BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
All icons at my desktop and the taskbar are gone
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > All icons at my desktop and the taskbar are gone  
Forum Quick Jump
 
New Topic Post reply to : All icons at my desktop and the taskbar are gone Printable version of : All icons at my desktop and the taskbar are gone
[ << Previous Thread | Next Thread >> ]

shannemark
New Member


Date Joined Sep 2011
Total Posts : 36
 
   Posted 8/28/2012 8:11 AM (GMT +2)    Quote: All icons at my desktop and the taskbar are goneAlert an admin about: All icons at my desktop and the taskbar are gone
kindly help me with my computer. when i open my computer all icons and task bar were gone. i cant shut it down. only thru avr. but when i try to open it in safe mode it works. pls tell me what to do.
here is my combo fix log:
ComboFix 12-08-25.04 - Administrator 8/2012 Tue 11:47:52.17.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2038.1647 [GMT 8:00]
执行位置: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( 2012-07-28 至 2012-08-28 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-08-28 03:27 . 2012-08-28 03:27 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-04 00:59 . 2012-08-04 01:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 09:48 . 2012-04-19 00:44 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-25 09:48 . 2011-11-21 11:42 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 05:46 . 2011-11-22 04:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-20 03:29 . 2011-12-02 05:16 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-21_03.59.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-22 06:02 . 2012-08-14 02:35 63964 c:\windows\system32\mlfcache.dat
- 2012-01-11 05:38 . 2012-03-21 06:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-11 05:38 . 2012-08-23 00:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-11 05:38 . 2012-08-23 00:52 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2012-01-11 05:38 . 2012-03-21 06:41 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-07-20 09:52 . 2012-07-20 09:52 22016 c:\windows\Installer\9dfab.msi
+ 2012-06-22 06:15 . 2012-06-22 06:15 49664 c:\windows\Installer\149ffc1.msi
+ 2012-06-19 05:47 . 2001-08-17 14:36 5632 c:\windows\system32\ptpusb.dll
+ 2012-06-19 05:47 . 2008-04-13 21:42 159232 c:\windows\system32\ptpusd.dll
+ 2012-08-25 09:48 . 2012-08-25 09:48 690888 c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
+ 2012-08-15 02:02 . 2012-08-15 02:02 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-15 02:02 . 2012-08-15 02:02 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
+ 2012-04-19 00:44 . 2012-08-25 09:48 250568 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2008-08-13 22:44 . 2012-08-14 01:26 273376 c:\windows\system32\FNTCACHE.DAT
+ 2012-06-15 03:35 . 2012-06-15 05:30 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2012-08-10 06:30 . 2012-08-10 06:30 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2011-04-22 05:26 . 2011-04-22 05:26 688128 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\JP2KLib.dll
+ 2009-01-18 08:00 . 2009-01-18 08:00 598016 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AXSLE.dll
+ 2012-01-03 07:37 . 2012-01-03 07:37 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearmhelper.exe
+ 2012-01-02 02:07 . 2012-01-02 02:07 843712 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearm.exe
+ 2012-01-19 01:59 . 2012-08-28 03:28 2344836 c:\windows\system32\Restore\rstrlog.dat
+ 2012-08-25 09:48 . 2012-08-25 09:48 9813704 c:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
+ 2012-08-10 06:30 . 2012-08-10 06:30 1648640 c:\windows\Installer\2a66e.msi
+ 2012-07-31 16:18 . 2012-07-31 16:18 5018624 c:\windows\Installer\2106aa6.msp
+ 2011-01-30 13:16 . 2011-01-30 13:16 5713408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AGM.dll
+ 2012-06-22 06:15 . 2012-06-22 06:15 15705600 c:\windows\Installer\149ffc8.msp
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-22 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
Feed Notifier.lnk - c:\program files\Feed Notifier\notifier.exe [2012-3-8 58368]
IPMSG for Win32.lnk - c:\program files\IPMsg\ipmsg.exe [2011-11-22 210432]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IPMsg\\ipmsg.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Searchqu Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [8/30/2008 12:31 PM 27648]
R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [8/30/2008 12:31 PM 7680]
