,6d,68,70,6f,
61,64,69,6b,00,6c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5904)
c:\program files\VisualTaskTips\VttHooks.dll
c:\windows\system32\tabhook.dll
c:\program files\Mediafour\MacDrive 7\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 7\MACDRAPI.DLL
c:\program files\Vista Start Menu\VistaStartMenu.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\ftpshext.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\HDDSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\locator.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\Tablet.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\Palm\HOTSYNC.EXE
c:\windows\system32\rundll32.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Raxco\PerfectDiskRx\PD9Agent.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\WISPTIS.EXE
c:\progra~1\Webshots\315~1.761\Webshots.scr
c:\program files\iPod\bin\iPodService.exe
c:\program files\TrustedID\Identity Theft Protection\agent\bin\SanaMonitor.exe
c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
.
**************************************************************************
.
Completion time: 2010-10-17 17:18:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-17 22:18

Pre-Run: 117,853,433,856 bytes free
Post-Run: 118,396,284,928 bytes free

- - End Of File - - 554FA2201AA3D017C2BB7D0C8548FCCF

Attached Files

  • Attached File  log.txt   31.58KB   0 downloads


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:03 AM

Posted 27 October 2010 - 06:43 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    winlogon.exe
    wininit.exe
    explorer.exe
    hlp.dat
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:03 AM

Posted 04 November 2010 - 04:23 AM

As it has gone stale, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users