R0 tmagp;Transmeta TM 8000 AGP Filter Driver;c:\windows\system32\drivers\TMAGP.SYS [8/30/2008 12:32 PM 27648]
R0 ULiAGP;ULi AGP Controller Bus Filter Driver;c:\windows\system32\drivers\ULiAGP.SYS [8/30/2008 12:32 PM 33408]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [8/30/2008 12:31 PM 45056]
S0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [8/30/2008 12:31 PM 9809]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_4f0f7ded\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_4f0f7ded\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\windows\TEMP\AVSETUP_4f0f7ded\avupgsvc.exe [?]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [11/21/2011 7:28 PM 81920]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 10:24 AM 136176]
S2 HOSTNT;Hostnt;c:\windows\system32\drivers\hostnt.sys [11/21/2011 7:46 PM 4032]
S2 MHDRV;Mhdrv;c:\windows\system32\drivers\mhdrv.sys [11/21/2011 7:46 PM 27696]
S2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe [5/16/2012 2:03 PM 185856]
S2 RCMHDOG;RCMHDOG;c:\windows\system32\drivers\rcmhdog.sys [11/21/2011 7:46 PM 26060]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/19/2012 8:44 AM 250568]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [11/21/2011 7:28 PM 2732032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 10:24 AM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/7/2012 10:20 AM 113120]
.
‘计划任务’ 文件夹 里的内容
.
2012-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 09:48]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 02:24]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 02:24]
.
2012-08-28 c:\windows\Tasks\User_Feed_Synchronization-{494232BA-F10B-4C2D-910D-DD06DB7D7733}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=w7th1&chnl=w7th1&cd=2XzutAtN2Y1L1QzutDtDtByEtBtC0A0AtA0AtCyE0CyCtC0BtN0D0TzutBtDtCtBtDyBtCzy&cr=977877310
mStart Page = hxxp://start.funmoods.com/?f=1&a=w7th1&chnl=w7th1&cd=2XzutAtN2Y1L1QzutDtDtByEtBtC0A0AtA0AtCyE0CyCtC0BtN0D0TzutBtDtCtBtDyBtCzy&cr=977877310
uInternet Connection Wizard,ShellNext = hxxp://www.firebirdsql.org//afterinstall
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 124.106.5.2 124.106.6.2
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\obpr90mx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=w7th1&chnl=w7th1&cd=2XzutAtN2Y1L1QzutDtDtByEtBtC0A0AtA0AtCyE0CyCtC0BtN0D0TzutBtDtCtBtDyBtCzy&cr=977877310
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyC0p5zen&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - c45bc61b000000000000002421aa3a14
FF - user.js: extensions.incredibar_i.instlDay - 15476
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:03
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyC0p5zen
FF - user.js: extensions.incredibar_i.upn2n - 92261418233124847
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 27%5F4
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=w7th1&chnl=w7th1&cd=2XzutAtN2Y1L1QzutDtDtByEtBtC0A0AtA0AtCyE0CyCtC0BtN0D0TzutBtDtCtBtDyBtCzy&cr=977877310
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=w7th1&chnl=w7th1&cd=2XzutAtN2Y1L1QzutDtDtByEtBtC0A0AtA0AtCyE0CyCtC0BtN0D0TzutBtDtCtBtDyBtCzy&cr=977877310
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - c45bc61b000000000000002421aa3a14
FF - user.js: extensions.funmoods.instlDay - 15540
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2211:44
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - w7th1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - w7th1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-28 11:52
Windows 5.1.2600 Service Pack 3 NTFS
.
扫描被隐藏的进程 。。。
.
扫描被隐藏的启动组 。。。
.
扫描被隐藏的文件 。。。
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-113007714-682003330-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,60,64,
81,78,cb,75,03,9b,65,2d,53,5e,4a,3b,ac
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,13,78,
2f,b5,d0,5d,0c,a7,df,21,82,93,81,d6,9b
.
[HKEY_USERS\S-1-5-21-1757981266-113007714-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c3,57,50,94,ad,38,41,85,3f,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,c3,57,50,94,ad,38,41,85,3f,9a,\
.
完成时间: 2012-08-28 11:53:50
ComboFix-quarantined-files.txt 2012-08-28 03:53
ComboFix2.txt 2012-08-28 00:54
ComboFix3.txt 2012-08-25 01:57
ComboFix4.txt 2012-08-14 01:54
ComboFix5.txt 2012-08-28 03:47
.
Pre-Run: 105,259,413,504 bytes free
Post-Run: 105,628,831,744 bytes free
.
- - End Of File - - 5DBEB4ED34A7582AC799BA81E05143F7

this is also my malwarebytes log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.28.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: JOY [administrator]

8/28/2012 11:57:00 AM
mbam-log-2012-08-28 (11-57-00).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 290776
Time elapsed: 24 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

i try c:\> attrib -s-h s/d/ *.*
here is the log:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>cd c:\

C:\>attrib -s -h /s /d *.*
Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H
Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V
Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap
Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper
.dll
Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper
Shim.dll
Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll
Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll

Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX
Access denied - C:\Qoobox\BackEnv
Access denied - C:\WINDOWS\Prefetch\ACCOUNT.EXE-11EB9945.pf
Access denied - C:\WINDOWS\Prefetch\ADOBEARM.EXE-2D1B11BF.pf
Access denied - C:\WINDOWS\Prefetch\ASPELL.EXE-2320D1FB.pf
Access denied - C:\WINDOWS\Prefetch\ASWREGSVR.EXE-27360615.pf
Access denied - C:\WINDOWS\Prefetch\ATTRIB.3XE-09E9D153.pf
Access denied - C:\WINDOWS\Prefetch\ATTRIB.3XE-10E166FB.pf
Access denied - C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf
Access denied - C:\WINDOWS\Prefetch\AVAST.SETUP-10F48C5B.pf
Access denied - C:\WINDOWS\Prefetch\AVASTEMUPDATE.EXE-033BD90D.pf
Access denied - C:\WINDOWS\Prefetch\AVASTUI.EXE-0B3C80E5.pf
Access denied - C:\WINDOWS\Prefetch\CF2454.3XE-26BCF719.pf
Access denied - C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf
Access denied - C:\WINDOWS\Prefetch\CHIKKALAUNCHER.EXE-32AB4B6C.pf
Access denied - C:\WINDOWS\Prefetch\CMD.3XE-32EEC145.pf
Access denied - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
Access denied - C:\WINDOWS\Prefetch\COMBOFIX.EXE-3A3A8115.pf
Access denied - C:\WINDOWS\Prefetch\CONIME.EXE-13EEEA1A.pf
Access denied - C:\WINDOWS\Prefetch\CSCRIPT.3XE-1A0F6A51.pf
Access denied - C:\WINDOWS\Prefetch\CSCRIPT.3XE-1AD11928.pf
Access denied - C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf
Access denied - C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf
Access denied - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf
Access denied - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf
Access denied - C:\WINDOWS\Prefetch\DIGSBY-APP.EXE-1BD802E9.pf
Access denied - C:\WINDOWS\Prefetch\DIGSBY.EXE-2DEEEA8A.pf
Access denied - C:\WINDOWS\Prefetch\ERUNT.3XE-0A71A476.pf
Access denied - C:\WINDOWS\Prefetch\EXCEL.EXE-34CB65E9.pf
Access denied - C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
Access denied - C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf
Access denied - C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf
Access denied - C:\WINDOWS\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-34BC5027.pf
Access denied - C:\WINDOWS\Prefetch\FLASHUTIL32_11_3_300_271_PLUG-0BD4341A.pf
Access denied - C:\WINDOWS\Prefetch\GOOGLECRASHHANDLER.EXE-2AE91E26.pf
Access denied - C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-1E123D86.pf
Access denied - C:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf
Access denied - C:\WINDOWS\Prefetch\GREP.3XE-0FD7DFD4.pf
Access denied - C:\WINDOWS\Prefetch\GREP.3XE-254D6273.pf
Access denied - C:\WINDOWS\Prefetch\GREP.EXE-3309531C.pf
Access denied - C:\WINDOWS\Prefetch\GROOVEMONITOR.EXE-2606717A.pf
Access denied - C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf
Access denied - C:\WINDOWS\Prefetch\GSAR.3XE-03FC2EDD.pf
Access denied - C:\WINDOWS\Prefetch\GSAR.3XE-1971B17C.pf
Access denied - C:\WINDOWS\Prefetch\HANDLE.3XE-09E29954.pf
Access denied - C:\WINDOWS\Prefetch\HANDLE.3XE-10DA2EFC.pf
Access denied - C:\WINDOWS\Prefetch\HELPER.EXE-0415776D.pf
Access denied - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf
Access denied - C:\WINDOWS\Prefetch\HIDEC.3XE-111262DC.pf
Access denied - C:\WINDOWS\Prefetch\HIDEC.3XE-2D8618DD.pf
Access denied - C:\WINDOWS\Prefetch\HPGS2WND.EXE-06AC8C27.pf
Access denied - C:\WINDOWS\Prefetch\HPGS2WNF.EXE-0E86C34B.pf
Access denied - C:\WINDOWS\Prefetch\IEXPLORE.EXE-0A31FE70.pf
Access denied - C:\WINDOWS\Prefetch\IEXPLORE.EXE-12915967.pf
Access denied - C:\WINDOWS\Prefetch\IEXPLORE.EXE-12BBAE74.pf
Access denied - C:\WINDOWS\Prefetch\IGFXPERS.EXE-2C07C174.pf
Access denied - C:\WINDOWS\Prefetch\IGFXSRVC.EXE-2FB63FE8.pf
Access denied - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf
Access denied - C:\WINDOWS\Prefetch\IMJPMIG.EXE-03882F7A.pf
Access denied - C:\WINDOWS\Prefetch\INSTALL_FLASHPLAYER11X32_MSSD-32F9B3BC.pf
Access denied - C:\WINDOWS\Prefetch\INSTALL_FLASHPLAYER11X32_MSSD-39F4B374.pf
Access denied - C:\WINDOWS\Prefetch\INSTALL_FLASH_PLAYER.EXE-0854CAC8.pf
Access denied - C:\WINDOWS\Prefetch\IPMSG.EXE-26141277.pf
Access denied - C:\WINDOWS\Prefetch\JAVA.EXE-0C263507.pf
Access denied - C:\WINDOWS\Prefetch\JUSCHED.EXE-0F4A509D.pf
Access denied - C:\WINDOWS\Prefetch\Layout.ini
Access denied - C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf
Access denied - C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf
Access denied - C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf
Access denied - C:\WINDOWS\Prefetch\MSFEEDSSYNC.EXE-25E13438.pf
Access denied - C:\WINDOWS\Prefetch\NIRCMD.3XE-0A841DB5.pf
Access denied - C:\WINDOWS\Prefetch\NIRCMD.3XE-117BB35D.pf
Access denied - C:\WINDOWS\Prefetch\NIRCMD.EXE-2C39EF53.pf
Access denied - C:\WINDOWS\Prefetch\NIRCMDC.3XE-03B38F81.pf
Access denied - C:\WINDOWS\Prefetch\NIRKMD.3XE-071472EF.pf
Access denied - C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf
Access denied - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
Access denied - C:\WINDOWS\Prefetch\NOTIFIER.EXE-2A3EC002.pf
Access denied - C:\WINDOWS\Prefetch\NS10.TMP-3A74FA7F.pf
Access denied - C:\WINDOWS\Prefetch\NS11.TMP-1489E333.pf
Access denied - C:\WINDOWS\Prefetch\NSB.TMP-35532715.pf
Access denied - C:\WINDOWS\Prefetch\NSF.TMP-19007368.pf
Access denied - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
Access denied - C:\WINDOWS\Prefetch\ONENOTEM.EXE-157A39AC.pf
Access denied - C:\WINDOWS\Prefetch\PEV.3XE-21FD478C.pf
Access denied - C:\WINDOWS\Prefetch\PEV.3XE-358EBDB6.pf
Access denied - C:\WINDOWS\Prefetch\PEV.EXE-0806C34B.pf
Access denied - C:\WINDOWS\Prefetch\PEV.EXE-0CE2BF4A.pf
Access denied - C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf
Access denied - C:\WINDOWS\Prefetch\PLUGIN-CONTAINER.EXE-15EDC9DD.pf
Access denied - C:\WINDOWS\Prefetch\PV.3XE-1C242CC7.pf
Access denied - C:\WINDOWS\Prefetch\READER_SL.EXE-2B4EA1CB.pf
Access denied - C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf
Access denied - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
Access denied - C:\WINDOWS\Prefetch\RMBR.3XE-3AAE61A2.pf
Access denied - C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-11D01D9A.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-17947D5D.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1EE676D0.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-356C8F20.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3596C059.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B11B44F.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-42BD096B.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-44A0B4BC.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
Access denied - C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf
Access denied - C:\WINDOWS\Prefetch\SED.3XE-35CB81F4.pf
Access denied - C:\WINDOWS\Prefetch\SED.3XE-370DAEC3.pf
Access denied - C:\WINDOWS\Prefetch\SED.EXE-0F4B402F.pf
Access denied - C:\WINDOWS\Prefetch\SF.BIN-1A60157B.pf
Access denied - C:\WINDOWS\Prefetch\SF.BIN-1D520004.pf
Access denied - C:\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf
Access denied - C:\WINDOWS\Prefetch\SSMYPICS.SCR-01C62024.pf
Access denied - C:\WINDOWS\Prefetch\SSTEXT3D.SCR-17B3B9DD.pf
Access denied - C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
Access denied - C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf
Access denied - C:\WINDOWS\Prefetch\SWREG.3XE-20CC4D60.pf
Access denied - C:\WINDOWS\Prefetch\SWREG.3XE-2965A2D9.pf
Access denied - C:\WINDOWS\Prefetch\SWREG.EXE-0F8682E2.pf
Access denied - C:\WINDOWS\Prefetch\SWSC.3XE-256BB068.pf
Access denied - C:\WINDOWS\Prefetch\SWSC.3XE-3AE13307.pf
Access denied - C:\WINDOWS\Prefetch\SWSC.EXE-17AFBFBF.pf
Access denied - C:\WINDOWS\Prefetch\SWXCACLS.3XE-2D6ED659.pf
Access denied - C:\WINDOWS\Prefetch\SWXCACLS.3XE-392ED218.pf
Access denied - C:\WINDOWS\Prefetch\TINTSETP.EXE-39BF0732.pf
Access denied - C:\WINDOWS\Prefetch\UPDATER.EXE-23F4D955.pf
Access denied - C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf
Access denied - C:\WINDOWS\Prefetch\WINWORD.EXE-07381162.pf
Access denied - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
Access denied - C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf
Access denied - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
Access denied - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_271.ocx
Unable to change attribute - C:\pagefile.sys

C:\>
Back to Top
 

shannemark
New Member


Date Joined Sep 2011
Total Posts : 36
 
   Posted 8/28/2012 8:31 AM (GMT +2)    Quote: All icons at my desktop and the taskbar are goneAlert an admin about: All icons at my desktop and the taskbar are gone
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:30:24 PM, on 8/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Feed Notifier\notifier.exe
C:\Program Files\IPMsg\ipmsg.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Protector by IB\ExtensionUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: Feed Notifier.lnk = C:\Program Files\Feed Notifier\notifier.exe
O4 - Startup: IPMSG for Win32.lnk = C:\Program Files\IPMsg\ipmsg.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: Avira Upgrade Service (AviraUpgradeService) - Unknown owner - C:\WINDOWS\TEMP\AVSETUP_4f0f7ded\avupgsvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Protector by IB Updater - Unknown owner - C:\Program Files\Protector by IB\ExtensionUpdaterService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10863 bytes
Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 549
 
   Posted 8/28/2012 12:31 PM (GMT +2)    Quote: All icons at my desktop and the taskbar are goneAlert an admin about: All icons at my desktop and the taskbar are gone
Right. SweetIM, again.

In Safe Mode with Networking, so you can access the internet.
Install Malwarebytes and either disable your antivirus protection and enable the protection from Malwarebytes, or vice-versa. Run a full scan and fix all the issues found (you need to check the boxes before you press Remove Selected): www.malwarebytes.org
Then download and run Unhide, to restore the hidden fileswww.bleepingcomputer.com/forums/topic405109.html
Lastly, run a full scan with Avast.

The above will remove the infection, but please get back to us with the logs and also let us know if you have any more issues with the computer afterwards.

You did not remove SweetIM when you contacted us previously either...


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Post Edited (Andreea-Luciana Ostache) : 8/28/2012 10:36:34 AM GMT

Back to Top
 

shannemark
New Member


Date Joined Sep 2011
Total Posts : 36
 
   Posted 8/29/2012 3:26 AM (GMT +2)    Quote: All icons at my desktop and the taskbar are goneAlert an admin about: All icons at my desktop and the taskbar are gone
i run the malwarebytes today here is my log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.28.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: JOY [administrator]

8/29/2012 8:46:13 AM
mbam-log-2012-08-29 (08-46-13).txt

Scan type: Full scan (C:\|D:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291145
Time elapsed: 24 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Back to Top
 

shannemark
New Member


Date Joined Sep 2011
Total Posts : 36
 
   Posted 8/29/2012 3:32 AM (GMT +2)    Quote: All icons at my desktop and the taskbar are goneAlert an admin about: All icons at my desktop and the taskbar are gone
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 08/29/2012 09:23:21 AM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.

Processing the C:\ drive
Finished processing the C:\ drive. 79990 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 49667 files processed.

Processing the H:\ drive
Finished processing the H:\ drive. 244 files processed.

The C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
* HidNoChangingWallPaperden policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowNetConn was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/29/2012 09:30:00 AM
Execution time: 0 hours(s), 6 minute(s), and 39 seconds(s)
Back to Top
 

shannemark
New Member


Date Joined Sep 2011
Total Posts : 36
 
   Posted 8/29/2012 7:33 AM (GMT +2)    Quote: All icons at my desktop and the taskbar are goneAlert an admin about: All icons at my desktop and the taskbar are gone
i run my avast antivirus

this is the infected files i found:

A0044008.exe C:\System Volume Information\ _restore {D9350BC7.291
A0044009.exe C:\System Volume Information\ _restore {D9350BC7.291
A0044010.exe C:\System Volume Information\ _restore {D9350BC7.291
incredibar.dll.vir C:\Qoobox\Quarantine\C\Program Files\Incredibar.com
incredibartlbr.dll.vir C:\Qoobox\Quarantine\C\Program Files\Incredibar.com
Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 549
 
   Posted 8/30/2012 7:49 AM (GMT +2)    Quote: All icons at my desktop and the taskbar are goneAlert an admin about: All icons at my desktop and the taskbar are gone
And how is the computer doing now?


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Back to Top
 

shannemark
New Member


Date Joined Sep 2011
Total Posts : 36
 
   Posted 8/30/2012 11:13 AM (GMT +2)    Quote: All icons at my desktop and the taskbar are goneAlert an admin about: All icons at my desktop and the taskbar are gone
system is still very slow. sometimes it hang up.
is there any way i can do for my computer
Back to Top
 

Andreea-Luciana Ostache
Forum Moderator




Date Joined Aug 2010
Total Posts : 549
 
   Posted 9/1/2012 8:16 AM (GMT +2)    Quote: All icons at my desktop and the taskbar are goneAlert an admin about: All icons at my desktop and the taskbar are gone
Because you had a lot of infections for a long time, it's a good thing if you run a sfc /scannow command in command prompt (it will ask you for the CD to repair files that it can't restore).

Also, although I generally recommend against using registry cleaners because they can remove valid registry keys, install CCleaner from here www.piriform.com/ccleaner/download/standard and run it to remove your temporary files and obsolete registry keys.

I would also have a look at the event logs and see what errors your computer has. It's good to address those issues whenever possible.

Last but not least, make sure you that the latest updates for Windows, Java, Adobe Flash Player, your internet browser and all other programs you use.


Andreea-Luciana Ostache
Senior Support Technician EN
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security 12

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Back to Top
 
New Topic Post reply to : All icons at my desktop and the taskbar are gone Printable version of : All icons at my desktop and the taskbar are gone
 
Forum Information
Currently it is Monday, December 22, 2014 4:50 AM (GMT +2)
There are a total of 60,822 posts in 13,360 threads.
In the last 3 days there were 0 new threads and 0 reply posts. View Active Threads
Who's Online
This forum has 36997 registered members. Please welcome our newest member, MosQuiTos007.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads